b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
Size

184KB
MD5

75026d5a5e853adf095a5d11ab9e26e3
SHA1

6686fc989ff7db22b4a058eedc620dcff8a94100
SHA256

b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d
SHA512

939aeb7ae7ab257e569d17d577880b19271a2c4bf71b07fb9c635a3d5a684ffdf454b1d42d1357dfe5df6b0d7b867d1522cfec87825fb7ebbdd7a66e0de444e3
SSDEEP

3072:0BfNqgojN7jI3kjYe73Lp+a7rKYbzFBKH+rBO5ighlnVOFhnT:0BXo5ykjHL8a7rieFghlnVOFh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-28914.exeUnicorn-37902.exeUnicorn-16967.exeUnicorn-20365.exeUnicorn-307.exeUnicorn-35440.exeUnicorn-57619.exeUnicorn-11947.exeUnicorn-60764.exeUnicorn-11563.exeUnicorn-56166.exeUnicorn-6509.exeUnicorn-19316.exeUnicorn-23723.exeUnicorn-38798.exeUnicorn-51605.exeUnicorn-22270.exeUnicorn-35076.exeUnicorn-54942.exeUnicorn-30189.exeUnicorn-17251.exeUnicorn-53453.exeUnicorn-20589.exeUnicorn-33395.exeUnicorn-20397.exeUnicorn-16867.exeUnicorn-3868.exeUnicorn-3868.exeUnicorn-16675.exeUnicorn-36541.exeUnicorn-52877.exeUnicorn-49348.exeUnicorn-45420.exeUnicorn-41890.exeUnicorn-28700.exeUnicorn-44844.exeUnicorn-8450.exeUnicorn-44076.exeUnicorn-56883.exeUnicorn-63292.exeUnicorn-29359.exeUnicorn-25829.exeUnicorn-45695.exeUnicorn-13899.exeUnicorn-9301.exeUnicorn-29167.exeUnicorn-61839.exeUnicorn-30044.exeUnicorn-9109.exeUnicorn-25445.exeUnicorn-45311.exeUnicorn-24619.exeUnicorn-24619.exeUnicorn-21089.exeUnicorn-20897.exeUnicorn-40763.exeUnicorn-20705.exeUnicorn-40571.exeUnicorn-6637.exeUnicorn-59211.exeUnicorn-54613.exeUnicorn-41614.exeUnicorn-8749.exeUnicorn-54229.exe

pid	process
1744	Unicorn-28914.exe
2720	Unicorn-37902.exe
2636	Unicorn-16967.exe
2148	Unicorn-20365.exe
2872	Unicorn-307.exe
2548	Unicorn-35440.exe
1916	Unicorn-57619.exe
2572	Unicorn-11947.exe
2888	Unicorn-60764.exe
2908	Unicorn-11563.exe
3020	Unicorn-56166.exe
2808	Unicorn-6509.exe
904	Unicorn-19316.exe
1768	Unicorn-23723.exe
2880	Unicorn-38798.exe
1400	Unicorn-51605.exe
1628	Unicorn-22270.exe
692	Unicorn-35076.exe
1160	Unicorn-54942.exe
2460	Unicorn-30189.exe
1792	Unicorn-17251.exe
1540	Unicorn-53453.exe
1364	Unicorn-20589.exe
1948	Unicorn-33395.exe
896	Unicorn-20397.exe
1268	Unicorn-16867.exe
2472	Unicorn-3868.exe
1924	Unicorn-3868.exe
1512	Unicorn-16675.exe
2264	Unicorn-36541.exe
2436	Unicorn-52877.exe
1816	Unicorn-49348.exe
2248	Unicorn-45420.exe
2352	Unicorn-41890.exe
2780	Unicorn-28700.exe
3012	Unicorn-44844.exe
2560	Unicorn-8450.exe
2500	Unicorn-44076.exe
2208	Unicorn-56883.exe
2820	Unicorn-63292.exe
2836	Unicorn-29359.exe
2828	Unicorn-25829.exe
2876	Unicorn-45695.exe
2912	Unicorn-13899.exe
1532	Unicorn-9301.exe
1876	Unicorn-29167.exe
1796	Unicorn-61839.exe
1184	Unicorn-30044.exe
876	Unicorn-9109.exe
2104	Unicorn-25445.exe
1732	Unicorn-45311.exe
1108	Unicorn-24619.exe
572	Unicorn-24619.exe
628	Unicorn-21089.exe
948	Unicorn-20897.exe
1956	Unicorn-40763.exe
2980	Unicorn-20705.exe
2116	Unicorn-40571.exe
872	Unicorn-6637.exe
1704	Unicorn-59211.exe
2712	Unicorn-54613.exe
2740	Unicorn-41614.exe
2624	Unicorn-8749.exe
2504	Unicorn-54229.exe

Loads dropped DLL 64 IoCs

Processes:

pid	process
2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
1744	Unicorn-28914.exe
1744	Unicorn-28914.exe
2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
2720	Unicorn-37902.exe
2720	Unicorn-37902.exe
1744	Unicorn-28914.exe
1744	Unicorn-28914.exe
2636	Unicorn-16967.exe
2636	Unicorn-16967.exe
2720	Unicorn-37902.exe
2148	Unicorn-20365.exe
2720	Unicorn-37902.exe
2148	Unicorn-20365.exe
2872	Unicorn-307.exe
2872	Unicorn-307.exe
2548	Unicorn-35440.exe
2548	Unicorn-35440.exe
2636	Unicorn-16967.exe
2636	Unicorn-16967.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
2572	Unicorn-11947.exe
2572	Unicorn-11947.exe
2148	Unicorn-20365.exe
2148	Unicorn-20365.exe
1916	Unicorn-57619.exe
1916	Unicorn-57619.exe
2908	Unicorn-11563.exe
2908	Unicorn-11563.exe
2548	Unicorn-35440.exe
2548	Unicorn-35440.exe
3020	Unicorn-56166.exe
3020	Unicorn-56166.exe
2872	Unicorn-307.exe
2888	Unicorn-60764.exe
2872	Unicorn-307.exe
2888	Unicorn-60764.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
2032	WerFault.exe
1864	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2808	Unicorn-6509.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2956	2108	WerFault.exe	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
1340	2720	WerFault.exe	Unicorn-37902.exe
1972	2636	WerFault.exe	Unicorn-16967.exe
1412	2148	WerFault.exe	Unicorn-20365.exe
1864	2872	WerFault.exe	Unicorn-307.exe
2032	2548	WerFault.exe	Unicorn-35440.exe
2792	2572	WerFault.exe	Unicorn-11947.exe
1220	1916	WerFault.exe	Unicorn-57619.exe
2788	2908	WerFault.exe	Unicorn-11563.exe
824	3020	WerFault.exe	Unicorn-56166.exe
1808	2888	WerFault.exe	Unicorn-60764.exe
536	2808	WerFault.exe	Unicorn-6509.exe
884	904	WerFault.exe	Unicorn-19316.exe
1084	1768	WerFault.exe	Unicorn-23723.exe
2448	2880	WerFault.exe	Unicorn-38798.exe
1556	692	WerFault.exe	Unicorn-35076.exe
1360	1628	WerFault.exe	Unicorn-22270.exe
912	1400	WerFault.exe	Unicorn-51605.exe
928	1160	WerFault.exe	Unicorn-54942.exe
1936	2460	WerFault.exe	Unicorn-30189.exe
1504	1792	WerFault.exe	Unicorn-17251.exe
1788	1540	WerFault.exe	Unicorn-53453.exe
2384	1364	WerFault.exe	Unicorn-20589.exe
2704	1948	WerFault.exe	Unicorn-33395.exe
2512	896	WerFault.exe	Unicorn-20397.exe
2776	2264	WerFault.exe	Unicorn-36541.exe
2532	2472	WerFault.exe	Unicorn-3868.exe
2724	1268	WerFault.exe	Unicorn-16867.exe
3036	2436	WerFault.exe	Unicorn-52877.exe
3056	1924	WerFault.exe	Unicorn-3868.exe
1744	1512	WerFault.exe	Unicorn-16675.exe
1196	1816	WerFault.exe	Unicorn-49348.exe
3264	2248	WerFault.exe	Unicorn-45420.exe
3272	2352	WerFault.exe	Unicorn-41890.exe
3316	2500	WerFault.exe	Unicorn-44076.exe
3340	2820	WerFault.exe	Unicorn-63292.exe
3364	2780	WerFault.exe	Unicorn-28700.exe
3388	3012	WerFault.exe	Unicorn-44844.exe
3404	2240	WerFault.exe	Unicorn-65485.exe
3460	2836	WerFault.exe	Unicorn-29359.exe
3488	2912	WerFault.exe	Unicorn-13899.exe
3504	1184	WerFault.exe	Unicorn-30044.exe
3560	1796	WerFault.exe	Unicorn-61839.exe
3584	876	WerFault.exe	Unicorn-9109.exe
3608	1532	WerFault.exe	Unicorn-9301.exe
3792	2208	WerFault.exe	Unicorn-56883.exe
4088	2560	WerFault.exe	Unicorn-8450.exe
3172	1960	WerFault.exe	Unicorn-35609.exe
3248	1876	WerFault.exe	Unicorn-29167.exe
3224	2744	WerFault.exe	Unicorn-35609.exe
3808	2828	WerFault.exe	Unicorn-25829.exe
3804	2104	WerFault.exe	Unicorn-25445.exe
4084	2876	WerFault.exe	Unicorn-45695.exe
3908	948	WerFault.exe	Unicorn-20897.exe
3900	872	WerFault.exe	Unicorn-6637.exe
4068	2624	WerFault.exe	Unicorn-8749.exe
3140	2164	WerFault.exe	Unicorn-53845.exe
3156	1072	WerFault.exe	Unicorn-41697.exe
3204	2868	WerFault.exe	Unicorn-25361.exe
3236	1152	WerFault.exe	Unicorn-54120.exe
3260	2804	WerFault.exe	Unicorn-10285.exe
3532	468	WerFault.exe	Unicorn-57841.exe
3548	2056	WerFault.exe	Unicorn-21447.exe
3688	2280	WerFault.exe	Unicorn-24977.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exeUnicorn-28914.exeUnicorn-37902.exeUnicorn-16967.exeUnicorn-20365.exeUnicorn-307.exeUnicorn-35440.exeUnicorn-11947.exeUnicorn-57619.exeUnicorn-60764.exeUnicorn-11563.exeUnicorn-56166.exeUnicorn-6509.exeUnicorn-19316.exeUnicorn-23723.exeUnicorn-38798.exeUnicorn-22270.exeUnicorn-51605.exeUnicorn-35076.exeUnicorn-54942.exeUnicorn-30189.exeUnicorn-17251.exeUnicorn-53453.exeUnicorn-20589.exeUnicorn-33395.exeUnicorn-20397.exeUnicorn-16867.exeUnicorn-3868.exeUnicorn-3868.exeUnicorn-16675.exeUnicorn-52877.exeUnicorn-36541.exeUnicorn-49348.exeUnicorn-45420.exeUnicorn-41890.exeUnicorn-28700.exeUnicorn-44844.exeUnicorn-8450.exeUnicorn-44076.exeUnicorn-56883.exeUnicorn-63292.exeUnicorn-45695.exeUnicorn-29359.exeUnicorn-25829.exeUnicorn-13899.exeUnicorn-9301.exeUnicorn-29167.exeUnicorn-61839.exeUnicorn-30044.exeUnicorn-9109.exeUnicorn-25445.exeUnicorn-45311.exeUnicorn-24619.exeUnicorn-24619.exeUnicorn-21089.exeUnicorn-20897.exeUnicorn-40763.exeUnicorn-40571.exeUnicorn-20705.exeUnicorn-6637.exeUnicorn-59211.exeUnicorn-54613.exeUnicorn-41614.exeUnicorn-8749.exe

pid	process
2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
1744	Unicorn-28914.exe
2720	Unicorn-37902.exe
2636	Unicorn-16967.exe
2148	Unicorn-20365.exe
2872	Unicorn-307.exe
2548	Unicorn-35440.exe
2572	Unicorn-11947.exe
1916	Unicorn-57619.exe
2888	Unicorn-60764.exe
2908	Unicorn-11563.exe
3020	Unicorn-56166.exe
2808	Unicorn-6509.exe
904	Unicorn-19316.exe
1768	Unicorn-23723.exe
2880	Unicorn-38798.exe
1628	Unicorn-22270.exe
1400	Unicorn-51605.exe
692	Unicorn-35076.exe
1160	Unicorn-54942.exe
2460	Unicorn-30189.exe
1792	Unicorn-17251.exe
1540	Unicorn-53453.exe
1364	Unicorn-20589.exe
1948	Unicorn-33395.exe
896	Unicorn-20397.exe
1268	Unicorn-16867.exe
1924	Unicorn-3868.exe
2472	Unicorn-3868.exe
1512	Unicorn-16675.exe
2436	Unicorn-52877.exe
2264	Unicorn-36541.exe
1816	Unicorn-49348.exe
2248	Unicorn-45420.exe
2352	Unicorn-41890.exe
2780	Unicorn-28700.exe
3012	Unicorn-44844.exe
2560	Unicorn-8450.exe
2500	Unicorn-44076.exe
2208	Unicorn-56883.exe
2820	Unicorn-63292.exe
2876	Unicorn-45695.exe
2836	Unicorn-29359.exe
2828	Unicorn-25829.exe
2912	Unicorn-13899.exe
1532	Unicorn-9301.exe
1876	Unicorn-29167.exe
1796	Unicorn-61839.exe
1184	Unicorn-30044.exe
876	Unicorn-9109.exe
2104	Unicorn-25445.exe
1732	Unicorn-45311.exe
572	Unicorn-24619.exe
1108	Unicorn-24619.exe
628	Unicorn-21089.exe
948	Unicorn-20897.exe
1956	Unicorn-40763.exe
2116	Unicorn-40571.exe
2980	Unicorn-20705.exe
872	Unicorn-6637.exe
1704	Unicorn-59211.exe
2712	Unicorn-54613.exe
2740	Unicorn-41614.exe
2624	Unicorn-8749.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exeUnicorn-28914.exeUnicorn-37902.exeUnicorn-16967.exeUnicorn-20365.exeUnicorn-307.exeUnicorn-35440.exeUnicorn-11947.exe

description	pid	process	target process
PID 2108 wrote to memory of 1744	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-28914.exe
PID 2108 wrote to memory of 1744	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-28914.exe
PID 2108 wrote to memory of 1744	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-28914.exe
PID 2108 wrote to memory of 1744	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-28914.exe
PID 1744 wrote to memory of 2720	1744	Unicorn-28914.exe	Unicorn-37902.exe
PID 1744 wrote to memory of 2720	1744	Unicorn-28914.exe	Unicorn-37902.exe
PID 1744 wrote to memory of 2720	1744	Unicorn-28914.exe	Unicorn-37902.exe
PID 1744 wrote to memory of 2720	1744	Unicorn-28914.exe	Unicorn-37902.exe
PID 2108 wrote to memory of 2636	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-16967.exe
PID 2108 wrote to memory of 2636	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-16967.exe
PID 2108 wrote to memory of 2636	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-16967.exe
PID 2108 wrote to memory of 2636	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	Unicorn-16967.exe
PID 2108 wrote to memory of 2956	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	WerFault.exe
PID 2108 wrote to memory of 2956	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	WerFault.exe
PID 2108 wrote to memory of 2956	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	WerFault.exe
PID 2108 wrote to memory of 2956	2108	b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe	WerFault.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-37902.exe	Unicorn-20365.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-37902.exe	Unicorn-20365.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-37902.exe	Unicorn-20365.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-37902.exe	Unicorn-20365.exe
PID 1744 wrote to memory of 2872	1744	Unicorn-28914.exe	Unicorn-307.exe
PID 1744 wrote to memory of 2872	1744	Unicorn-28914.exe	Unicorn-307.exe
PID 1744 wrote to memory of 2872	1744	Unicorn-28914.exe	Unicorn-307.exe
PID 1744 wrote to memory of 2872	1744	Unicorn-28914.exe	Unicorn-307.exe
PID 2636 wrote to memory of 2548	2636	Unicorn-16967.exe	Unicorn-35440.exe
PID 2636 wrote to memory of 2548	2636	Unicorn-16967.exe	Unicorn-35440.exe
PID 2636 wrote to memory of 2548	2636	Unicorn-16967.exe	Unicorn-35440.exe
PID 2636 wrote to memory of 2548	2636	Unicorn-16967.exe	Unicorn-35440.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-37902.exe	Unicorn-57619.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-37902.exe	Unicorn-57619.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-37902.exe	Unicorn-57619.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-37902.exe	Unicorn-57619.exe
PID 2148 wrote to memory of 2572	2148	Unicorn-20365.exe	Unicorn-11947.exe
PID 2148 wrote to memory of 2572	2148	Unicorn-20365.exe	Unicorn-11947.exe
PID 2148 wrote to memory of 2572	2148	Unicorn-20365.exe	Unicorn-11947.exe
PID 2148 wrote to memory of 2572	2148	Unicorn-20365.exe	Unicorn-11947.exe
PID 2872 wrote to memory of 2888	2872	Unicorn-307.exe	Unicorn-60764.exe
PID 2872 wrote to memory of 2888	2872	Unicorn-307.exe	Unicorn-60764.exe
PID 2872 wrote to memory of 2888	2872	Unicorn-307.exe	Unicorn-60764.exe
PID 2872 wrote to memory of 2888	2872	Unicorn-307.exe	Unicorn-60764.exe
PID 2548 wrote to memory of 2908	2548	Unicorn-35440.exe	Unicorn-11563.exe
PID 2548 wrote to memory of 2908	2548	Unicorn-35440.exe	Unicorn-11563.exe
PID 2548 wrote to memory of 2908	2548	Unicorn-35440.exe	Unicorn-11563.exe
PID 2548 wrote to memory of 2908	2548	Unicorn-35440.exe	Unicorn-11563.exe
PID 2636 wrote to memory of 3020	2636	Unicorn-16967.exe	Unicorn-56166.exe
PID 2636 wrote to memory of 3020	2636	Unicorn-16967.exe	Unicorn-56166.exe
PID 2636 wrote to memory of 3020	2636	Unicorn-16967.exe	Unicorn-56166.exe
PID 2636 wrote to memory of 3020	2636	Unicorn-16967.exe	Unicorn-56166.exe
PID 2720 wrote to memory of 1340	2720	Unicorn-37902.exe	WerFault.exe
PID 2720 wrote to memory of 1340	2720	Unicorn-37902.exe	WerFault.exe
PID 2720 wrote to memory of 1340	2720	Unicorn-37902.exe	WerFault.exe
PID 2720 wrote to memory of 1340	2720	Unicorn-37902.exe	WerFault.exe
PID 2636 wrote to memory of 1972	2636	Unicorn-16967.exe	WerFault.exe
PID 2636 wrote to memory of 1972	2636	Unicorn-16967.exe	WerFault.exe
PID 2636 wrote to memory of 1972	2636	Unicorn-16967.exe	WerFault.exe
PID 2636 wrote to memory of 1972	2636	Unicorn-16967.exe	WerFault.exe
PID 2572 wrote to memory of 2808	2572	Unicorn-11947.exe	Unicorn-6509.exe
PID 2572 wrote to memory of 2808	2572	Unicorn-11947.exe	Unicorn-6509.exe
PID 2572 wrote to memory of 2808	2572	Unicorn-11947.exe	Unicorn-6509.exe
PID 2572 wrote to memory of 2808	2572	Unicorn-11947.exe	Unicorn-6509.exe
PID 2148 wrote to memory of 904	2148	Unicorn-20365.exe	Unicorn-19316.exe
PID 2148 wrote to memory of 904	2148	Unicorn-20365.exe	Unicorn-19316.exe
PID 2148 wrote to memory of 904	2148	Unicorn-20365.exe	Unicorn-19316.exe
PID 2148 wrote to memory of 904	2148	Unicorn-20365.exe	Unicorn-19316.exe

C:\Users\Admin\AppData\Local\Temp\b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe
"C:\Users\Admin\AppData\Local\Temp\b7eb1b05cfee17c17c4eca5d1330426799fc44548d0a8e1717336866a38a130d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-30189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30189.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
10⤵
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
11⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
10⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-8584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8584.exe
11⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
12⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
13⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
14⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
14⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 236
13⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 236
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
11⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
9⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
11⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
12⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
13⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
14⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
14⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 236
13⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
12⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
11⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
10⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
9⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
9⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
12⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
13⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
14⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
14⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
13⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
12⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
11⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
10⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
11⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
12⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
13⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
12⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
9⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
8⤵
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
9⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
11⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
12⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
13⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
14⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
14⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
13⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
12⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
11⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
11⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
12⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
13⤵
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
12⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
9⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-5930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5930.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
11⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
12⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
13⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 220
12⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
9⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
8⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
7⤵
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
9⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
11⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
12⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
13⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
14⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
14⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
13⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
12⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
13⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 220
13⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
11⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
10⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
8⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
11⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
12⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
13⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
11⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 216
9⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
8⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
11⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
12⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
11⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
9⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
8⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
7⤵
- Program crash
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
6⤵
- Program crash
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
9⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
11⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
12⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
13⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 236
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
12⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
11⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
12⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
13⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
13⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
11⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
12⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
13⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
12⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
9⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
8⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
8⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-44769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44769.exe
11⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
13⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
10⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
12⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
8⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
7⤵
- Program crash
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 236
12⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
10⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
8⤵
- Program crash
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
10⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
11⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
12⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
12⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
10⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
8⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
6⤵
- Program crash
PID:884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-59211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59211.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
9⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
10⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
11⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
12⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
13⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
14⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
14⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
13⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
12⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
11⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
10⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
11⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
12⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
13⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 236
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
12⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 220
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
8⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
11⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
12⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
13⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
12⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 220
11⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
9⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
8⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
11⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
12⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
13⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
13⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
12⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
11⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
10⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
11⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 220
12⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 220
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
10⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 220
8⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
7⤵
- Program crash
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
8⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
11⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
12⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
13⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
9⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
11⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
12⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 220
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
11⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
10⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
7⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
10⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
12⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 236
11⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
9⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
7⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
6⤵
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
8⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
11⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
12⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
13⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 216
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 220
12⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
9⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
8⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 220
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
9⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
7⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
6⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
7⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
10⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 236
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
7⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
6⤵
- Program crash
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
5⤵
- Program crash
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
9⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
10⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
11⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
12⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
13⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
14⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
14⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 220
13⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
11⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
10⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
11⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
12⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
13⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 220
13⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
12⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
10⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
11⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
12⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
13⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
13⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 236
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
9⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
8⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
7⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
8⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
11⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
8⤵
- Program crash
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
7⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
7⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
8⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
10⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
11⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
12⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
11⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 236
10⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
7⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
6⤵
- Program crash
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
7⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
11⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 236
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
11⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 236
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 216
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
6⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
10⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
11⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
12⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 236
11⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
10⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
8⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
7⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
6⤵
- Program crash
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
5⤵
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
7⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe
8⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
9⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
11⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
12⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 236
10⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
8⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
7⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
10⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
11⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 220
11⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
7⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
6⤵
- Program crash
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
6⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
7⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
8⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
11⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
11⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
9⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
8⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
7⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
6⤵
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
6⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 220
5⤵
- Program crash
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-16967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16967.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
12⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
13⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 236
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
12⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
11⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
11⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
12⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
13⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
13⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
12⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
11⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
10⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
11⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
12⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
13⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
12⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
9⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
7⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
10⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
11⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
12⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 220
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
7⤵
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
8⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
12⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
13⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 236
13⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
10⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
7⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
9⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
10⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
11⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
12⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 220
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
10⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
8⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
7⤵
- Program crash
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
6⤵
- Program crash
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
7⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
11⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
12⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
8⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
7⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
10⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
11⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 236
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
10⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
9⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
8⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 220
7⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
6⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
10⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
11⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
12⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
11⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
8⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
8⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
9⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exe
10⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
11⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
10⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
9⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
7⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
6⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
5⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
7⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
10⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
11⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 236
12⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
11⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
10⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
8⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
7⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
8⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
8⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
9⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
10⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
10⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
9⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
8⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
7⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
6⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
7⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
9⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
10⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 236
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
10⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
9⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 216
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
7⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 220
6⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
5⤵
- Program crash
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
10⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
11⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
12⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 236
12⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
7⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
8⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
7⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
6⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
7⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
9⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
10⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
11⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 220
10⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
9⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
8⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 216
7⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
6⤵
- Program crash
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
6⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
7⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
12⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 220
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
8⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 236
7⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
6⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
7⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-43497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43497.exe
8⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
9⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
10⤵
PID:9704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 236
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
10⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
9⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
8⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
9⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
10⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 236
10⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
9⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 240
8⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
7⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
6⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
5⤵
- Executes dropped EXE
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
6⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
8⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
9⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
10⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
11⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
11⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
10⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
9⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
8⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
7⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
6⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
7⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
8⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
9⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
10⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
9⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
8⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
7⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
5⤵
- Program crash
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
4⤵
- Program crash
PID:824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
2⤵
- Program crash
PID:2956

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
Filesize
184KB

MD5
cf322740e0f7bc3254aea41b09981908

SHA1
46923a976608e615cae86ff52211c94f8913a622

SHA256
f2c8f677053827671228a7faeaf7ddef6da05192c10e5e2d436697388262f47c

SHA512
0c9510228128e996e63cd54b1aaf78d05a3270368f277b3a8f901a61f66cede7b7fbd2419ca29794eddaf1ef1aa6b90be757ebadf13259f13226f0c30e0c7c30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
Filesize
184KB

MD5
9bb8f259fa89562588cade594f69bccf

SHA1
a925a9adb345c196c7c651b0ef4308c32a78849f

SHA256
b8f5b238b09a3cebf7e65c4a4ed07f3a97d1de50f59475256f41b737c0faa70d

SHA512
ae73b7f040ce2b941ec48ba82c67cdbf24f5d9495173497e8b49499aa4883a186491e24aa3d3c94c6b5b7170f3333f30dfe4516cd65d5a7d6a93d65caac450bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
Filesize
184KB

MD5
9dce621da16aef942dde1b85010ff783

SHA1
ca3bed03577a3e94191e24ed7fadab278328f0a1

SHA256
e8c6dffb08923cf373aa457b149d1c8a8f7ebde6c361af7200d3a2f8c25dad81

SHA512
82e9d3f48f944cae1285390948c5febc38c2b04531fb2c03ff7157c44e31d8339223e31132e346382c99601ca1fd20530e6dd5f15d9212347bf33b5df4aea470

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
Filesize
184KB

MD5
bea6ba4592c28eef38fadb6d15f11b1a

SHA1
585cecb31bed4dc39772bc9e3cc7419744974531

SHA256
681876bf7ec1f30d2435cf444191261cb7da202cc29e152a62e8362eb8e08666

SHA512
25aea5c78c664d0ed0067331cd50a3ae86083dad479178256f5e9643e58051954ef100b3196cbe71aac8789fa731b58f52ec3657675d2e171b458dfc327645e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
Filesize
184KB

MD5
1e84d4bc93c3f07ac299c0feae23a412

SHA1
15395423626900d998ee753ebbcaaab5a97df8e7

SHA256
68a43bcbf5620822649779bdb03b1f6b42e9c08779ff73522ef23a3960275365

SHA512
72dfea51ccd09a8125a101a3d0b42eec314f5dfdd7cd542b08db925cc9330db2a03542365683764721cc074dcc42b9d891d5ae027a97233dac5ad31a867a0c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
Filesize
184KB

MD5
5ec13d934165b93fe78addfb3d8f7193

SHA1
9a67b8b2ef533e2b58366b3dc069b2ac1e2a46f0

SHA256
5ffc43a7eff23084bda5ce941d62bfa2eaae13d01ef035d2415e0c0cb045fe7a

SHA512
08668be25c5c63fc4641d439123c734b0e733f6562ee6c859e98ca55644140046f391480f6c70e66d13a44e0b6ae1af862443cd7014f077a604b23d7f0f5fdf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
Filesize
184KB

MD5
a3b3c428cb208b44540cf989d3097e80

SHA1
f65c35c0316018c92d665d98267f3b90f4888672

SHA256
8ffff8889a7a8b60566ddf711cdf382b446e5e2cea09e53c5bbcd5b78705cd92

SHA512
9db2c6cf123a8a8746d57ff8e095312991552028f13f6007981f5dc42bdf4b1133242077eb8c8069de6049c5a323895955853432db3e224df6ac12568041af98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
Filesize
184KB

MD5
e457973e1c1f01445083bbbac3a68dd2

SHA1
03bd956f94cd7dfb32812d94461c38af2a5fdbba

SHA256
5be7f54cdf01c437938cd99c61887ea4d7a7b976398bf13791aa8bca305e49e5

SHA512
584c2d174502222f7a6e0299b90392ae90765591e8af9852a3956083464f655c5a064f5816feb37b2e8e5139fbd2bfe69c97d6db5d6af4140b7bf3c51af09829

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
Filesize
184KB

MD5
1106ca2cb6545beedaec36f64d7795f5

SHA1
9f5614e7942cb72498f424121952fdf385e50ab5

SHA256
f76c1bd1efca7ad63cf21ffb3d2655eed14d0476e423fc9c12756c8a4dcb979c

SHA512
53028237c7f23415b24533c08514603c954459f2e557b5b6379fbc18e516c2728b9a92ee40014d021edab5a65ca2f4632bd3ab7bd545b50fa5629493b3bd439a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
Filesize
184KB

MD5
babd3f655c568ff72233e2b837d1fb56

SHA1
ff64c47921b74fcaa434ad1c6635824179826809

SHA256
f9f72bd5302ecf7fd640283f39cb3c35ae7f78c4a2da6f8a427c655ecd1dfae4

SHA512
b9aab9fb234797c9a16dba009d904aa038e471d70b8129a2e890635be231248b6a86cbc386e6571f53017cea9b691866685df78373afe957f7715bd7b5e43784

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
Filesize
184KB

MD5
2bfe85ed0ba284c3700d6eda3ffb5b41

SHA1
2e0faf4feb6165719d773c94325309d758bec0c8

SHA256
1c39a89d09be1d21333eb1c0694666bf4958cb086af92538da66861b5003752e

SHA512
27a829c616132f743949336bab06b2403b7c73cbc6306c2465caedb884ed33e3b8015ff54857db680a4cbfe437d3709cfda4f0584df95add43e6966ca53af3d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
Filesize
184KB

MD5
008202ebe96bacf247ddfc34b0415364

SHA1
d1b3b6c6cba460d9047c73229c81715040a01c7f

SHA256
f0bfe89f41b8e4cffaad2d698d9e9c8083afec4f2ef1e5bdf493ac1281be73c7

SHA512
02c20ff6fb0cdd9e0901106754b5a4875e13b490111659e71d2f6069f9a73eda852f0cf79b514d53ce8c764bbda152dee63ab10270def50d56c2fe21d5b02a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
Filesize
184KB

MD5
885366ff9970b8891028cc20a8d84512

SHA1
0c707e3dc097358a27535ccd0139ee30fe532aa0

SHA256
3144c5ebd7407b2165dab2069c5cb3a6bc8542b31a8c8cd5a15fbd36b660f39e

SHA512
76d8ffe4ef2fa6e56f16fd84f72daf55058cefd459a18a84780e1713e1b3368d1b41587d08e54b412b7cc52196af7a24644165f318b109377e34014075ef2ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
Filesize
184KB

MD5
34c8fda0bc8f733edbe60bf50430d75c

SHA1
76b0e4f31551c25b74791a82dbf3fae59ed4b4d7

SHA256
f461cf1a3a1e224f1b3b3d3dd9c93d3c9a637e41a6df401d7288ef5624da2ab7

SHA512
ae7c845fd12fdc440a982213e262ffb6d1d02ef4635120dca81139a11221e6998c97dbdfa32997145cf2b8682bab3483ea3b7eebd29ab9b2e9c000d222746a86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
Filesize
184KB

MD5
11969c339246d78c464475e5b3d4b9f2

SHA1
685aacb100d27097b90dfedc73e0cb42e5dd4f30

SHA256
fb1e905d0b26065099ea58a3ab7fa0440b3dd5f074057351c496a2a97e70192e

SHA512
d34d9c9663702bd93c0169d92d9edf1494a13de442dcf1b41c44be248b6cb271808944393f14db6b93fa02a9b5360de952905e84cd2b3fbbfc15334281c0df8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16967.exe
Filesize
184KB

MD5
ef6d7a02504594733e6ccb90a5f28c8e

SHA1
15b621672bc85939447108740a6368c3bbe55b03

SHA256
811eddebd801758fc45c3db6012ceeee1608efc9fc34bfd4b747da27afbdefcb

SHA512
07bef5562dcb802c0d283c3e07acc136dbb164a7fc531084479a246b52fe8bf90f03915e60cfb23ea546d7f18c30376309611047afcd45f4f079fc80f03225f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
Filesize
184KB

MD5
8be9f27400ce899d806edaa4aeea7f5c

SHA1
222258d6280365b7dbbd4cb16c8be3631bbb89a0

SHA256
1cd1fe517d6656d9f23f1334edaa4c232b87ad1884d05dab5e42dd7e621a985e

SHA512
2761511e75ba43854f7e14b3b92fbf8ecd81182e751f4de3e1d5a889d424a820bfad8be1ac9b7de6c3d6117a97a11bf6c62f3ae6e65d943191c26e082277f1a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
Filesize
184KB

MD5
12601567b7858bd658fc55452f67b617

SHA1
75f1b5e501eb48773cac52365685ef628747011a

SHA256
bafc323b50c49e5c84d738943ea37ee1b65ee17b88ce1ea07f4cdfa515f19e5b

SHA512
7cb3ad867f16e20b694c7a2baab88955d3e05f95c76fa28f4232fe4801adf22261e4299226c88dd30df2230295266ea5b8886e994853b5457a3ac1b88d26c4b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
Filesize
184KB

MD5
ba3f70770585a63b00986e5106eba71d

SHA1
07e6c01742066044939aab8fee6a0af5c877a897

SHA256
c0b396551be305440dd5809088dfef2b395d33fde487faeec3ec91d76a426449

SHA512
7eac11c3131e357e06908223906abedd912018022f571921459193b64736fe9478ecb8ce9deccde177e38f619f5e7f01addb8219c54106ded2b2d1396b2856b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
Filesize
184KB

MD5
dc75676c47bf76ef9befb62f5d64702b

SHA1
a71fa5ab9453b7cb691a4f8353061981500b69ab

SHA256
42aa61546d32adfae1804f56600617e489c8ecfa57fda15a176203d873011429

SHA512
08c4ae09fc6e86a40fa8c2d308cc89db10e63705cd2cf77c672db0092b92041db96aa886870f639174e15e59abb39f041f16d94a4ad15c88e83bbe385e6e4269

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
Filesize
184KB

MD5
e3a66c2b2e33d4e3cbd58e91bef0dd10

SHA1
a044b30e638d95f5d10c2e0dedfc7f48b7225cd4

SHA256
e53b02717ab77e97128144e49aadfef12a15336ebf215ce6e8ac01df6b45f3dc

SHA512
640e30ee215a9f8a45e6d5fd24c884808ee88b932c0a2f42eac1dffae07a7a64829c4b86a638a2689b8562b31ba9864288501bc91273307a3e837ab24d0089db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
Filesize
184KB

MD5
5f5e15d35a54fb30424c417d4aed00ec

SHA1
41db203b6fbbfa3cfe34ab8afbe2627879db2317

SHA256
77a84b2c4f0e8e0de138c78b93ce341040f6bdc2a2c5432a76e6d46e1e75d701

SHA512
62645f9c0bd22d66a3640148402c09b5801763f93772691010464dd6e208627f8e501186e15eec48dc2630dd4e3e2f36034aa68623a4439360dd73bf82f536de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
Filesize
184KB

MD5
c8c106922212de571271b30e4a5a8d02

SHA1
8cf007ede30cd8f59a6c80d3c79424349fd8771d

SHA256
af9e4c9c9486593f0cdb59ac521af35fbf7979b1688b1236dcb64fc2d74446be

SHA512
d225dfcc424b510c2721b584511db038f7e51e1f7dfe4e1897e328c6aa9d6dbcc648119cc3123e48f98992c64d8bef74cd15e05610220b1ada59eecda36e22e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
Filesize
184KB

MD5
e45e9282a2afb70867314f07cbf925d0

SHA1
09cb22e5360d86747f878cc4465911374a336876

SHA256
555a524fc12ff2e631c3b3a6c29df4ed32640108931e2516ee28db095bb6dda3

SHA512
4fc50b0e51dfc918a69dcc59a66e40566da7dcaa83a97edaef2ddabbe640ecabb5149391f3077160ff5a3e54896f37d480390278e73a2d6127cd56f79632d198

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
Filesize
184KB

MD5
cd3d788ce0635945bbf5a248e392e279

SHA1
9481326d18130251be9e3f052b26b8629aaff99a

SHA256
8e85a029b55bf67d740e8ef3b64fc6ae2eedadbb9ac51a7e2741762df88ac33c

SHA512
53c78cf5beab2e32b82c956639b406ae5f74e5731d1bdbe86589caa3e500b23eaa055dc4377a2f06932f0fb83bb0085138268a1031ab23ada074ccb39a199e3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
Filesize
184KB

MD5
7d52498c6d4dd092f2924f1fa03eed35

SHA1
059dca2afe778efad24d3560f5d316142cb8f1fb

SHA256
d0e60e61c0b28e01cc5a93ca1fdd766960b7fe94e1ee042b038f16124e9905ed

SHA512
f37e3bdc43d33a63e85fb4a4ead1fdf7740f292d2cc225d25abf529ad514803fd9e71302ab94f12d6c205fb0790c418a7d17af07b253c3b23e083f2cc278c10b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads