ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
Size

184KB
MD5

20bd1a54edc353ce4f5d151b7c5e7a2a
SHA1

af914096da2b854277a2030fab9ccc7f9c638bd8
SHA256

ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7
SHA512

75a71cea0dc3b9a33f6fe99cf5bc733f7e9decb69ef813f5395926d3b873a789aa068b0f3f5cf33aae81c7d710222e1f40bd9f1d2ca850a55c3f42e13a86800e
SSDEEP

3072:gOa31xoTVeOfXs4We8wLRKwqhlnViFxn3:gOWo9Ps4fLYwqhlnViFx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-6931.exeUnicorn-31081.exeUnicorn-43888.exeUnicorn-19312.exeUnicorn-34963.exeUnicorn-15097.exeUnicorn-43365.exeUnicorn-56556.exeUnicorn-61154.exeUnicorn-21003.exeUnicorn-38738.exeUnicorn-25932.exeUnicorn-21717.exeUnicorn-8910.exeUnicorn-39506.exeUnicorn-11432.exeUnicorn-49793.exeUnicorn-47909.exeUnicorn-34910.exeUnicorn-15236.exeUnicorn-35315.exeUnicorn-26654.exeUnicorn-26654.exeUnicorn-49082.exeUnicorn-3410.exeUnicorn-16217.exeUnicorn-34760.exeUnicorn-30161.exeUnicorn-43429.exeUnicorn-56812.exeUnicorn-11140.exeUnicorn-11332.exeUnicorn-59656.exeUnicorn-24331.exeUnicorn-27368.exeUnicorn-41893.exeUnicorn-41893.exeUnicorn-37678.exeUnicorn-37678.exeUnicorn-42085.exeUnicorn-57544.exeUnicorn-22027.exeUnicorn-16829.exeUnicorn-1753.exeUnicorn-56854.exeUnicorn-2521.exeUnicorn-57622.exeUnicorn-35386.exeUnicorn-25.exeUnicorn-45889.exeUnicorn-9646.exeUnicorn-13216.exeUnicorn-9838.exeUnicorn-22645.exeUnicorn-42703.exeUnicorn-43279.exeUnicorn-11410.exeUnicorn-14254.exeUnicorn-14446.exeUnicorn-16393.exeUnicorn-16393.exeUnicorn-32236.exeUnicorn-45043.exeUnicorn-12178.exe

pid	process
1204	Unicorn-6931.exe
872	Unicorn-31081.exe
2600	Unicorn-43888.exe
2412	Unicorn-19312.exe
2544	Unicorn-34963.exe
2388	Unicorn-15097.exe
2688	Unicorn-43365.exe
2556	Unicorn-56556.exe
1856	Unicorn-61154.exe
2264	Unicorn-21003.exe
1144	Unicorn-38738.exe
2032	Unicorn-25932.exe
2416	Unicorn-21717.exe
2748	Unicorn-8910.exe
2148	Unicorn-39506.exe
608	Unicorn-11432.exe
1448	Unicorn-49793.exe
2972	Unicorn-47909.exe
452	Unicorn-34910.exe
2000	Unicorn-15236.exe
1708	Unicorn-35315.exe
1756	Unicorn-26654.exe
1724	Unicorn-26654.exe
1752	Unicorn-49082.exe
328	Unicorn-3410.exe
2836	Unicorn-16217.exe
2020	Unicorn-34760.exe
2832	Unicorn-30161.exe
2300	Unicorn-43429.exe
2472	Unicorn-56812.exe
1688	Unicorn-11140.exe
2536	Unicorn-11332.exe
2568	Unicorn-59656.exe
2384	Unicorn-24331.exe
2868	Unicorn-27368.exe
2632	Unicorn-41893.exe
2932	Unicorn-41893.exe
2652	Unicorn-37678.exe
2420	Unicorn-37678.exe
2660	Unicorn-42085.exe
2548	Unicorn-57544.exe
2692	Unicorn-22027.exe
1532	Unicorn-16829.exe
1860	Unicorn-1753.exe
1376	Unicorn-56854.exe
2476	Unicorn-2521.exe
2356	Unicorn-57622.exe
540	Unicorn-35386.exe
584	Unicorn-25.exe
2968	Unicorn-45889.exe
412	Unicorn-9646.exe
1988	Unicorn-13216.exe
1524	Unicorn-9838.exe
1324	Unicorn-22645.exe
928	Unicorn-42703.exe
1960	Unicorn-43279.exe
2112	Unicorn-11410.exe
3032	Unicorn-14254.exe
2308	Unicorn-14446.exe
3024	Unicorn-16393.exe
1596	Unicorn-16393.exe
2532	Unicorn-32236.exe
2564	Unicorn-45043.exe
2508	Unicorn-12178.exe

Loads dropped DLL 64 IoCs

Processes:

ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exeUnicorn-6931.exeUnicorn-31081.exeUnicorn-43888.exeWerFault.exeUnicorn-19312.exeUnicorn-15097.exeWerFault.exeWerFault.exeUnicorn-34963.exeUnicorn-43365.exeUnicorn-61154.exeUnicorn-56556.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-38738.exe

pid	process
2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
1204	Unicorn-6931.exe
1204	Unicorn-6931.exe
2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
872	Unicorn-31081.exe
872	Unicorn-31081.exe
2600	Unicorn-43888.exe
2600	Unicorn-43888.exe
1204	Unicorn-6931.exe
1204	Unicorn-6931.exe
2108	WerFault.exe
2108	WerFault.exe
2108	WerFault.exe
2108	WerFault.exe
2108	WerFault.exe
2412	Unicorn-19312.exe
2412	Unicorn-19312.exe
872	Unicorn-31081.exe
872	Unicorn-31081.exe
2388	Unicorn-15097.exe
2388	Unicorn-15097.exe
2600	Unicorn-43888.exe
2600	Unicorn-43888.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
824	WerFault.exe
2776	WerFault.exe
2544	Unicorn-34963.exe
2544	Unicorn-34963.exe
2688	Unicorn-43365.exe
2688	Unicorn-43365.exe
2412	Unicorn-19312.exe
2412	Unicorn-19312.exe
1856	Unicorn-61154.exe
1856	Unicorn-61154.exe
2388	Unicorn-15097.exe
2388	Unicorn-15097.exe
2556	Unicorn-56556.exe
2556	Unicorn-56556.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1788	WerFault.exe
1480	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1480	WerFault.exe
1788	WerFault.exe
1144	Unicorn-38738.exe
1144	Unicorn-38738.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2512	2240	WerFault.exe	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
2108	1204	WerFault.exe	Unicorn-6931.exe
824	872	WerFault.exe	Unicorn-31081.exe
2776	2600	WerFault.exe	Unicorn-43888.exe
2828	2412	WerFault.exe	Unicorn-19312.exe
1480	2544	WerFault.exe	Unicorn-34963.exe
1788	2388	WerFault.exe	Unicorn-15097.exe
380	2688	WerFault.exe	Unicorn-43365.exe
2100	1856	WerFault.exe	Unicorn-61154.exe
2088	2264	WerFault.exe	Unicorn-21003.exe
912	2556	WerFault.exe	Unicorn-56556.exe
472	1144	WerFault.exe	Unicorn-38738.exe
1880	2032	WerFault.exe	Unicorn-25932.exe
1616	2416	WerFault.exe	Unicorn-21717.exe
2324	608	WerFault.exe	Unicorn-11432.exe
1700	2148	WerFault.exe	Unicorn-39506.exe
1464	2748	WerFault.exe	Unicorn-8910.exe
2456	1448	WerFault.exe	Unicorn-49793.exe
2744	2972	WerFault.exe	Unicorn-47909.exe
2704	452	WerFault.exe	Unicorn-34910.exe
2036	1708	WerFault.exe	Unicorn-35315.exe
604	1756	WerFault.exe	Unicorn-26654.exe
296	2836	WerFault.exe	Unicorn-16217.exe
1792	1724	WerFault.exe	Unicorn-26654.exe
936	328	WerFault.exe	Unicorn-3410.exe
2176	1752	WerFault.exe	Unicorn-49082.exe
1636	2000	WerFault.exe	Unicorn-15236.exe
2480	584	WerFault.exe	Unicorn-25.exe
1936	2020	WerFault.exe	Unicorn-34760.exe
1016	2832	WerFault.exe	Unicorn-30161.exe
2288	2300	WerFault.exe	Unicorn-43429.exe
2628	2472	WerFault.exe	Unicorn-56812.exe
2812	1688	WerFault.exe	Unicorn-11140.exe
2788	2568	WerFault.exe	Unicorn-59656.exe
2816	2384	WerFault.exe	Unicorn-24331.exe
648	2536	WerFault.exe	Unicorn-11332.exe
2488	2868	WerFault.exe	Unicorn-27368.exe
1060	2652	WerFault.exe	Unicorn-37678.exe
3212	2548	WerFault.exe	Unicorn-57544.exe
3204	2632	WerFault.exe	Unicorn-41893.exe
3172	2420	WerFault.exe	Unicorn-37678.exe
3088	2932	WerFault.exe	Unicorn-41893.exe
2004	2660	WerFault.exe	Unicorn-42085.exe
3080	2692	WerFault.exe	Unicorn-22027.exe
3448	1532	WerFault.exe	Unicorn-16829.exe
3436	1860	WerFault.exe	Unicorn-1753.exe
3536	1376	WerFault.exe	Unicorn-56854.exe
3804	2356	WerFault.exe	Unicorn-57622.exe
3932	2476	WerFault.exe	Unicorn-2521.exe
3956	540	WerFault.exe	Unicorn-35386.exe
3192	2508	WerFault.exe	Unicorn-12178.exe
3484	2404	WerFault.exe	Unicorn-47311.exe
4080	2532	WerFault.exe	Unicorn-32236.exe
4088	1960	WerFault.exe	Unicorn-43279.exe
3672	2564	WerFault.exe	Unicorn-45043.exe
3840	412	WerFault.exe	Unicorn-9646.exe
3784	1524	WerFault.exe	Unicorn-9838.exe
4184	1988	WerFault.exe	Unicorn-13216.exe
4192	1324	WerFault.exe	Unicorn-22645.exe
4264	3032	WerFault.exe	Unicorn-14254.exe
4244	1596	WerFault.exe	Unicorn-16393.exe
4328	2112	WerFault.exe	Unicorn-11410.exe
4380	2308	WerFault.exe	Unicorn-14446.exe
4420	2524	WerFault.exe	Unicorn-32236.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exeUnicorn-6931.exeUnicorn-31081.exeUnicorn-43888.exeUnicorn-19312.exeUnicorn-34963.exeUnicorn-15097.exeUnicorn-43365.exeUnicorn-56556.exeUnicorn-21003.exeUnicorn-61154.exeUnicorn-38738.exeUnicorn-21717.exeUnicorn-25932.exeUnicorn-8910.exeUnicorn-11432.exeUnicorn-39506.exeUnicorn-49793.exeUnicorn-47909.exeUnicorn-34910.exeUnicorn-15236.exeUnicorn-35315.exeUnicorn-26654.exeUnicorn-49082.exeUnicorn-3410.exeUnicorn-26654.exeUnicorn-16217.exeUnicorn-34760.exeUnicorn-30161.exeUnicorn-43429.exeUnicorn-56812.exeUnicorn-11140.exeUnicorn-11332.exeUnicorn-24331.exeUnicorn-59656.exeUnicorn-27368.exeUnicorn-57544.exeUnicorn-22027.exeUnicorn-37678.exeUnicorn-41893.exeUnicorn-37678.exeUnicorn-42085.exeUnicorn-41893.exeUnicorn-16829.exeUnicorn-1753.exeUnicorn-56854.exeUnicorn-2521.exeUnicorn-57622.exeUnicorn-35386.exeUnicorn-25.exeUnicorn-45889.exeUnicorn-13216.exeUnicorn-9646.exeUnicorn-22645.exeUnicorn-9838.exeUnicorn-42703.exeUnicorn-43279.exeUnicorn-11410.exeUnicorn-14446.exeUnicorn-16393.exeUnicorn-45043.exeUnicorn-32236.exeUnicorn-16393.exeUnicorn-12178.exe

pid	process
2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
1204	Unicorn-6931.exe
872	Unicorn-31081.exe
2600	Unicorn-43888.exe
2412	Unicorn-19312.exe
2544	Unicorn-34963.exe
2388	Unicorn-15097.exe
2688	Unicorn-43365.exe
2556	Unicorn-56556.exe
2264	Unicorn-21003.exe
1856	Unicorn-61154.exe
1144	Unicorn-38738.exe
2416	Unicorn-21717.exe
2032	Unicorn-25932.exe
2748	Unicorn-8910.exe
608	Unicorn-11432.exe
2148	Unicorn-39506.exe
1448	Unicorn-49793.exe
2972	Unicorn-47909.exe
452	Unicorn-34910.exe
2000	Unicorn-15236.exe
1708	Unicorn-35315.exe
1756	Unicorn-26654.exe
1752	Unicorn-49082.exe
328	Unicorn-3410.exe
1724	Unicorn-26654.exe
2836	Unicorn-16217.exe
2020	Unicorn-34760.exe
2832	Unicorn-30161.exe
2300	Unicorn-43429.exe
2472	Unicorn-56812.exe
1688	Unicorn-11140.exe
2536	Unicorn-11332.exe
2384	Unicorn-24331.exe
2568	Unicorn-59656.exe
2868	Unicorn-27368.exe
2548	Unicorn-57544.exe
2692	Unicorn-22027.exe
2420	Unicorn-37678.exe
2932	Unicorn-41893.exe
2652	Unicorn-37678.exe
2660	Unicorn-42085.exe
2632	Unicorn-41893.exe
1532	Unicorn-16829.exe
1860	Unicorn-1753.exe
1376	Unicorn-56854.exe
2476	Unicorn-2521.exe
2356	Unicorn-57622.exe
540	Unicorn-35386.exe
584	Unicorn-25.exe
2968	Unicorn-45889.exe
1988	Unicorn-13216.exe
412	Unicorn-9646.exe
1324	Unicorn-22645.exe
1524	Unicorn-9838.exe
928	Unicorn-42703.exe
1960	Unicorn-43279.exe
2112	Unicorn-11410.exe
2308	Unicorn-14446.exe
1596	Unicorn-16393.exe
2564	Unicorn-45043.exe
2532	Unicorn-32236.exe
3024	Unicorn-16393.exe
2508	Unicorn-12178.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exeUnicorn-6931.exeUnicorn-31081.exeUnicorn-43888.exeUnicorn-19312.exeUnicorn-15097.exeUnicorn-34963.exeUnicorn-43365.exe

description	pid	process	target process
PID 2240 wrote to memory of 1204	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-6931.exe
PID 2240 wrote to memory of 1204	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-6931.exe
PID 2240 wrote to memory of 1204	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-6931.exe
PID 2240 wrote to memory of 1204	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-6931.exe
PID 1204 wrote to memory of 872	1204	Unicorn-6931.exe	Unicorn-31081.exe
PID 1204 wrote to memory of 872	1204	Unicorn-6931.exe	Unicorn-31081.exe
PID 1204 wrote to memory of 872	1204	Unicorn-6931.exe	Unicorn-31081.exe
PID 1204 wrote to memory of 872	1204	Unicorn-6931.exe	Unicorn-31081.exe
PID 2240 wrote to memory of 2600	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-43888.exe
PID 2240 wrote to memory of 2600	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-43888.exe
PID 2240 wrote to memory of 2600	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-43888.exe
PID 2240 wrote to memory of 2600	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	Unicorn-43888.exe
PID 2240 wrote to memory of 2512	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	WerFault.exe
PID 2240 wrote to memory of 2512	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	WerFault.exe
PID 2240 wrote to memory of 2512	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	WerFault.exe
PID 2240 wrote to memory of 2512	2240	ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe	WerFault.exe
PID 872 wrote to memory of 2412	872	Unicorn-31081.exe	Unicorn-19312.exe
PID 872 wrote to memory of 2412	872	Unicorn-31081.exe	Unicorn-19312.exe
PID 872 wrote to memory of 2412	872	Unicorn-31081.exe	Unicorn-19312.exe
PID 872 wrote to memory of 2412	872	Unicorn-31081.exe	Unicorn-19312.exe
PID 2600 wrote to memory of 2544	2600	Unicorn-43888.exe	Unicorn-34963.exe
PID 2600 wrote to memory of 2544	2600	Unicorn-43888.exe	Unicorn-34963.exe
PID 2600 wrote to memory of 2544	2600	Unicorn-43888.exe	Unicorn-34963.exe
PID 2600 wrote to memory of 2544	2600	Unicorn-43888.exe	Unicorn-34963.exe
PID 1204 wrote to memory of 2388	1204	Unicorn-6931.exe	Unicorn-15097.exe
PID 1204 wrote to memory of 2388	1204	Unicorn-6931.exe	Unicorn-15097.exe
PID 1204 wrote to memory of 2388	1204	Unicorn-6931.exe	Unicorn-15097.exe
PID 1204 wrote to memory of 2388	1204	Unicorn-6931.exe	Unicorn-15097.exe
PID 1204 wrote to memory of 2108	1204	Unicorn-6931.exe	WerFault.exe
PID 1204 wrote to memory of 2108	1204	Unicorn-6931.exe	WerFault.exe
PID 1204 wrote to memory of 2108	1204	Unicorn-6931.exe	WerFault.exe
PID 1204 wrote to memory of 2108	1204	Unicorn-6931.exe	WerFault.exe
PID 2412 wrote to memory of 2688	2412	Unicorn-19312.exe	Unicorn-43365.exe
PID 2412 wrote to memory of 2688	2412	Unicorn-19312.exe	Unicorn-43365.exe
PID 2412 wrote to memory of 2688	2412	Unicorn-19312.exe	Unicorn-43365.exe
PID 2412 wrote to memory of 2688	2412	Unicorn-19312.exe	Unicorn-43365.exe
PID 872 wrote to memory of 2556	872	Unicorn-31081.exe	Unicorn-56556.exe
PID 872 wrote to memory of 2556	872	Unicorn-31081.exe	Unicorn-56556.exe
PID 872 wrote to memory of 2556	872	Unicorn-31081.exe	Unicorn-56556.exe
PID 872 wrote to memory of 2556	872	Unicorn-31081.exe	Unicorn-56556.exe
PID 2388 wrote to memory of 1856	2388	Unicorn-15097.exe	Unicorn-61154.exe
PID 2388 wrote to memory of 1856	2388	Unicorn-15097.exe	Unicorn-61154.exe
PID 2388 wrote to memory of 1856	2388	Unicorn-15097.exe	Unicorn-61154.exe
PID 2388 wrote to memory of 1856	2388	Unicorn-15097.exe	Unicorn-61154.exe
PID 2600 wrote to memory of 2264	2600	Unicorn-43888.exe	Unicorn-21003.exe
PID 2600 wrote to memory of 2264	2600	Unicorn-43888.exe	Unicorn-21003.exe
PID 2600 wrote to memory of 2264	2600	Unicorn-43888.exe	Unicorn-21003.exe
PID 2600 wrote to memory of 2264	2600	Unicorn-43888.exe	Unicorn-21003.exe
PID 872 wrote to memory of 824	872	Unicorn-31081.exe	WerFault.exe
PID 872 wrote to memory of 824	872	Unicorn-31081.exe	WerFault.exe
PID 872 wrote to memory of 824	872	Unicorn-31081.exe	WerFault.exe
PID 872 wrote to memory of 824	872	Unicorn-31081.exe	WerFault.exe
PID 2600 wrote to memory of 2776	2600	Unicorn-43888.exe	WerFault.exe
PID 2600 wrote to memory of 2776	2600	Unicorn-43888.exe	WerFault.exe
PID 2600 wrote to memory of 2776	2600	Unicorn-43888.exe	WerFault.exe
PID 2600 wrote to memory of 2776	2600	Unicorn-43888.exe	WerFault.exe
PID 2544 wrote to memory of 1144	2544	Unicorn-34963.exe	Unicorn-38738.exe
PID 2544 wrote to memory of 1144	2544	Unicorn-34963.exe	Unicorn-38738.exe
PID 2544 wrote to memory of 1144	2544	Unicorn-34963.exe	Unicorn-38738.exe
PID 2544 wrote to memory of 1144	2544	Unicorn-34963.exe	Unicorn-38738.exe
PID 2688 wrote to memory of 2032	2688	Unicorn-43365.exe	Unicorn-25932.exe
PID 2688 wrote to memory of 2032	2688	Unicorn-43365.exe	Unicorn-25932.exe
PID 2688 wrote to memory of 2032	2688	Unicorn-43365.exe	Unicorn-25932.exe
PID 2688 wrote to memory of 2032	2688	Unicorn-43365.exe	Unicorn-25932.exe

C:\Users\Admin\AppData\Local\Temp\ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe
"C:\Users\Admin\AppData\Local\Temp\ae986b8118cfa935219353ff57a498e93524b0c7998d4b585bf5ed612d5322c7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 220
10⤵
- Program crash
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
9⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
11⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
12⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
13⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
14⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
13⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
12⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
12⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
13⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 236
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 220
10⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
9⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
9⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
11⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
12⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
13⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
14⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 220
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
12⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
11⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
11⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
12⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
13⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
12⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
9⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
8⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-56812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56812.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
9⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
10⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
11⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
12⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-43375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43375.exe
13⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
14⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
14⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
13⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
11⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
10⤵
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 200
11⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
11⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
12⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
13⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
13⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
12⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
11⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
10⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
9⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
8⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
11⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
12⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
13⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 220
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
7⤵
- Program crash
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
9⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
10⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
11⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
12⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
13⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-37797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37797.exe
14⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
11⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
10⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
11⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
12⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
13⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
12⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 220
11⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
9⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
8⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
10⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
12⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 220
13⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
12⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
10⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
11⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 220
12⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 236
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
10⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
8⤵
- Program crash
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
10⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
11⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
12⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
13⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
12⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 236
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
9⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 212
10⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 220
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
11⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
12⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
11⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
8⤵
- Program crash
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
7⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
6⤵
- Program crash
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
9⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
10⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
11⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
12⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
13⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
14⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
13⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
12⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
11⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
11⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
12⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
13⤵
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
12⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
11⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
12⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 200
13⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 236
12⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 220
11⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
9⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
8⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
12⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
13⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 236
13⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 236
12⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
11⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
10⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
11⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
12⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 220
10⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 220
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
8⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
8⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
12⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
13⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 220
11⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
10⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
11⤵
PID:10676

C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
12⤵
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 216
12⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 220
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 220
10⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
8⤵
- Program crash
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
7⤵
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
10⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
11⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
12⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
13⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
11⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
10⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
11⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
12⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
10⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
7⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
10⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
11⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-8215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8215.exe
12⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 220
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
10⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
8⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
7⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
6⤵
- Program crash
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
9⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
10⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
11⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
12⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
13⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
14⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
14⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
13⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
12⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
11⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
12⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
13⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 220
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 220
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
9⤵
- Program crash
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 236
11⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
10⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
9⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
8⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
11⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
12⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
13⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 220
11⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
10⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
11⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 220
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 220
7⤵
- Program crash
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
12⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
13⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
10⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
9⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 220
10⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
8⤵
- Program crash
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
7⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
6⤵
- Program crash
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
8⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
12⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
13⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 220
11⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
10⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
11⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
12⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
10⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
9⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
7⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
10⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
11⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
12⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
8⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 220
7⤵
- Program crash
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12178.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-46859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46859.exe
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 236
11⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
9⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
8⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
7⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
6⤵
- Program crash
PID:296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
5⤵
- Program crash
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
9⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
10⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
11⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
12⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
13⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\Unicorn-54024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54024.exe
14⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
13⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
11⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
12⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
13⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 216
13⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
9⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
8⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
11⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
12⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
13⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 220
12⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
10⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
9⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
8⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
7⤵
- Program crash
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
7⤵
- Executes dropped EXE
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
8⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
10⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
11⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
12⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\Unicorn-32052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32052.exe
13⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
12⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
10⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
12⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 220
10⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
9⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
10⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
11⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
12⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
8⤵
- Program crash
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
7⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
10⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
11⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
10⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
8⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
7⤵
- Program crash
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
6⤵
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
12⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
13⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
10⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
11⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 220
11⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
8⤵
- Program crash
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
10⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
11⤵
PID:10608

C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 216
12⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
11⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 220
10⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
7⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
7⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
11⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
12⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
11⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
8⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
9⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
10⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
11⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
10⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
9⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
8⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
7⤵
- Program crash
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
6⤵
- Program crash
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
5⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
8⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
11⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
12⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
13⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 220
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
11⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
12⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 220
11⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
8⤵
- Program crash
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
7⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
10⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
11⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
12⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 220
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
9⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
10⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
11⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
11⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
10⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
8⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
7⤵
- Program crash
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
6⤵
- Program crash
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
6⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-7410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7410.exe
7⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
10⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
11⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
11⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
12⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 220
11⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
9⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
10⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
11⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 236
10⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
9⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
8⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
7⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
9⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
10⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
10⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 220
9⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
8⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
7⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
6⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
7⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
9⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
10⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
11⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
10⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
9⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
8⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
7⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
6⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
5⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
9⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
10⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
11⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
12⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
12⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
11⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
11⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 220
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
8⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
11⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exe
12⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
10⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
9⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
8⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
7⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
11⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
11⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
9⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
11⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
11⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
10⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
8⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 220
7⤵
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
10⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
11⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
11⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 236
10⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
8⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
9⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
10⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
11⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
12⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
12⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
10⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
8⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
7⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
6⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
10⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
11⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
12⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
9⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
10⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
11⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 220
11⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
10⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
8⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
9⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
10⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
11⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
10⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
9⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
8⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
7⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
6⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
7⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
9⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
10⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
11⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
11⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
10⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
8⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
7⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
8⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
9⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
10⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 220
10⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
9⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
8⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 220
7⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
5⤵
- Program crash
PID:472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
10⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
11⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 220
12⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
8⤵
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 200
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
8⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
7⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-10867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10867.exe
9⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
10⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
11⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
11⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
7⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
6⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
7⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
8⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
9⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
10⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
10⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
9⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
8⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
7⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
6⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
6⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
9⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
10⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
11⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
10⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
7⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
8⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
9⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
10⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
10⤵
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
9⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
8⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
7⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
6⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
8⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
9⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
10⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 220
10⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 236
9⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
8⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
7⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
6⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
5⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
4⤵
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
2⤵
- Program crash
PID:2512

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
Filesize
184KB

MD5
4354f6d3d3528d903a50aab9f2c4e71e

SHA1
cd18ac43114e8b19961fdea3ff74a34abc0d6176

SHA256
2a5476d45e76ed4409f81b093e4b18c54862bdb5df2337860f859ac34de44ce7

SHA512
a51fca324058bc5b800b9b56752cf4fdba48c2254421cc1645f7777dfb8338cac6a8c307e26a1b643bca699f34599f8c32fd79586290ce12123a9c0c33bcb003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
Filesize
184KB

MD5
5cf28bfa51e172b8bd08019ddf0b9d10

SHA1
cf6c77deb2ca3fa0957190346410c035f39bd2a3

SHA256
69dfe13bcf0b7bf189bd16861cb10ccb6e9ae91195fc3a818a344ef0cd83fc7d

SHA512
924a83a1c1886549bc267d1dd3ecadfc43ad1582dce5d998cefae8d77c481db12aa764a488bb528f2f0fea3d3b8e3c02c50e35f543518c289bc09de1d3027535

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
Filesize
184KB

MD5
99bc3703da3b7c8a8a1e921bba87d580

SHA1
fad4a7f7c88239d2caa1153982c27eed3e800d4b

SHA256
2e70af825c9568f9ea00242746e235b5c194cd3213a0a678fa31f9c6e1a58b42

SHA512
6db04e7eddf1f70b5a6f37f01aae18f8ad7fff14e28df49132001c1574eae88939399eb37af65d0a96b3fdbb673236b81f352ee53c02ffaf1dff0c74d97b9073

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
Filesize
184KB

MD5
83b8f1a3815113a42f90e5c6891b0e37

SHA1
fd6e9b49076b20ca2c56cc8ef9548e2206e348ed

SHA256
ca0637561a70603ba3c6b4cd01c729768101fd37fd234def818cde38c0542c35

SHA512
7db668dcf9e42ecd02ec9ed6a0148953fb681e709ef3b3e27c987d493270bc86c2ccac1cb004ca7639c2d907730305a544b8df7bea60bc0d1fa37d56c707b33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
Filesize
184KB

MD5
35877eec64a30a92fa4e5362d94af0b0

SHA1
8fd26bc5148d8ae488410dc1c26c997d9a27a7ef

SHA256
9dbe70a55c556ed2c74575b11f5fe7d29b68601d32bb618f3d37d5b71042408b

SHA512
d52eb07fb726ac68ca5bb6d13983e3dfe0c4895f3c8d1df9c892abc25b03c35a24ce8a81fa35fcb5d67f50148cf7fe8310a00070b1723f2ff847884d9417339e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
Filesize
184KB

MD5
4c8aec0a2a4b507ab4da8b93f3dc7129

SHA1
dc096c01992a3d821d7f2273ca4dc7ae56dfe00f

SHA256
4c576000e37fde4a643f9e2cc7a1b8a8bf0fbe8a4eaf8075f0c7bcea5619ded6

SHA512
26d64935e9ce5d1fa5b7fedca715beab69b5dfc4f425324662e8b4205b1b5bdf4f23e861d1e4c3efde68190f5cb3f2341e18ac8859a0f00734d81fd913831c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
Filesize
184KB

MD5
180f79fd8d89b8f8e409e54aace1e885

SHA1
5fea2da58fbc5746b52c6be2c3ec3debc105311d

SHA256
a36bb8cdb856ec239ca3ba01d63c6ced50a1847e85d09931b826c84a7a76215b

SHA512
95a53193cc1e37302e79cf059ab65faeedb221213572a276abff3f02d83dc73f6cd492140a5c4c1d03576f82c31cc52df01e181f4444b07f0d67182df8c2ce5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
Filesize
184KB

MD5
8aa7dfc286b389ae9a08904e53b7713b

SHA1
0e155f80452ab72e99a668e4c71ed6bc5e95b2c1

SHA256
b57adbb3ddda93eef50886b0e40fe1bcbd09050292c14fd9ea1f3887b792ec4b

SHA512
236e3880c1a19155b4ff5e6c55aa3d0d6c914b09c52a3aa7afd2525cbace17a3c1b4d178e4686f48d8bca768b0a8467ddae528e0563de695c3fa659fbc7956f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
Filesize
184KB

MD5
979d81f2b81f291309404a5d493110e6

SHA1
82bb5bf74ab245b01902ca130d698d5881be8774

SHA256
bbb8447df06a656a233f7208957b020bba48e04e5758c0ca9b53a88f6558e56f

SHA512
3dfb7ee40cbdc133bff9c3d4f925ddcf071b077185d5c1ceb983aacb913c14348af6a867ee3883c0d6db215fc949fbb7446f72d8a7248157476995c620507318

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
Filesize
184KB

MD5
022da20152c67227d2945b2f38c1fe8c

SHA1
9da61634b6abb3636674b1485e437a077f800565

SHA256
eb9b67033957302a262212e8942589aca23c7d7684087bdcf236672489c15ec6

SHA512
857bbe623aa8083abc4b7625db626e448eb988851713db5e5ddc08c7b5a88c23d5a404450e4d1c3c420c18c3291b58e52b51b1470e1852a9b9f5bc24448e97b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
Filesize
184KB

MD5
42a47ef07896cdf5a8efa6c3fe3a7feb

SHA1
b0ab9b92a49a7f611fed72103ad48e05a42a28c2

SHA256
a0aec493ddf5b342d02ec6406d911904ef5c31eeb495e87cd9b60639a3a112b9

SHA512
7d7b2364d22ea5087fa1cd7ac47d68a3feb271111f03164ae5d81781d388e25446c5a5af6fc3a7eaf133ab060b39e1953179b6c13ee8deec7606574628dfb06d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
Filesize
184KB

MD5
7148567e5c8bc76d14f8d576f09e6537

SHA1
38773edbdb3facabb521684d2f35dcb2222d066c

SHA256
877e27d506a5c4898db003c465e9babca3e912c2eb7f330f92793c0d66e91e27

SHA512
08cd8f2cd977e30f0f4fbc69fda6692a16a4a0a4df28b5617aab348257a666b623e4147f9bb20d81e6d4173b779b5084d455328136c93e575a9137732b29df79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
Filesize
184KB

MD5
74b2ccbbab4ef303b5c1b4d416d2c81b

SHA1
6fc83852121586d23c87d8454b1d8929d850fcca

SHA256
14434020b5b441c162a60bb2dc1e542760323af980482cf455e1a8a49cc85791

SHA512
b7b83d16b50e0f398dc739b7cb0c117620da5d1c8ad84ea30a1657f765fdb5d7813c8d6a50540f95f2b7c7fd1f60efc2b2f1ecd227f260ca447edf860f4f9858

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
Filesize
184KB

MD5
5d367e36cc07659faebf82eba2580e3e

SHA1
c39901a64087d3e16cc3f62218282123fc35667f

SHA256
89705bce9efef7bce67cfb3d45d843a889e2db4cf4e0f02b15a16b44446ef316

SHA512
66ff4a0a9ef8096516f5d4377294c80462fbda7d515c7f1713f23eae39b7ea36c067e96996b9734e80dc553eb70b801077fe9d78ef89bb2629229b9bc4d2ec73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
Filesize
184KB

MD5
b6c84a4a3bb8230ef70575c98ce30914

SHA1
1e0911b70d6e608c14d406dc6ffba131a549371b

SHA256
f663816c976143466e05c6d428d16efe0fb65b9b1380b4e0da113bdeb0730c3f

SHA512
ece730b60ffe7568440deec15071c8845bd7a0686cff0d173d0c0a488af22c97f255f3011469d860d3696f06f40139102df39e4d5db11151c8f4d8d31aca58bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
Filesize
184KB

MD5
037f5cb8f03337da1b87a5bf1fc86cca

SHA1
3eca54d16b0c00fdf2e1077410722e96f61b7770

SHA256
c553e4490c32c4d9720d542f78dd2e3eb84efb69b7b78d702457dd357ab86906

SHA512
87faf4c5873f5f94daaa946ac3c6e68266a571de58c0147ade5f8121d1bbbf373be9b6a02dc822b609c5617c97b724f840b9466ce6bb736af9ae3a75eb18e996

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
Filesize
184KB

MD5
438e5534d66b588a6cb365bee1eae162

SHA1
46c32c61d2568d96b151757e2d2da4ad14a6cf9c

SHA256
b249f24f338b6bd1d19fb9fd472048a1b67f3524e4c77c3811e56b8ee700de52

SHA512
e4bd60e4b1ed2d98ebb0f4fad18ed2728de1568f85bd4d2842430b5ba5ce39c7b9ecc6f8c9dd71d8b875354555fb0c6e7bc453a2aae5b1ba9ac4fbf6530ff059

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
Filesize
184KB

MD5
e1f25b2becbad5be0399dfa1fba0af96

SHA1
06c542e276f2e355a04da223a1cb939023e526ed

SHA256
8008424b1bbcda6d86c92b05405c6ccc6f847f0fa8ceeac7cbb9b43ea41890e4

SHA512
28be943379ab2014352d68a0f547e1e6ae068a4ecec53bbbb235d34154258f25c32580abbe9e6af5f61827ed43a95249f41490c92f852362b49824311467a2c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads