baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
Size

184KB
MD5

db10e32454100a7eff6f2dac2cc52976
SHA1

a6988130f8ff1afd7cb99e6ae2cfcf4976ee1dcc
SHA256

baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166
SHA512

30b53d39281b846e32aeb8bc70e1854fe0ca88a44f799976853e24db688a0a62aa73d8f8f7d7ecf54a12c7979358a99cb15db5a3eecbdbe69e84e8f0994c4a83
SSDEEP

3072:zS/aR0oT9JNNjG4WeEvvL+K/KhlnViFB:zS3o11G4ynL9/KhlnViF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-59442.exeUnicorn-48944.exeUnicorn-45415.exeUnicorn-37476.exeUnicorn-3542.exeUnicorn-13.exeUnicorn-20376.exeUnicorn-40242.exeUnicorn-56386.exeUnicorn-52857.exeUnicorn-7185.exeUnicorn-10792.exeUnicorn-43465.exeUnicorn-46023.exeUnicorn-30009.exeUnicorn-13158.exeUnicorn-13480.exeUnicorn-4246.exeUnicorn-1594.exeUnicorn-16669.exeUnicorn-36535.exeUnicorn-20007.exeUnicorn-36343.exeUnicorn-36343.exeUnicorn-49150.exeUnicorn-3478.exeUnicorn-5066.exeUnicorn-1537.exeUnicorn-57090.exeUnicorn-53691.exeUnicorn-4298.exeUnicorn-52793.exeUnicorn-42866.exeUnicorn-39336.exeUnicorn-42674.exeUnicorn-42674.exeUnicorn-59010.exeUnicorn-6280.exeUnicorn-26146.exeUnicorn-22616.exeUnicorn-44553.exeUnicorn-12757.exeUnicorn-57360.exeUnicorn-28025.exeUnicorn-40831.exeUnicorn-12373.exeUnicorn-56976.exeUnicorn-63385.exeUnicorn-10655.exeUnicorn-479.exeUnicorn-45897.exeUnicorn-45383.exeUnicorn-29369.exeUnicorn-45513.exeUnicorn-45513.exeUnicorn-51600.exeUnicorn-64407.exeUnicorn-35072.exeUnicorn-15206.exeUnicorn-44864.exeUnicorn-64729.exeUnicorn-18544.exeUnicorn-15014.exeUnicorn-32519.exe

pid	process
1448	Unicorn-59442.exe
3024	Unicorn-48944.exe
2632	Unicorn-45415.exe
2792	Unicorn-37476.exe
2544	Unicorn-3542.exe
2688	Unicorn-13.exe
1036	Unicorn-20376.exe
1552	Unicorn-40242.exe
2764	Unicorn-56386.exe
2448	Unicorn-52857.exe
272	Unicorn-7185.exe
2920	Unicorn-10792.exe
1332	Unicorn-43465.exe
2620	Unicorn-46023.exe
2936	Unicorn-30009.exe
1104	Unicorn-13158.exe
2888	Unicorn-13480.exe
1600	Unicorn-4246.exe
2192	Unicorn-1594.exe
856	Unicorn-16669.exe
1068	Unicorn-36535.exe
1368	Unicorn-20007.exe
1856	Unicorn-36343.exe
1796	Unicorn-36343.exe
968	Unicorn-49150.exe
1300	Unicorn-3478.exe
3004	Unicorn-5066.exe
2132	Unicorn-1537.exe
1704	Unicorn-57090.exe
1932	Unicorn-53691.exe
1572	Unicorn-4298.exe
2672	Unicorn-52793.exe
2736	Unicorn-42866.exe
2772	Unicorn-39336.exe
2768	Unicorn-42674.exe
2684	Unicorn-42674.exe
2712	Unicorn-59010.exe
2552	Unicorn-6280.exe
2516	Unicorn-26146.exe
2968	Unicorn-22616.exe
1768	Unicorn-44553.exe
3000	Unicorn-12757.exe
684	Unicorn-57360.exe
1764	Unicorn-28025.exe
1772	Unicorn-40831.exe
2348	Unicorn-12373.exe
2476	Unicorn-56976.exe
2284	Unicorn-63385.exe
1820	Unicorn-10655.exe
696	Unicorn-479.exe
1964	Unicorn-45897.exe
1116	Unicorn-45383.exe
1064	Unicorn-29369.exe
1160	Unicorn-45513.exe
2168	Unicorn-45513.exe
2084	Unicorn-51600.exe
1752	Unicorn-64407.exe
1588	Unicorn-35072.exe
2852	Unicorn-15206.exe
2444	Unicorn-44864.exe
1208	Unicorn-64729.exe
2336	Unicorn-18544.exe
2860	Unicorn-15014.exe
2484	Unicorn-32519.exe

Loads dropped DLL 64 IoCs

Processes:

baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exeUnicorn-59442.exeUnicorn-45415.exeUnicorn-48944.exeWerFault.exeUnicorn-37476.exeUnicorn-3542.exeUnicorn-13.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-20376.exeUnicorn-40242.exeUnicorn-56386.exeUnicorn-52857.exeWerFault.exeWerFault.exe

pid	process
1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
1448	Unicorn-59442.exe
1448	Unicorn-59442.exe
1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
2632	Unicorn-45415.exe
2632	Unicorn-45415.exe
3024	Unicorn-48944.exe
3024	Unicorn-48944.exe
1448	Unicorn-59442.exe
1448	Unicorn-59442.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2632	Unicorn-45415.exe
2632	Unicorn-45415.exe
2792	Unicorn-37476.exe
2792	Unicorn-37476.exe
2544	Unicorn-3542.exe
2544	Unicorn-3542.exe
3024	Unicorn-48944.exe
3024	Unicorn-48944.exe
2688	Unicorn-13.exe
2688	Unicorn-13.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
1036	Unicorn-20376.exe
1036	Unicorn-20376.exe
1552	Unicorn-40242.exe
1552	Unicorn-40242.exe
2792	Unicorn-37476.exe
2792	Unicorn-37476.exe
2764	Unicorn-56386.exe
2764	Unicorn-56386.exe
2544	Unicorn-3542.exe
2544	Unicorn-3542.exe
2448	Unicorn-52857.exe
2448	Unicorn-52857.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2876	1700	WerFault.exe	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
2944	1448	WerFault.exe	Unicorn-59442.exe
1944	272	WerFault.exe	Unicorn-7185.exe
1256	2632	WerFault.exe	Unicorn-45415.exe
536	3024	WerFault.exe	Unicorn-48944.exe
1864	2792	WerFault.exe	Unicorn-37476.exe
2612	2544	WerFault.exe	Unicorn-3542.exe
2856	1036	WerFault.exe	Unicorn-20376.exe
2116	1552	WerFault.exe	Unicorn-40242.exe
2112	2764	WerFault.exe	Unicorn-56386.exe
2904	2448	WerFault.exe	Unicorn-52857.exe
2204	2688	WerFault.exe	Unicorn-13.exe
2708	2920	WerFault.exe	Unicorn-10792.exe
2224	1332	WerFault.exe	Unicorn-43465.exe
1028	2936	WerFault.exe	Unicorn-30009.exe
268	1104	WerFault.exe	Unicorn-13158.exe
780	2888	WerFault.exe	Unicorn-13480.exe
600	2620	WerFault.exe	Unicorn-46023.exe
2752	1208	WerFault.exe	Unicorn-64729.exe
2352	1600	WerFault.exe	Unicorn-4246.exe
1628	2192	WerFault.exe	Unicorn-1594.exe
1508	856	WerFault.exe	Unicorn-16669.exe
2808	1368	WerFault.exe	Unicorn-20007.exe
704	1068	WerFault.exe	Unicorn-36535.exe
2256	968	WerFault.exe	Unicorn-49150.exe
332	1796	WerFault.exe	Unicorn-36343.exe
1512	1856	WerFault.exe	Unicorn-36343.exe
1340	1300	WerFault.exe	Unicorn-3478.exe
2100	2132	WerFault.exe	Unicorn-1537.exe
1148	3004	WerFault.exe	Unicorn-5066.exe
2460	1704	WerFault.exe	Unicorn-57090.exe
944	1932	WerFault.exe	Unicorn-53691.exe
2272	1572	WerFault.exe	Unicorn-4298.exe
2628	2672	WerFault.exe	Unicorn-52793.exe
1004	2736	WerFault.exe	Unicorn-42866.exe
2548	2772	WerFault.exe	Unicorn-39336.exe
1608	2768	WerFault.exe	Unicorn-42674.exe
2028	2516	WerFault.exe	Unicorn-26146.exe
2200	2684	WerFault.exe	Unicorn-42674.exe
1016	2552	WerFault.exe	Unicorn-6280.exe
3196	2712	WerFault.exe	Unicorn-59010.exe
3272	1768	WerFault.exe	Unicorn-44553.exe
3304	3000	WerFault.exe	Unicorn-12757.exe
3528	1772	WerFault.exe	Unicorn-40831.exe
3520	1820	WerFault.exe	Unicorn-10655.exe
3572	1764	WerFault.exe	Unicorn-28025.exe
3624	2476	WerFault.exe	Unicorn-56976.exe
3600	2284	WerFault.exe	Unicorn-63385.exe
4024	1752	WerFault.exe	Unicorn-64407.exe
3236	2968	WerFault.exe	Unicorn-22616.exe
3428	1116	WerFault.exe	Unicorn-45383.exe
3116	2168	WerFault.exe	Unicorn-45513.exe
3192	2348	WerFault.exe	Unicorn-12373.exe
3340	684	WerFault.exe	Unicorn-57360.exe
3728	2852	WerFault.exe	Unicorn-15206.exe
3772	2084	WerFault.exe	Unicorn-51600.exe
4008	1564	WerFault.exe	Unicorn-59950.exe
3964	2704	WerFault.exe	Unicorn-61486.exe
3944	1488	WerFault.exe	Unicorn-42654.exe
3364	2860	WerFault.exe	Unicorn-15014.exe
3424	2492	WerFault.exe	Unicorn-24407.exe
4140	2368	WerFault.exe	Unicorn-26318.exe
4148	916	WerFault.exe	Unicorn-25476.exe
4196	2396	WerFault.exe	Unicorn-39892.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exeUnicorn-59442.exeUnicorn-45415.exeUnicorn-48944.exeUnicorn-37476.exeUnicorn-3542.exeUnicorn-13.exeUnicorn-20376.exeUnicorn-40242.exeUnicorn-52857.exeUnicorn-56386.exeUnicorn-10792.exeUnicorn-43465.exeUnicorn-46023.exeUnicorn-13158.exeUnicorn-30009.exeUnicorn-13480.exeUnicorn-4246.exeUnicorn-1594.exeUnicorn-16669.exeUnicorn-36535.exeUnicorn-20007.exeUnicorn-36343.exeUnicorn-36343.exeUnicorn-49150.exeUnicorn-3478.exeUnicorn-5066.exeUnicorn-1537.exeUnicorn-57090.exeUnicorn-53691.exeUnicorn-4298.exeUnicorn-52793.exeUnicorn-39336.exeUnicorn-42866.exeUnicorn-42674.exeUnicorn-42674.exeUnicorn-59010.exeUnicorn-6280.exeUnicorn-26146.exeUnicorn-22616.exeUnicorn-12757.exeUnicorn-44553.exeUnicorn-57360.exeUnicorn-28025.exeUnicorn-40831.exeUnicorn-12373.exeUnicorn-56976.exeUnicorn-63385.exeUnicorn-10655.exeUnicorn-479.exeUnicorn-45897.exeUnicorn-45383.exeUnicorn-29369.exeUnicorn-45513.exeUnicorn-45513.exeUnicorn-51600.exeUnicorn-64407.exeUnicorn-35072.exeUnicorn-15206.exeUnicorn-44864.exeUnicorn-64729.exeUnicorn-18544.exeUnicorn-15014.exeUnicorn-32519.exe

pid	process
1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
1448	Unicorn-59442.exe
2632	Unicorn-45415.exe
3024	Unicorn-48944.exe
2792	Unicorn-37476.exe
2544	Unicorn-3542.exe
2688	Unicorn-13.exe
1036	Unicorn-20376.exe
1552	Unicorn-40242.exe
2448	Unicorn-52857.exe
2764	Unicorn-56386.exe
2920	Unicorn-10792.exe
1332	Unicorn-43465.exe
2620	Unicorn-46023.exe
1104	Unicorn-13158.exe
2936	Unicorn-30009.exe
2888	Unicorn-13480.exe
1600	Unicorn-4246.exe
2192	Unicorn-1594.exe
856	Unicorn-16669.exe
1068	Unicorn-36535.exe
1368	Unicorn-20007.exe
1856	Unicorn-36343.exe
1796	Unicorn-36343.exe
968	Unicorn-49150.exe
1300	Unicorn-3478.exe
3004	Unicorn-5066.exe
2132	Unicorn-1537.exe
1704	Unicorn-57090.exe
1932	Unicorn-53691.exe
1572	Unicorn-4298.exe
2672	Unicorn-52793.exe
2772	Unicorn-39336.exe
2736	Unicorn-42866.exe
2684	Unicorn-42674.exe
2768	Unicorn-42674.exe
2712	Unicorn-59010.exe
2552	Unicorn-6280.exe
2516	Unicorn-26146.exe
2968	Unicorn-22616.exe
3000	Unicorn-12757.exe
1768	Unicorn-44553.exe
684	Unicorn-57360.exe
1764	Unicorn-28025.exe
1772	Unicorn-40831.exe
2348	Unicorn-12373.exe
2476	Unicorn-56976.exe
2284	Unicorn-63385.exe
1820	Unicorn-10655.exe
696	Unicorn-479.exe
1964	Unicorn-45897.exe
1116	Unicorn-45383.exe
1064	Unicorn-29369.exe
2168	Unicorn-45513.exe
1160	Unicorn-45513.exe
2084	Unicorn-51600.exe
1752	Unicorn-64407.exe
1588	Unicorn-35072.exe
2852	Unicorn-15206.exe
2444	Unicorn-44864.exe
1208	Unicorn-64729.exe
2336	Unicorn-18544.exe
2860	Unicorn-15014.exe
2484	Unicorn-32519.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exeUnicorn-59442.exeUnicorn-45415.exeUnicorn-48944.exeUnicorn-37476.exeUnicorn-3542.exeUnicorn-13.exeUnicorn-7185.exe

description	pid	process	target process
PID 1700 wrote to memory of 1448	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-59442.exe
PID 1700 wrote to memory of 1448	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-59442.exe
PID 1700 wrote to memory of 1448	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-59442.exe
PID 1700 wrote to memory of 1448	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-59442.exe
PID 1448 wrote to memory of 3024	1448	Unicorn-59442.exe	Unicorn-48944.exe
PID 1448 wrote to memory of 3024	1448	Unicorn-59442.exe	Unicorn-48944.exe
PID 1448 wrote to memory of 3024	1448	Unicorn-59442.exe	Unicorn-48944.exe
PID 1448 wrote to memory of 3024	1448	Unicorn-59442.exe	Unicorn-48944.exe
PID 1700 wrote to memory of 2632	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-45415.exe
PID 1700 wrote to memory of 2632	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-45415.exe
PID 1700 wrote to memory of 2632	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-45415.exe
PID 1700 wrote to memory of 2632	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	Unicorn-45415.exe
PID 1700 wrote to memory of 2876	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	WerFault.exe
PID 1700 wrote to memory of 2876	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	WerFault.exe
PID 1700 wrote to memory of 2876	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	WerFault.exe
PID 1700 wrote to memory of 2876	1700	baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe	WerFault.exe
PID 2632 wrote to memory of 2792	2632	Unicorn-45415.exe	Unicorn-37476.exe
PID 2632 wrote to memory of 2792	2632	Unicorn-45415.exe	Unicorn-37476.exe
PID 2632 wrote to memory of 2792	2632	Unicorn-45415.exe	Unicorn-37476.exe
PID 2632 wrote to memory of 2792	2632	Unicorn-45415.exe	Unicorn-37476.exe
PID 3024 wrote to memory of 2544	3024	Unicorn-48944.exe	Unicorn-3542.exe
PID 3024 wrote to memory of 2544	3024	Unicorn-48944.exe	Unicorn-3542.exe
PID 3024 wrote to memory of 2544	3024	Unicorn-48944.exe	Unicorn-3542.exe
PID 3024 wrote to memory of 2544	3024	Unicorn-48944.exe	Unicorn-3542.exe
PID 1448 wrote to memory of 2688	1448	Unicorn-59442.exe	Unicorn-13.exe
PID 1448 wrote to memory of 2688	1448	Unicorn-59442.exe	Unicorn-13.exe
PID 1448 wrote to memory of 2688	1448	Unicorn-59442.exe	Unicorn-13.exe
PID 1448 wrote to memory of 2688	1448	Unicorn-59442.exe	Unicorn-13.exe
PID 1448 wrote to memory of 2944	1448	Unicorn-59442.exe	WerFault.exe
PID 1448 wrote to memory of 2944	1448	Unicorn-59442.exe	WerFault.exe
PID 1448 wrote to memory of 2944	1448	Unicorn-59442.exe	WerFault.exe
PID 1448 wrote to memory of 2944	1448	Unicorn-59442.exe	WerFault.exe
PID 2632 wrote to memory of 1036	2632	Unicorn-45415.exe	Unicorn-20376.exe
PID 2632 wrote to memory of 1036	2632	Unicorn-45415.exe	Unicorn-20376.exe
PID 2632 wrote to memory of 1036	2632	Unicorn-45415.exe	Unicorn-20376.exe
PID 2632 wrote to memory of 1036	2632	Unicorn-45415.exe	Unicorn-20376.exe
PID 2792 wrote to memory of 1552	2792	Unicorn-37476.exe	Unicorn-40242.exe
PID 2792 wrote to memory of 1552	2792	Unicorn-37476.exe	Unicorn-40242.exe
PID 2792 wrote to memory of 1552	2792	Unicorn-37476.exe	Unicorn-40242.exe
PID 2792 wrote to memory of 1552	2792	Unicorn-37476.exe	Unicorn-40242.exe
PID 2544 wrote to memory of 2764	2544	Unicorn-3542.exe	Unicorn-56386.exe
PID 2544 wrote to memory of 2764	2544	Unicorn-3542.exe	Unicorn-56386.exe
PID 2544 wrote to memory of 2764	2544	Unicorn-3542.exe	Unicorn-56386.exe
PID 2544 wrote to memory of 2764	2544	Unicorn-3542.exe	Unicorn-56386.exe
PID 3024 wrote to memory of 2448	3024	Unicorn-48944.exe	Unicorn-52857.exe
PID 3024 wrote to memory of 2448	3024	Unicorn-48944.exe	Unicorn-52857.exe
PID 3024 wrote to memory of 2448	3024	Unicorn-48944.exe	Unicorn-52857.exe
PID 3024 wrote to memory of 2448	3024	Unicorn-48944.exe	Unicorn-52857.exe
PID 2688 wrote to memory of 272	2688	Unicorn-13.exe	Unicorn-7185.exe
PID 2688 wrote to memory of 272	2688	Unicorn-13.exe	Unicorn-7185.exe
PID 2688 wrote to memory of 272	2688	Unicorn-13.exe	Unicorn-7185.exe
PID 2688 wrote to memory of 272	2688	Unicorn-13.exe	Unicorn-7185.exe
PID 272 wrote to memory of 1944	272	Unicorn-7185.exe	WerFault.exe
PID 272 wrote to memory of 1944	272	Unicorn-7185.exe	WerFault.exe
PID 272 wrote to memory of 1944	272	Unicorn-7185.exe	WerFault.exe
PID 272 wrote to memory of 1944	272	Unicorn-7185.exe	WerFault.exe
PID 2632 wrote to memory of 1256	2632	Unicorn-45415.exe	WerFault.exe
PID 2632 wrote to memory of 1256	2632	Unicorn-45415.exe	WerFault.exe
PID 2632 wrote to memory of 1256	2632	Unicorn-45415.exe	WerFault.exe
PID 2632 wrote to memory of 1256	2632	Unicorn-45415.exe	WerFault.exe
PID 3024 wrote to memory of 536	3024	Unicorn-48944.exe	WerFault.exe
PID 3024 wrote to memory of 536	3024	Unicorn-48944.exe	WerFault.exe
PID 3024 wrote to memory of 536	3024	Unicorn-48944.exe	WerFault.exe
PID 3024 wrote to memory of 536	3024	Unicorn-48944.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe
"C:\Users\Admin\AppData\Local\Temp\baa0374a1c5db288e9a5b5d95a56c948f482b291808a8d90def0c61cbc8bf166.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-59442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59442.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
10⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
11⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
12⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
13⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
14⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
15⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
15⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 236
14⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
13⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
12⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
11⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
10⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
11⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
12⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
13⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
14⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 220
14⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
13⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
11⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 220
10⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
9⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
11⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
12⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
13⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
14⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
14⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 236
13⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 236
12⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
11⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
10⤵
- Program crash
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
9⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
9⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
10⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
11⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-17919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17919.exe
12⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
13⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
14⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
14⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
13⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
12⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
11⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
10⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
12⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
13⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
13⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
12⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
11⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
9⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 220
8⤵
- Program crash
PID:332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
7⤵
- Program crash
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
6⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
9⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
11⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
12⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
13⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
14⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
15⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 236
15⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
14⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
13⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
12⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
11⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
10⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
11⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
12⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
13⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
14⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
14⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
13⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
12⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
11⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
10⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
11⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
12⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
13⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
14⤵
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
14⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
13⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
12⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
11⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
10⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
9⤵
- Program crash
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
11⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
12⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
13⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
14⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 236
14⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
13⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
12⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
11⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
12⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
8⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
8⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
11⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
12⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
13⤵
PID:11504

C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
14⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
13⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
12⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
12⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
13⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10504 -s 216
13⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
11⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
12⤵
PID:11544

C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
13⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
9⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 220
8⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
7⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-23172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23172.exe
7⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
11⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 236
12⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 236
11⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
10⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
11⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
12⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
10⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
6⤵
- Program crash
PID:268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
9⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
11⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
12⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
13⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 220
14⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
12⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
12⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
13⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
13⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
12⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62128.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
12⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
13⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
13⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
10⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
9⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
8⤵
- Program crash
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
8⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
11⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
12⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
13⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 236
13⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
10⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
11⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 220
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
11⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
9⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
8⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 220
7⤵
- Program crash
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
9⤵
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
9⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
11⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
12⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 216
12⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
10⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
7⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
9⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
10⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
11⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
12⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 216
12⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
10⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
8⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
7⤵
- Program crash
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
6⤵
- Program crash
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
8⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-45413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45413.exe
10⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
11⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
12⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
13⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
11⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
10⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
11⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 236
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 236
11⤵
PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
8⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
9⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
11⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
12⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
12⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 220
7⤵
- Program crash
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
10⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 236
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 236
11⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
8⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
10⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
11⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 236
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
10⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
8⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
7⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
6⤵
- Program crash
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
5⤵
- Program crash
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 148
5⤵
- Loads dropped DLL
- Program crash
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
4⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
9⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
10⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
11⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
12⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
13⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
14⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
14⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
12⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
11⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
11⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
12⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
13⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
13⤵
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
10⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
8⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
11⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
12⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
13⤵
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 220
13⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
12⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
9⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
8⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 220
9⤵
- Program crash
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
8⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 240
9⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 220
8⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
7⤵
- Program crash
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
8⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
10⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
11⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
12⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
13⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
12⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
11⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
10⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
12⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
10⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
7⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
11⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 236
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
8⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
7⤵
- Program crash
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
6⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34779.exe
11⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
12⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
13⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 220
13⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
12⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
9⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
10⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
11⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
12⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 236
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
8⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-12548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12548.exe
9⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 200
10⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
9⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
8⤵
- Program crash
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
7⤵
- Program crash
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
7⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
6⤵
- Program crash
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
5⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
8⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
10⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
11⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
12⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
13⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 216
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
10⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
11⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
12⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 236
11⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
10⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
11⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
10⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
7⤵
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
7⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
9⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
11⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
12⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
11⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
8⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exe
9⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
10⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
11⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 216
11⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
10⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
9⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
8⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 220
7⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
6⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 200
7⤵
- Program crash
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
6⤵
- Program crash
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
5⤵
- Program crash
PID:600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
9⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
10⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
11⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
12⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
13⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
14⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 236
14⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
13⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
11⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
10⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
12⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
13⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
13⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
8⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
12⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
13⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 236
13⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
12⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
11⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
8⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
7⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
8⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
12⤵
PID:11304

C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
13⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11304 -s 216
13⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
11⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
11⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
12⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 236
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
8⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
7⤵
- Program crash
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
7⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
10⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
11⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
12⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 236
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
10⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
8⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
10⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
11⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
10⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
9⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
8⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
7⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
6⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
11⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
12⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
13⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 236
13⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
10⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
11⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
12⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
12⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
11⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
10⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
8⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
11⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
12⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 236
12⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 236
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
10⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
6⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
7⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
9⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
10⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
11⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 216
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
10⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
8⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
8⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
9⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
10⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
11⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 216
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
10⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
9⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
6⤵
- Program crash
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
5⤵
- Program crash
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
7⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
10⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
11⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
12⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
13⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 236
13⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
12⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
7⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25578.exe
10⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
11⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
12⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 236
11⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
8⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
9⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
10⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
11⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
10⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 236
9⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 240
8⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
7⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
6⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
10⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
11⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
12⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
11⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
8⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
7⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
8⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
9⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
10⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
11⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
10⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
9⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
8⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
7⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
6⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
6⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
10⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
11⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
12⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
11⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
7⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exe
8⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
9⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
10⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
11⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
11⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
10⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
9⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
8⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
7⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
6⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
7⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
8⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
9⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
10⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
11⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
10⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
9⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
8⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
7⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
6⤵
- Program crash
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
5⤵
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
4⤵
- Program crash
PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
2⤵
- Program crash
PID:2876

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
Filesize
184KB

MD5
9b2e1cf269e3cd153c2803dbeeec732a

SHA1
dbaf434dbaf5e9a5f0ecea8c32cab474a7934453

SHA256
2e2057b2574410b3801b427b706fbe12eb1cbee9db60af9a490f2f0fee846bab

SHA512
62307e1c5648f4dc69f0ba1c319310647c9538e9712498fb9198247df2d98991910713f79a8b00de65234d63d59de023289601d1fbbec9d96623eed81bc24848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
Filesize
184KB

MD5
49d3c1a0788cf0f28cab7f56de30fef9

SHA1
da07aa20a0cacd33ec1e1d894a92d36cd42cfb30

SHA256
3e13c19304e30eb7c9dbf882db0d7bed73eb5005cc37193c4612ce3af6b4b107

SHA512
fda98d1eab3440cefe63111428ec26928582eab1e3d2d7b5e6a2d93a7fef9d1ccd9317cc0d06a0cbacd3c45d78f95e993978e3970473694357c95b26ce8c11f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
Filesize
184KB

MD5
817f9690d7883a9a6f5f615ec62c7109

SHA1
8edda20cea31f4dfb476aa38a816692d5c7c3834

SHA256
9bb434bc57835617e0e9ba0f4ef3c4cc1d9bc93bc648971c835d16ca145be5cd

SHA512
ffde31fd28d93a32c1556566e0c3eb5b5b651f06d6beba970acaebd1d4e082e39a2ccb395a3949686299cd435f7fb52d32eac1236b224757ad128fc49eaf8e1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
Filesize
184KB

MD5
13a8dfdaadcf3a5a5c5b58ef4ac5a6bd

SHA1
e8d705fd8ad6b30389576f8cdf7579e2b041c223

SHA256
886a82eb09e3707bda19cc3b866454117d17ddfb3b12d391dca5bcf4e7462a69

SHA512
33650d279c4f31d6609015be3dd5880d8c7c897aa48d19b8fd6537ae6a2a52b3f32d2f41a7773945647f0ff9687f5504deca0393900276be9797e35329debbf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
Filesize
184KB

MD5
2156c3271e84654391dba94b8d9be3c9

SHA1
acd8681f5a13af4659c20390c2d39d1ddb39d60d

SHA256
97bdba62d4f68fba95f529bcc709706adeaea22a9ebb86b1a26de27fc518cb97

SHA512
2f91ff4f820218196d81a4a3a8efeb03b3884a73a66188159bc0b0afbc6d15a33a990d673d6ef5ae50fe25138ae0a97eb38c58859765b57e9662b0e751c87db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
Filesize
184KB

MD5
1748d2a4a672eea8415c1f11a9a5e090

SHA1
ce0eeebd159891b6acc966a7676a207aaeef2b77

SHA256
7823661efdbf408eb2ea03981a30485b101e801bd85128011fc671acd101e6d0

SHA512
f713b0023c6e27fc927566ab84478c36fc6d78421a83228f3319a03e19c01f0cc1da92afb10f22503e4a8e855cba3a4c86af8df5663cbaf657061ecccfcc54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
Filesize
184KB

MD5
7cac1d27c46b0626b37c96888ddddbb3

SHA1
2dc232c86a0c226006ac8364cd5689ca016291b8

SHA256
bbec60e1f0e91907ce7540601a66d41d071de6ef613393439c203563e75dac48

SHA512
a166e641207ea08e9792687e72d3fda61acee0e1090b40dc09190a8f52a40aac73098c754176c2826c1bb39757c6196cea7c8e79650d552e71857b1801e3cea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
Filesize
184KB

MD5
ef40701771f5fcb9b80c22bc88113aac

SHA1
9ca030ce2cb2d101c2794bd91b8b18456dffca89

SHA256
d3f34c9d8c5cc39b6336c18f9cbd71abcc992b45915a5f97ceded6e010ea3930

SHA512
4210b3137acd14230c1cf69d5eab0bd110a5cb548288113987b3f466fe6f495cdf0bf108b365aa44c2cfc53cbff34ace29c283cb5b9bdc72cb340f9b5009bbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
Filesize
184KB

MD5
b41ce59cd71c3fbb92fb85c41e4cbb63

SHA1
bbe8a4f93c7710d090089da7fcd6d0903d76fdc2

SHA256
0120e575405e87fb25ba98600294778fe675ccad95f1cb807853e30aa14f4c62

SHA512
52c1e1df055b7d0c5e4e7b52c2dab37742f75eb3a6caf1b9e2bd59b7cd6eb354f12e364161f3090ef87ecfcf14e02e86d1bfea91364d3fdecd4630c097d2b4c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
Filesize
184KB

MD5
1bd9e14432b25d1464ccda60af2d1550

SHA1
51f3ee33d69e2f677bd79fb5d494c143227e257d

SHA256
2ad2f110952262279abe6a422ba1f9bb7f5a8bc196b6cdb78989f7a340c77407

SHA512
14508e11add53284cd78ad5e44f304aa1c6f905a1d0a99bb3f657f91a7e9886a34ad379601a3bcba34ee2fe66c013a8d1b0c5154a51efd7be818a04b3b732b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
Filesize
184KB

MD5
93c4190a2bbad573ba601da9f5162b2d

SHA1
f1d1bf6282b70e1a6c653ef1e6395a4ce10aa71b

SHA256
af13d66525990d26063398717a5a26074777ea7a537d729b10bc4a337179eb19

SHA512
6c0abf0f80e2ba74572a65d44c9b728cecc1cbb102f8033dff4d9f1f249e504f56c656b45a76b14b257a1d164b9ab0f6f9d199bd1abf4ab5fedbd3eaf7c90d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
Filesize
184KB

MD5
b7fb7f14766f3039bdf6cb0ba7e5f306

SHA1
60a96fa04150d90385612da894c75c6725f3b4b0

SHA256
05d53e5747c06f6bff5f46e5a9f25bf575976f605177133101fb9ea97d776918

SHA512
7f593199ed75be757ca8cede4215b7f1d83dc3f1318e9cdb337ed0d5ec1e381a09655b2fdc0d1b828da6c13c143451ccb36462c513a732c290d60da5cb83ff70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
Filesize
184KB

MD5
6462250a3342843a05df779a372e3b9c

SHA1
ee0bb8ce7a77e7e963e5cd09e2a7f3c0853a1be4

SHA256
e480f3da9b7b7ff72079621dd2a16597f63f973c474f1c20657cdc6c3554b30f

SHA512
eb6559dff762a37d95d5497e4c56584415586003ccb650c1ef4cdafedf509be7d21516dc5c1bf63ceb71a0b1938e3cb6f00beaeebdf8903172597689157d5786

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
Filesize
184KB

MD5
a442ddcfbc15b9552c9bc11118ecb10d

SHA1
a8324f34a818b8bad87011bbccb173986e4961c6

SHA256
c4febf7c70ff6e6422f87bae23ca957ed75fd7bb3429bd26dbcd9b7db4b67ff3

SHA512
deb2918571d27daae337d5b6e41671eb46b3f577b309126352d5ea845df926687703e5895ae9ff628c02a350dc1e4254e53d9f50235409b5aeacfa7eb801c8c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
Filesize
184KB

MD5
553239a9a36f4f23e6e35b0af100b648

SHA1
b34622d956f5bfa7d7f4f5f13108853bf366c88c

SHA256
ae026eeb49e36e142cf323d4e3a21d8f51d0441d55073634fb69f9895759a857

SHA512
97a6c1a2dd5e310aa69ad28c651ff3ec5c05310d45261d5fc5c2d3c99d25fb8959f1730271fb072be37b60dd8659070a27063a5554bffebd44eb1e2d749d5ea9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
Filesize
184KB

MD5
c7324c2bd749c3c5361d4b529964af94

SHA1
a69c98e9bb1132d0ba671e3beee1188eb32cfc2f

SHA256
4c0f8a9f08d73acd92aee658cc8ed7b887e03f8909c29c2605258e41275f0966

SHA512
5ad2b54acaa1a36587889211be78bb4e5962189744741158e5d89ef075e7ba9ecc03530dde9bd079a015adb58273303c7aee0fff756e86c1a67a490620c64dfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
Filesize
184KB

MD5
870b1a01f13c5a0c7d3596c7576fc59a

SHA1
c9f08581cf4baa210aec8bbf21e75d2f13eecfd6

SHA256
1de0c3325642a1179312e472062d75bea0e2b4f4360c082b6163169a17d0d33c

SHA512
847284a80c78769059efd5b520ed8da211636399ba9c4f7fcd0f557b84b8d551c526496727bf8d289529db15299e3806ce76c6dd25cbf214c4ffffc6d9b2b299

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
Filesize
184KB

MD5
3d149ebc4120876ac6e48e52c54bd191

SHA1
a434578f2ad8c83df51ee67dc3c51bb6b1fc83a5

SHA256
550a1d4f798271ec2fe88b7232026982ada2947754e97ceacb68f7e69add9eba

SHA512
33582ef984bd6c09e32d13a412f018ee2ee766a6be1f37dd9cee111a653b88a970ba8580970d0cf791d8a6218cb20eedd6ef6d1ed22dc33b270ff817e63a562a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
Filesize
184KB

MD5
73e06e02741a0e9f08a50f930edd80eb

SHA1
d7beb52b78c71e68e3092079b254812c4d023ff5

SHA256
b2d6edacf48e9db65e8bb49f161d0188c3c7fa08052a8a5c45579e05d42b4d90

SHA512
88060abe45c36d32c57ac47c70339d52096b4513934ca95a9967d440d0e44d1f12d72dddcfad411473c9526e3f37dcac342468222400e9d8206da18297225093

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
Filesize
184KB

MD5
cd1564fe941675b704f25ecefd45a734

SHA1
f5419d88850f8770bf8783b306c51524645ceb1d

SHA256
4a4be7ef9915724777239a788780983e10c9b22123a0371fec4646b0b04fe436

SHA512
2d0a6cb597802fbbd64c43eb3fa9701ec69434162d991878a760c8c0e3ad9cc081bd7c0a3e255aa43de584b871033009192e61f9dec57904602135befed1a112

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59442.exe
Filesize
184KB

MD5
b73bc04aa5ea56d6f7ef58c2d67c1b8a

SHA1
c331d29bf3162b07bac8b7450e4bdd18e2dfc5c1

SHA256
1e1f96b518a0072abc0fd71ce5a52fde8da693829ca6b397d1456e1dc7e1c3f5

SHA512
872efddcf129c13b00e065cbd079961e88f9308899afa4bf1349bc5638d7076b7fe07b9ad4831bc80e1bd961f8a84b3900a966aa2e666fa78adc70508efc3602

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
Filesize
184KB

MD5
455d5bfa07982d15662723d06d36267b

SHA1
3d2c2524510ff1076f77f6881a8c57bf713f2937

SHA256
6b78056ed8754f95635d350430c265f77bdd7cb7ae7bf000e483df83b4d933a5

SHA512
b3963c5dc8938050ae010c7da9ba6f5c54d68ab0de0e495721e54169d87629b75789df9547c3ed04bf9fc78d0d81b3913184897d7a4fc1ef947ba8a796a901e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads