b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
Size

184KB
MD5

05ee621415d72dc5c37ec74983d0a95e
SHA1

82556d772b8efd036fbaf6f536ceafb5d43949b7
SHA256

b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d
SHA512

356fc48608d2a1e84ecedea75bc357bffb60eba6a7d3d23ac06c83a2da99a7d77926857a7e856beeb80daa73a6d53a17a1c61d2554c94c15641150b6a1a9a3d3
SSDEEP

3072:/Wm3BxXuTtv2dUPfe+98afo5QlowiF1n3:/WWXyCUP/8Io5QlowiF1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-829.exeUnicorn-23814.exeUnicorn-55344.exeUnicorn-43517.exeUnicorn-63383.exeUnicorn-30903.exeUnicorn-44938.exeUnicorn-2649.exeUnicorn-55379.exeUnicorn-35705.exeUnicorn-9385.exeUnicorn-51721.exeUnicorn-43230.exeUnicorn-37030.exeUnicorn-43999.exeUnicorn-61062.exeUnicorn-10984.exeUnicorn-8716.exeUnicorn-44041.exeUnicorn-39991.exeUnicorn-40183.exeUnicorn-20317.exeUnicorn-31735.exeUnicorn-44734.exeUnicorn-32503.exeUnicorn-18859.exeUnicorn-47220.exeUnicorn-3364.exeUnicorn-49036.exeUnicorn-44714.exeUnicorn-40307.exeUnicorn-6011.exeUnicorn-57905.exeUnicorn-7827.exeUnicorn-27693.exeUnicorn-60941.exeUnicorn-58673.exeUnicorn-13001.exeUnicorn-23312.exeUnicorn-58637.exeUnicorn-10697.exeUnicorn-56369.exeUnicorn-44138.exeUnicorn-11465.exeUnicorn-11465.exeUnicorn-37785.exeUnicorn-37785.exeUnicorn-31928.exeUnicorn-36728.exeUnicorn-35663.exeUnicorn-7589.exeUnicorn-53453.exeUnicorn-54351.exeUnicorn-8357.exeUnicorn-8357.exeUnicorn-23817.exeUnicorn-25749.exeUnicorn-45293.exeUnicorn-32678.exeUnicorn-13326.exeUnicorn-13326.exeUnicorn-45869.exeUnicorn-26517.exeUnicorn-46575.exe

pid	process
1928	Unicorn-829.exe
2584	Unicorn-23814.exe
2404	Unicorn-55344.exe
2844	Unicorn-43517.exe
2492	Unicorn-63383.exe
2484	Unicorn-30903.exe
2700	Unicorn-44938.exe
2556	Unicorn-2649.exe
852	Unicorn-55379.exe
2116	Unicorn-35705.exe
1784	Unicorn-9385.exe
1684	Unicorn-51721.exe
2396	Unicorn-43230.exe
1880	Unicorn-37030.exe
2304	Unicorn-43999.exe
2892	Unicorn-61062.exe
568	Unicorn-10984.exe
2816	Unicorn-8716.exe
2224	Unicorn-44041.exe
1144	Unicorn-39991.exe
1824	Unicorn-40183.exe
1484	Unicorn-20317.exe
284	Unicorn-31735.exe
2000	Unicorn-44734.exe
1984	Unicorn-32503.exe
3004	Unicorn-18859.exe
2136	Unicorn-47220.exe
2904	Unicorn-3364.exe
1320	Unicorn-49036.exe
1988	Unicorn-44714.exe
2140	Unicorn-40307.exe
1220	Unicorn-6011.exe
2656	Unicorn-57905.exe
2740	Unicorn-7827.exe
2572	Unicorn-27693.exe
2780	Unicorn-60941.exe
2528	Unicorn-58673.exe
2132	Unicorn-13001.exe
2692	Unicorn-23312.exe
2688	Unicorn-58637.exe
1764	Unicorn-10697.exe
2804	Unicorn-56369.exe
2240	Unicorn-44138.exe
1452	Unicorn-11465.exe
1192	Unicorn-11465.exe
2120	Unicorn-37785.exe
2060	Unicorn-37785.exe
828	Unicorn-31928.exe
1096	Unicorn-36728.exe
2500	Unicorn-35663.exe
1248	Unicorn-7589.exe
1240	Unicorn-53453.exe
784	Unicorn-54351.exe
1572	Unicorn-8357.exe
744	Unicorn-8357.exe
860	Unicorn-23817.exe
2216	Unicorn-25749.exe
2068	Unicorn-45293.exe
984	Unicorn-32678.exe
3032	Unicorn-13326.exe
2316	Unicorn-13326.exe
1468	Unicorn-45869.exe
2580	Unicorn-26517.exe
2648	Unicorn-46575.exe

Loads dropped DLL 64 IoCs

Processes:

b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exeUnicorn-829.exeUnicorn-23814.exeUnicorn-55344.exeWerFault.exeUnicorn-63383.exeUnicorn-43517.exeUnicorn-30903.exeWerFault.exeWerFault.exeUnicorn-55379.exeUnicorn-44938.exeUnicorn-35705.exeUnicorn-9385.exeUnicorn-2649.exeWerFault.exeWerFault.exeUnicorn-51721.exe

pid	process
1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
1928	Unicorn-829.exe
1928	Unicorn-829.exe
1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
1928	Unicorn-829.exe
2584	Unicorn-23814.exe
1928	Unicorn-829.exe
2584	Unicorn-23814.exe
2404	Unicorn-55344.exe
2404	Unicorn-55344.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
2492	Unicorn-63383.exe
2492	Unicorn-63383.exe
2584	Unicorn-23814.exe
2584	Unicorn-23814.exe
2844	Unicorn-43517.exe
2844	Unicorn-43517.exe
2484	Unicorn-30903.exe
2484	Unicorn-30903.exe
2404	Unicorn-55344.exe
2404	Unicorn-55344.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
852	Unicorn-55379.exe
852	Unicorn-55379.exe
2844	Unicorn-43517.exe
2844	Unicorn-43517.exe
2700	Unicorn-44938.exe
2700	Unicorn-44938.exe
2492	Unicorn-63383.exe
2492	Unicorn-63383.exe
2116	Unicorn-35705.exe
2116	Unicorn-35705.exe
1784	Unicorn-9385.exe
1784	Unicorn-9385.exe
2484	Unicorn-30903.exe
2484	Unicorn-30903.exe
2556	Unicorn-2649.exe
2556	Unicorn-2649.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1684	Unicorn-51721.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2872	1860	WerFault.exe	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
884	1928	WerFault.exe	Unicorn-829.exe
616	2584	WerFault.exe	Unicorn-23814.exe
2036	2404	WerFault.exe	Unicorn-55344.exe
832	2492	WerFault.exe	Unicorn-63383.exe
1916	2844	WerFault.exe	Unicorn-43517.exe
1940	852	WerFault.exe	Unicorn-55379.exe
1960	2700	WerFault.exe	Unicorn-44938.exe
2096	2116	WerFault.exe	Unicorn-35705.exe
1632	1784	WerFault.exe	Unicorn-9385.exe
2664	2556	WerFault.exe	Unicorn-2649.exe
1536	1684	WerFault.exe	Unicorn-51721.exe
2152	2396	WerFault.exe	Unicorn-43230.exe
1716	1880	WerFault.exe	Unicorn-37030.exe
1612	2304	WerFault.exe	Unicorn-43999.exe
2212	2892	WerFault.exe	Unicorn-61062.exe
320	2224	WerFault.exe	Unicorn-44041.exe
2552	568	WerFault.exe	Unicorn-10984.exe
756	2816	WerFault.exe	Unicorn-8716.exe
2808	1144	WerFault.exe	Unicorn-39991.exe
2832	1824	WerFault.exe	Unicorn-40183.exe
344	1484	WerFault.exe	Unicorn-20317.exe
2184	284	WerFault.exe	Unicorn-31735.exe
288	2000	WerFault.exe	Unicorn-44734.exe
2452	1984	WerFault.exe	Unicorn-32503.exe
2408	3004	WerFault.exe	Unicorn-18859.exe
1856	1320	WerFault.exe	Unicorn-49036.exe
316	2136	WerFault.exe	Unicorn-47220.exe
952	2904	WerFault.exe	Unicorn-3364.exe
1584	2140	WerFault.exe	Unicorn-40307.exe
2668	1988	WerFault.exe	Unicorn-44714.exe
2516	2780	WerFault.exe	Unicorn-60941.exe
292	2572	WerFault.exe	Unicorn-27693.exe
2592	1220	WerFault.exe	Unicorn-6011.exe
2588	2132	WerFault.exe	Unicorn-13001.exe
1752	2740	WerFault.exe	Unicorn-7827.exe
3096	1764	WerFault.exe	Unicorn-10697.exe
3088	1192	WerFault.exe	Unicorn-11465.exe
3080	2688	WerFault.exe	Unicorn-58637.exe
3144	2060	WerFault.exe	Unicorn-37785.exe
3236	2240	WerFault.exe	Unicorn-44138.exe
3256	2804	WerFault.exe	Unicorn-56369.exe
3312	2528	WerFault.exe	Unicorn-58673.exe
3320	2692	WerFault.exe	Unicorn-23312.exe
3428	2656	WerFault.exe	Unicorn-57905.exe
3436	2120	WerFault.exe	Unicorn-37785.exe
3452	1452	WerFault.exe	Unicorn-11465.exe
4016	828	WerFault.exe	Unicorn-31928.exe
3760	1096	WerFault.exe	Unicorn-36728.exe
3984	2500	WerFault.exe	Unicorn-35663.exe
3304	1240	WerFault.exe	Unicorn-53453.exe
3980	2436	WerFault.exe	Unicorn-59766.exe
3964	1572	WerFault.exe	Unicorn-8357.exe
3152	3032	WerFault.exe	Unicorn-13326.exe
3196	1248	WerFault.exe	Unicorn-7589.exe
3188	2216	WerFault.exe	Unicorn-25749.exe
4124	892	WerFault.exe	Unicorn-44567.exe
4284	2560	WerFault.exe	Unicorn-61588.exe
4276	3056	WerFault.exe	Unicorn-57182.exe
4308	2960	WerFault.exe	Unicorn-20084.exe
4340	1260	WerFault.exe	Unicorn-44079.exe
4456	860	WerFault.exe	Unicorn-23817.exe
4580	2648	WerFault.exe	Unicorn-46575.exe
4636	2320	WerFault.exe	Unicorn-46482.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exeUnicorn-829.exeUnicorn-23814.exeUnicorn-55344.exeUnicorn-43517.exeUnicorn-63383.exeUnicorn-30903.exeUnicorn-55379.exeUnicorn-44938.exeUnicorn-2649.exeUnicorn-9385.exeUnicorn-35705.exeUnicorn-51721.exeUnicorn-43230.exeUnicorn-37030.exeUnicorn-43999.exeUnicorn-61062.exeUnicorn-44041.exeUnicorn-10984.exeUnicorn-8716.exeUnicorn-39991.exeUnicorn-40183.exeUnicorn-20317.exeUnicorn-31735.exeUnicorn-44734.exeUnicorn-32503.exeUnicorn-18859.exeUnicorn-3364.exeUnicorn-47220.exeUnicorn-49036.exeUnicorn-44714.exeUnicorn-40307.exeUnicorn-57905.exeUnicorn-6011.exeUnicorn-7827.exeUnicorn-27693.exeUnicorn-13001.exeUnicorn-60941.exeUnicorn-58673.exeUnicorn-23312.exeUnicorn-58637.exeUnicorn-10697.exeUnicorn-56369.exeUnicorn-37785.exeUnicorn-44138.exeUnicorn-11465.exeUnicorn-37785.exeUnicorn-11465.exeUnicorn-31928.exeUnicorn-36728.exeUnicorn-35663.exeUnicorn-7589.exeUnicorn-53453.exeUnicorn-8357.exeUnicorn-54351.exeUnicorn-23817.exeUnicorn-8357.exeUnicorn-25749.exeUnicorn-45293.exeUnicorn-13326.exeUnicorn-32678.exeUnicorn-13326.exeUnicorn-45869.exeUnicorn-26517.exe

pid	process
1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
1928	Unicorn-829.exe
2584	Unicorn-23814.exe
2404	Unicorn-55344.exe
2844	Unicorn-43517.exe
2492	Unicorn-63383.exe
2484	Unicorn-30903.exe
852	Unicorn-55379.exe
2700	Unicorn-44938.exe
2556	Unicorn-2649.exe
1784	Unicorn-9385.exe
2116	Unicorn-35705.exe
1684	Unicorn-51721.exe
2396	Unicorn-43230.exe
1880	Unicorn-37030.exe
2304	Unicorn-43999.exe
2892	Unicorn-61062.exe
2224	Unicorn-44041.exe
568	Unicorn-10984.exe
2816	Unicorn-8716.exe
1144	Unicorn-39991.exe
1824	Unicorn-40183.exe
1484	Unicorn-20317.exe
284	Unicorn-31735.exe
2000	Unicorn-44734.exe
1984	Unicorn-32503.exe
3004	Unicorn-18859.exe
2904	Unicorn-3364.exe
2136	Unicorn-47220.exe
1320	Unicorn-49036.exe
1988	Unicorn-44714.exe
2140	Unicorn-40307.exe
2656	Unicorn-57905.exe
1220	Unicorn-6011.exe
2740	Unicorn-7827.exe
2572	Unicorn-27693.exe
2132	Unicorn-13001.exe
2780	Unicorn-60941.exe
2528	Unicorn-58673.exe
2692	Unicorn-23312.exe
2688	Unicorn-58637.exe
1764	Unicorn-10697.exe
2804	Unicorn-56369.exe
2120	Unicorn-37785.exe
2240	Unicorn-44138.exe
1192	Unicorn-11465.exe
2060	Unicorn-37785.exe
1452	Unicorn-11465.exe
828	Unicorn-31928.exe
1096	Unicorn-36728.exe
2500	Unicorn-35663.exe
1248	Unicorn-7589.exe
1240	Unicorn-53453.exe
1572	Unicorn-8357.exe
784	Unicorn-54351.exe
860	Unicorn-23817.exe
744	Unicorn-8357.exe
2216	Unicorn-25749.exe
2068	Unicorn-45293.exe
3032	Unicorn-13326.exe
984	Unicorn-32678.exe
2316	Unicorn-13326.exe
1468	Unicorn-45869.exe
2580	Unicorn-26517.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exeUnicorn-829.exeUnicorn-23814.exeUnicorn-55344.exeUnicorn-63383.exeUnicorn-43517.exeUnicorn-30903.exeUnicorn-55379.exe

description	pid	process	target process
PID 1860 wrote to memory of 1928	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-829.exe
PID 1860 wrote to memory of 1928	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-829.exe
PID 1860 wrote to memory of 1928	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-829.exe
PID 1860 wrote to memory of 1928	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-829.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-829.exe	Unicorn-23814.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-829.exe	Unicorn-23814.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-829.exe	Unicorn-23814.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-829.exe	Unicorn-23814.exe
PID 1860 wrote to memory of 2404	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-55344.exe
PID 1860 wrote to memory of 2404	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-55344.exe
PID 1860 wrote to memory of 2404	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-55344.exe
PID 1860 wrote to memory of 2404	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	Unicorn-55344.exe
PID 1860 wrote to memory of 2872	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	WerFault.exe
PID 1860 wrote to memory of 2872	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	WerFault.exe
PID 1860 wrote to memory of 2872	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	WerFault.exe
PID 1860 wrote to memory of 2872	1860	b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe	WerFault.exe
PID 1928 wrote to memory of 2844	1928	Unicorn-829.exe	Unicorn-43517.exe
PID 1928 wrote to memory of 2844	1928	Unicorn-829.exe	Unicorn-43517.exe
PID 1928 wrote to memory of 2844	1928	Unicorn-829.exe	Unicorn-43517.exe
PID 1928 wrote to memory of 2844	1928	Unicorn-829.exe	Unicorn-43517.exe
PID 2584 wrote to memory of 2492	2584	Unicorn-23814.exe	Unicorn-63383.exe
PID 2584 wrote to memory of 2492	2584	Unicorn-23814.exe	Unicorn-63383.exe
PID 2584 wrote to memory of 2492	2584	Unicorn-23814.exe	Unicorn-63383.exe
PID 2584 wrote to memory of 2492	2584	Unicorn-23814.exe	Unicorn-63383.exe
PID 2404 wrote to memory of 2484	2404	Unicorn-55344.exe	Unicorn-30903.exe
PID 2404 wrote to memory of 2484	2404	Unicorn-55344.exe	Unicorn-30903.exe
PID 2404 wrote to memory of 2484	2404	Unicorn-55344.exe	Unicorn-30903.exe
PID 2404 wrote to memory of 2484	2404	Unicorn-55344.exe	Unicorn-30903.exe
PID 1928 wrote to memory of 884	1928	Unicorn-829.exe	WerFault.exe
PID 1928 wrote to memory of 884	1928	Unicorn-829.exe	WerFault.exe
PID 1928 wrote to memory of 884	1928	Unicorn-829.exe	WerFault.exe
PID 1928 wrote to memory of 884	1928	Unicorn-829.exe	WerFault.exe
PID 2492 wrote to memory of 2700	2492	Unicorn-63383.exe	Unicorn-44938.exe
PID 2492 wrote to memory of 2700	2492	Unicorn-63383.exe	Unicorn-44938.exe
PID 2492 wrote to memory of 2700	2492	Unicorn-63383.exe	Unicorn-44938.exe
PID 2492 wrote to memory of 2700	2492	Unicorn-63383.exe	Unicorn-44938.exe
PID 2584 wrote to memory of 2556	2584	Unicorn-23814.exe	Unicorn-2649.exe
PID 2584 wrote to memory of 2556	2584	Unicorn-23814.exe	Unicorn-2649.exe
PID 2584 wrote to memory of 2556	2584	Unicorn-23814.exe	Unicorn-2649.exe
PID 2584 wrote to memory of 2556	2584	Unicorn-23814.exe	Unicorn-2649.exe
PID 2844 wrote to memory of 852	2844	Unicorn-43517.exe	Unicorn-55379.exe
PID 2844 wrote to memory of 852	2844	Unicorn-43517.exe	Unicorn-55379.exe
PID 2844 wrote to memory of 852	2844	Unicorn-43517.exe	Unicorn-55379.exe
PID 2844 wrote to memory of 852	2844	Unicorn-43517.exe	Unicorn-55379.exe
PID 2484 wrote to memory of 1784	2484	Unicorn-30903.exe	Unicorn-9385.exe
PID 2484 wrote to memory of 1784	2484	Unicorn-30903.exe	Unicorn-9385.exe
PID 2484 wrote to memory of 1784	2484	Unicorn-30903.exe	Unicorn-9385.exe
PID 2484 wrote to memory of 1784	2484	Unicorn-30903.exe	Unicorn-9385.exe
PID 2404 wrote to memory of 2116	2404	Unicorn-55344.exe	Unicorn-35705.exe
PID 2404 wrote to memory of 2116	2404	Unicorn-55344.exe	Unicorn-35705.exe
PID 2404 wrote to memory of 2116	2404	Unicorn-55344.exe	Unicorn-35705.exe
PID 2404 wrote to memory of 2116	2404	Unicorn-55344.exe	Unicorn-35705.exe
PID 2584 wrote to memory of 616	2584	Unicorn-23814.exe	WerFault.exe
PID 2584 wrote to memory of 616	2584	Unicorn-23814.exe	WerFault.exe
PID 2584 wrote to memory of 616	2584	Unicorn-23814.exe	WerFault.exe
PID 2584 wrote to memory of 616	2584	Unicorn-23814.exe	WerFault.exe
PID 2404 wrote to memory of 2036	2404	Unicorn-55344.exe	WerFault.exe
PID 2404 wrote to memory of 2036	2404	Unicorn-55344.exe	WerFault.exe
PID 2404 wrote to memory of 2036	2404	Unicorn-55344.exe	WerFault.exe
PID 2404 wrote to memory of 2036	2404	Unicorn-55344.exe	WerFault.exe
PID 852 wrote to memory of 1684	852	Unicorn-55379.exe	Unicorn-51721.exe
PID 852 wrote to memory of 1684	852	Unicorn-55379.exe	Unicorn-51721.exe
PID 852 wrote to memory of 1684	852	Unicorn-55379.exe	Unicorn-51721.exe
PID 852 wrote to memory of 1684	852	Unicorn-55379.exe	Unicorn-51721.exe

C:\Users\Admin\AppData\Local\Temp\b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe
"C:\Users\Admin\AppData\Local\Temp\b715d383f6ba722138f9936a07209ef98f25430807480a3bd80a5564d6f0ee1d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
10⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
11⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
12⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
13⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
14⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
15⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 220
15⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
14⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
13⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
12⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
11⤵
- Program crash
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
11⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
12⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
13⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
14⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
12⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
11⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
10⤵
- Program crash
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
9⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
10⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
11⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
13⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
14⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
13⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
11⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
10⤵
- Program crash
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
9⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
9⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
10⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
11⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
12⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
13⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
14⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
12⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
11⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
10⤵
- Program crash
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
10⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
11⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
12⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
13⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
12⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
11⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
9⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
8⤵
- Program crash
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
9⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
10⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
12⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
13⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
12⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
11⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
9⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
11⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
10⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
8⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
12⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
9⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
8⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
7⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
9⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
10⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
11⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
12⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
13⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
14⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 236
14⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
13⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
12⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
11⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
12⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
13⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 216
13⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
12⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
11⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
12⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
13⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
11⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
10⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 220
9⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
8⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
11⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
8⤵
- Program crash
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
7⤵
- Program crash
PID:288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
8⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
11⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-15226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15226.exe
10⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
11⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
11⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 220
8⤵
- Program crash
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
7⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
10⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
11⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
12⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 216
8⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
- Program crash
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
6⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
9⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
11⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
12⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
13⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
14⤵
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
12⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
11⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
10⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
9⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
8⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
10⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
11⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
12⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
11⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
10⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
9⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 220
8⤵
- Program crash
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
7⤵
- Program crash
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-37785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
10⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
11⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 236
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
10⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
11⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
11⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
10⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 220
8⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
7⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
9⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
10⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
11⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
11⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
10⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
9⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 236
8⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
7⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
6⤵
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
5⤵
- Program crash
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-60628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60628.exe
9⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
10⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
11⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
12⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
13⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-41473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41473.exe
14⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
14⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
13⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
12⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
10⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
11⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
12⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 236
13⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
12⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
11⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
9⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
10⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
11⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
12⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
13⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 216
13⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
11⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
9⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
8⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
9⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
11⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
12⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 220
13⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
12⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
11⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
10⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
11⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 220
12⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
9⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 220
8⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
9⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
11⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
12⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
13⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 220
13⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
12⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
11⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
11⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
12⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
10⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
11⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
12⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10296 -s 216
12⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 236
11⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 220
10⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
7⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-44567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44567.exe
8⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
11⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
12⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
13⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
12⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 216
9⤵
- Program crash
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
8⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
11⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
12⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
11⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
9⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
8⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
8⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
10⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
11⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
12⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
12⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
10⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
11⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
7⤵
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
6⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-20317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20317.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
8⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
11⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
12⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 236
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
10⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
8⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
7⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
8⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
9⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
8⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 220
7⤵
- Program crash
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
8⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
9⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
10⤵
PID:10676

C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
10⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
9⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
8⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
7⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
6⤵
- Program crash
PID:344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
5⤵
- Program crash
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:744

C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
8⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
10⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
11⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
12⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
11⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-30679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30679.exe
10⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
11⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
10⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
9⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
10⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
10⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
8⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 220
7⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
7⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
10⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
7⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
9⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
10⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
10⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
9⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
8⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
7⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
6⤵
- Program crash
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
6⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
10⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
11⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
10⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
9⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
10⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
11⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
10⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
9⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
8⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 220
7⤵
- Program crash
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
6⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-48338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48338.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
9⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
10⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
11⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
10⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
9⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
8⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
7⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
8⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
9⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
10⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
9⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
8⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
7⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
6⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
5⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-22859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22859.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
10⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
11⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
12⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
11⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
9⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
10⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
11⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
11⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
10⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
7⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
6⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
7⤵
- Executes dropped EXE
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
8⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
11⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
12⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 220
12⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
10⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
10⤵
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
9⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
7⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
10⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
11⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
8⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
7⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
6⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-48496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48496.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
11⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
12⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 220
12⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
9⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
10⤵
PID:10608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
11⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 216
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
9⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
8⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
7⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
9⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
10⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
11⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
10⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
8⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 220
7⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
6⤵
- Program crash
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
5⤵
- Program crash
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
8⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
11⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
12⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
10⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
11⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
10⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
9⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
8⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
11⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
10⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
9⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
8⤵
- Program crash
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
7⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
6⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
7⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
10⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
11⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 220
10⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
8⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
7⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
8⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
9⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
10⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 220
10⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
9⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
8⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
7⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
6⤵
- Program crash
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37785.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
6⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
9⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
10⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-37687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37687.exe
11⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
10⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
8⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
7⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
8⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
9⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
10⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 236
10⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
9⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
8⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
7⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
6⤵
- Program crash
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
5⤵
- Program crash
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-30515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30515.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
9⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
11⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 216
12⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
9⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
10⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 212
11⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
10⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
8⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
7⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
9⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
10⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
11⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
10⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
9⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
8⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
7⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
8⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
9⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
10⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
10⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
9⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
8⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
7⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
6⤵
- Program crash
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-56369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56369.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
6⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
7⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
9⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
10⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
11⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 236
10⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
9⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
8⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
8⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
9⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
10⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
10⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
9⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 220
7⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
6⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
8⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
9⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
10⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
10⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
9⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
8⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
7⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 220
6⤵
- Program crash
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
5⤵
- Program crash
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
10⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
11⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
11⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
10⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
8⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
8⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
9⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
10⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
10⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
9⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
8⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
7⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
6⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
7⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
8⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
9⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
10⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 236
10⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
9⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
8⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
7⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
6⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
6⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
8⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
9⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
10⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 236
10⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
9⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
7⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
6⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
7⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
8⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
9⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
9⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
8⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
7⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 220
6⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
5⤵
- Program crash
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
4⤵
- Program crash
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
2⤵
- Program crash
PID:2872

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
Filesize
184KB

MD5
f140924d2efd35e691d8cc4f4a949b54

SHA1
964bfd79155b5364bf5214dc305cf4d04b520fe3

SHA256
bbe1919daeef40f0628e23a395b19d9a9d5fdadc932fa59df322abe70ac2cfa1

SHA512
df1f91a950686710cbd7e24971c0cdd802206e47fa06e2e37b88518249db02bdf589843cc1142f49df89376535bfb364b2e5015285b202a9774939b3b1058167

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
Filesize
184KB

MD5
f5c696b634465fcf443b55492143ea8b

SHA1
4eee9f8a2fec1b3920349ef1f2d5038fd1e73d56

SHA256
7e49b3808fd78fc7b343a57b91af6a1c93cdc8d528d52135e1270a7e42a59a0b

SHA512
9735aa1b9f3d6f521a3c4c849955cd3fc9a7b0f56518a8ae4fb8484a3fe86d4078ff993a2f3cead6e1a861c44b46ba3da38d64a10d1b2f61c2512fd3c024c8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
Filesize
184KB

MD5
077402d571d459bf5eb3d02c28ac67f8

SHA1
2c7c65e7130ad3a67e6df7f99268506ac1eb60b1

SHA256
1d6c1dda91ea786f6ce44946325975d7dabf3a04cb023309ffe52b1de1861808

SHA512
f634797ace446f12dc84d328752836944b480ef03392685834afa4a350a16fbd08e7cfd6d07cc91b5debb104ce40b5b055e32562425dad2b2d5091fbf6da94fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
Filesize
184KB

MD5
3e9ef734cf08b8251a7502422e5a2b5f

SHA1
0cb76f9cd31ed6571a9e74491ca0fb50fadfa9c9

SHA256
853789b825f63583e08da267a941a6b13850f5aa1c9da45bb89159f58c600433

SHA512
8acdd1fdde3e2b9c12b7a6731f2be76ccd06b61dd9b7eebb75cb41b2461abcd9245bf1b01efb0d18eb61c5dcaf4b3265f39db76def96cb3b6e6543a2450ef71e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
Filesize
184KB

MD5
a8cf2ce354ab30215e3c2e3c231909bf

SHA1
af58db6bc5ff305bb34cb6d5f293a235a206ccf7

SHA256
59d5cbaf0fde14acf1fa0262fa898dec5772adb5c32ccd1b2d170ff124669bdd

SHA512
667f7dd94618b843d8ea66939436e77cbcfe498105ec92d4448f11d9f48e09ee7cbc49918e568dd2360ceac6969902bcc3147588abf39f6bd5dc1e2dcd695777

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
Filesize
184KB

MD5
0db161428109014d6d578a5f6e008f33

SHA1
9a3ba670b7604fdd671e026b0f6a5ba4e6eaff98

SHA256
02884c993d5ae73c60e4f6048183fd3199ed39fbd2842e50704923bcbc631d6f

SHA512
4dcbe5c704e9b17be1c58a7f6de26967b2a7bfb97bffe18c4522875f569b0bc422e8a5e1fd794c1cb58a35cff067fb5a69d7ccaee65c058fb0b92aa121a2ca6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
Filesize
184KB

MD5
4134a0804a78419460511732ff4c324c

SHA1
18e521c8a36287f4d8fcbff75e0375187b68fdd3

SHA256
a2f35b226405f08e8455731d1a566e87a024cfcb29f83711cbba1920a6f51803

SHA512
044127ba39661eb9a2bf74b7fae5b8b13893ef2cb9d03c881e0c86cf8eb9e14af0c10f303d55d3f918b21d82597fc002d8a38ab9ade756cb3cd4c35418b6ad1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
Filesize
184KB

MD5
faf664d85d20d35596415110da8d1751

SHA1
435cf36e48c63eb830b0e7e677d2da790bd4c300

SHA256
50b0ca3f2fc77e57953f6e9801fc667f6c58a1b975ef83c827d34d8bb20f82c0

SHA512
9fd60f2a342f7f91e2aa56c68863c1d83c78f526b3368a110a3096b27ac3b7ddff6e84b78faa82df24e45847f720f48827cbb0fc52160efd5579e4399edd24b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
Filesize
184KB

MD5
d109ce61f517901c5180d61181ab9b96

SHA1
3618095d2d9a29f2f4ecd29dfa2d40e5a5524c29

SHA256
26e188368d05c719f106708b89052d2594456a3c4495c9a944f5574199897292

SHA512
359d9937c9144430e155600964adf709f0ca9e838af54db592c41579debebb46234c4e1d423f7311b943b3e3e26ab2fc88b0055a6cb3227d1b7c6931e1bbe140

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
Filesize
184KB

MD5
c289ed06f90be2ade5bd519641a9a152

SHA1
eabbec1ce6abe6ef72c8a776cd2f785402dab074

SHA256
7cb49dc1f124603e10aa72ef929fe48283d7aaae0e44af638535950a594db602

SHA512
be21c9e62fc3643c04bb8088a79aa7d262a004d90ab518684c101b99b858c3bace1dac54f3e28152306b502a62865e7ceb6963974c39057fe2cbf936e4a7f064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
Filesize
184KB

MD5
81af570fb13a6f13048496e132e261b7

SHA1
d57c916ee72f1ae34ffa9ecd158f2e59f24e0ea4

SHA256
5b041656b12588488c826ddfa50435d1768b509b8591f45157deec1146e36cf7

SHA512
e6f363ad5e9b2dfe157300470d2e104d4144902f97231f2426c64bb708bcd46cb7bf367558ca6fe8c767ec59cdede2a8da066331e9c9f7020baefabeb32a4058

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
Filesize
184KB

MD5
beb43888f4acb67b785dbcab39718b44

SHA1
83355984712805bbfd5d9587ddf74a2166bd4d12

SHA256
c4237ec3567a5e223cda3de65cf0384261620f689329da431e638ada569e8afa

SHA512
d51dd29703d62786fce09608aede0bb84eb86758d616379d81411b6fad970cea22d173ad7b1b7e656c89a1a5c8cfb1e37c117020ccd97049aac567333959a39f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
Filesize
184KB

MD5
d614a95ec276616a88e6fd5f8cd50911

SHA1
06be361a8e25d7c45b35ecdfe04e8ffd00d9da2b

SHA256
d0a07502a4d36cf012a3893a4e9f33cd994ae8b76fbbc805d1e634ac233e8d67

SHA512
5412396fb6dfad63eb9b5012b63d76e73b24b967b51b27d04074ddc7c1957e88397494860b502e1aef9489e53cca9c7c3097c5205be8ef1a0d9c6203b1fb773c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
Filesize
184KB

MD5
9e670faab4762a9ff0815fc111a07cf3

SHA1
d2ad8e6c7c10c4fab4974200c46aadfc422a5501

SHA256
b41ff65328be233d869755802799aba5c27b4c0f41a8dd636013f0bd0536671d

SHA512
06317fcfac0331813483a9366944f072c822b0e69011fc88ec1b1f0883e6251c9b85555fc73daa3472e5ffd448dbb6a102fb400d80ff280c9bd58ce1f9922e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
Filesize
184KB

MD5
9bdc3c9289ae6f3dc7957e8b9e196e1b

SHA1
fe5ba830a8681c6a437d93fdb1a8bc11b50bdff2

SHA256
6c20c814353e20274a9c0bbef4d22125e3b3f00fc628f22934889f6ea190880b

SHA512
6add6618c9ae722e2ee44c376834682caa94ed741c8f9514856d65404a769e0acca5a2233be6fd1689d5afd673d71e8a41c7200ef3c86c3f834fd404e9f9495c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
Filesize
184KB

MD5
87644102f17198657334f084bcf5d638

SHA1
bc9bd286229895bd980f4dac1afbf5bcd401ad3a

SHA256
0e6800c8f70a42b3fc62b7157f370c8699b0226b014098c1f38370c1cd824911

SHA512
1083c86bb7e7ac929727fc23183e14281a1ff69e4c073a7f548c683afef74bbbc73bf9534bffcf8e346c1efb0541b74f78b0c7875b868fcddc450ce6c956d047

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
Filesize
184KB

MD5
acf5cc78cefb37eaf31baf0455c3d484

SHA1
49e741dc647f00ddf8918a56515cbd3c78d9f487

SHA256
0f3864b94d95ee2b1dd6ccca3387c2c377aada9dfa0b61d04b0ad56586a337b0

SHA512
3ae3976c7fae2aacf7f0c3b0b8b1268c35fe589e7ad6f4a5fe131b1c7fddf693b4c5efd9b3da27636b64ac924c986846faf766b23c7602645da9f8d13caf4fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
Filesize
184KB

MD5
59ffb51eb46cbd173db3a240ce245055

SHA1
03fe7769a14bddf7df5dd687cf31d4918cf78d8a

SHA256
5bbdaa242e1b20513ec35dcc7500af83eacec10dec1402232ba3a81e3b2e5deb

SHA512
bf3d2fb0f1a272c3948907aba98e77b78a6e7f35647c4c6315d9e064116347ce0a89c78f006bc82c5442fce30fa167dc0d4b48bfbd4247558e605bef39c3a837

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
Filesize
184KB

MD5
c8a5c998c0d89c2d20195e42e232f787

SHA1
4ac2e8c0d58e383d7b0dd7ee69b23bb74ea5d5dd

SHA256
d7a02672344bc98f710ad45c6436dcedbd89b6694fa304707589e67acfaac661

SHA512
36a929155c91cb434905a47d5104101c0c1a2192b85054a7e0d9a51be29d83470d53ddae86dce617ce7fcb017632ca4592c04391e131a27acf560c192f840b97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
Filesize
184KB

MD5
4d08c7eea5bf34074102d35bc6ab4d60

SHA1
5234e4064fb4a5e8a0099898bae0d9c5be4ccf7a

SHA256
d07674b9a3f28d13840fa62c9f223efc675576c65e20fa40082130d52c59a314

SHA512
e871064744908b9aba0f7041ec9b4eb8213d502f559be60950f5644774fd189159e7d5d5534e245325978745e2cc79d864b57e1633398f09ae7dbc16fb913ad7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
Filesize
184KB

MD5
d5a5b8a716882744d739e890067bd1ac

SHA1
518a3cf6abf7f801064f1c85dcdd752cf45ccb9e

SHA256
abcabc568da3bd66bdd4da635db25cbd8fa2cf48c2fa72d40c3d5c882b3fc29f

SHA512
a6e8529346a306cb8df0360ea98ee4dd39f998352f2e30f15a3737207427e5e02d3b44c9ba78af3463dd327b76197821017d81a641768bba365366fca94fa6fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
Filesize
184KB

MD5
cb19007765447702729f8cf25914ae56

SHA1
c08ae0a128d2652b3c2c01bbcf6b479404ff99a8

SHA256
ec1a38ec01af1b5429b7601dbe6c90e484f72bf18652a3b50b7aab383cdc4534

SHA512
63b5a758c7a7a5fd5903ac66ca3ad046afbd6429140cb3e86a9f1a99a6a7ad333f22357b81ee2b2a8234903a68fc3c98b6a496ea04981ab10e1c909ed063cfcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
Filesize
184KB

MD5
2bfed5b2e3f33fdce05541b2dff909e2

SHA1
ff396ba3640e90c09823771a76f4195a345a0a47

SHA256
ce70b44a77a5368159d66c79d5fd88a882aea4c15b825d72386f9f00e4dc8704

SHA512
7a95b83835147db8e87dcd37889d57eb16f7212abbb9367f4269cc22485fb094e183d9dd6e1b25318a52efe702c3f2c37641a4fc520713ad9c40fb4d4c8220ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
Filesize
184KB

MD5
6fa1d7815d4fdcc0e7f4645e11379658

SHA1
31bb24272b2d19d7ccff7e5e2445cda13ca40eee

SHA256
ef13b2b573003cc9529458c20af1de0d3da386410c883f39ab18d081c8791286

SHA512
4034f876896a60aab985b128a0603a6f2034de471e5de0754ff486f74c78a0ca998656c81f67dca5bb6df48ea9284f8107042b71d3fe2b7a8a3c3660ecc6e219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
Filesize
184KB

MD5
c422b68068a5caef2c87434cd0d9875d

SHA1
3e042595baf3bc35eca2ca2f476d205c89835a0c

SHA256
056046ec31abc2115db75a5d5e66fe225766f9862a054d774e82ca73a28ba91d

SHA512
0c6d065c168ab2d75003e1fca0380a45251d922369ee7b23c28aad2aa88bbdf8e64a5709297749b7f5a0efc872e5296ffce60b41a7b1dd7280448ff7863187bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
Filesize
184KB

MD5
5ab7b76b51873f0b2cb3b69d05887f43

SHA1
0e06e1a124b44de49ef386df0d517f44ffd57e44

SHA256
b2930c9c75c6a8f84f2b8defce78d2a5dd64a491d55263d3b04e7e01f23f15d8

SHA512
1db57a473cc161a7e5e1be4b605eeca6dfdd83df411223f91cfbfc8d0095e178cdd75203c140704c309310d1bc70a9b4949a8aa25462d270802e7e9ed40bc04b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
Filesize
184KB

MD5
2138454393a5f6778c84159685ed6491

SHA1
e818cb2e974944177ef810dab345b09dca9b18a0

SHA256
cab3a63f5dfeb9295827f98eb49e8acd4281b7078ecdb026b3dffabafec363d5

SHA512
7eefaca13c39a79be06b4ae9b002839e10aba10fc2ede478deff10d8c81803c4fa1be2cee38bd712093c5d8cb1dc48e077d996a59c8b2d496024aca576a833af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
Filesize
184KB

MD5
127d3e514c74b3310e8280c82796ccf9

SHA1
5cdd3e80f5979ae19c468d104b6f9a85f71bf43e

SHA256
6800e36e7dc59612bea8cf25ea40ce9c1a9747bc2b16a807bba9735ea24c946b

SHA512
5b7992156ce4390d4a9abadbb54065866e981053ae8103a7ffd1511a1c0dcb3ad9a9488d8514959883319d3336e99c77798d98297a7b5a0f70be9cb53529be21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
Filesize
184KB

MD5
4d07cb43856d02312f22110fe72bbaa7

SHA1
5eca48db1e2f2de47505923af642abeb848c1fb5

SHA256
ccb171919889ad9cd7b08b9b2cf33c984ab031988cdb23521cb6f40e1998f790

SHA512
995fd45b6008e25e01fee6ef42e6551d6e778835481a6819e8d8744ed84a572cd7cc9532a0067a2e8e00277f0d8347a1fc3126f5384bb17cbdbde223cd770020

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
Filesize
184KB

MD5
7ba990330cc839fd570fd611289b216b

SHA1
bbf6a342bf37b30c4b2e964b0f86dc06a4668bc7

SHA256
30fb2572b9091cba4e1884b582162e9bd91ab9989516b59e3a59f7d41489bb3e

SHA512
d24228db099b3b3f763a827cbae0c628b3925c522211bdaf5862c8d88a762f520e19e0413f6fccc3c327c8fc81c35f71149a41caf5a4f634dca4d526b8efcef2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads