722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
Size

184KB
MD5

9e06ca1e4cb253d3f861e5c695878c99
SHA1

446ad71cd3fe33d29adb2e3c98d9236b5f1ac34f
SHA256

722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a
SHA512

325a1426def4075c5c1d81d79944d7499f26ebe35d31c065e47981f9036d83fea3e4e9ce36e9bb2f5f4526a6d68b73a1dd2819c96ab7a01c01d1fb3ee62b03b1
SSDEEP

1536:87S/6FZAf3Lxotx3t19AlawM+2+yvZcl6mdMxdLR2Dzetihlwhj5nizpv/:yda3LxoT919Td+nWeYdLRksihl+ViFn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-12283.exeUnicorn-8282.exeUnicorn-27311.exeUnicorn-64857.exeUnicorn-30047.exeUnicorn-53160.exeUnicorn-42382.exeUnicorn-11655.exeUnicorn-46466.exeUnicorn-26600.exeUnicorn-61987.exeUnicorn-59377.exeUnicorn-20483.exeUnicorn-4701.exeUnicorn-43595.exeUnicorn-24567.exeUnicorn-13061.exeUnicorn-32927.exeUnicorn-32927.exeUnicorn-54271.exeUnicorn-11847.exeUnicorn-39881.exeUnicorn-43965.exeUnicorn-54826.exeUnicorn-13238.exeUnicorn-52133.exeUnicorn-56409.exeUnicorn-36543.exeUnicorn-1733.exeUnicorn-60493.exeUnicorn-40627.exeUnicorn-50270.exeUnicorn-61131.exeUnicorn-58438.exeUnicorn-27712.exeUnicorn-46741.exeUnicorn-55101.exeUnicorn-40156.exeUnicorn-1816.exeUnicorn-11951.exeUnicorn-1645.exeUnicorn-1645.exeUnicorn-1645.exeUnicorn-1645.exeUnicorn-55677.exeUnicorn-40732.exeUnicorn-59761.exeUnicorn-14089.exeUnicorn-18174.exeUnicorn-63845.exeUnicorn-11458.exeUnicorn-11458.exeUnicorn-61214.exeUnicorn-36155.exeUnicorn-20373.exeUnicorn-13596.exeUnicorn-63352.exeUnicorn-26425.exeUnicorn-57151.exeUnicorn-61235.exeUnicorn-14727.exeUnicorn-65319.exeUnicorn-53622.exeUnicorn-7950.exe

pid	process
1324	Unicorn-12283.exe
2596	Unicorn-8282.exe
2988	Unicorn-27311.exe
2288	Unicorn-64857.exe
2480	Unicorn-30047.exe
2676	Unicorn-53160.exe
2776	Unicorn-42382.exe
2936	Unicorn-11655.exe
2804	Unicorn-46466.exe
1708	Unicorn-26600.exe
2340	Unicorn-61987.exe
1548	Unicorn-59377.exe
1572	Unicorn-20483.exe
2852	Unicorn-4701.exe
2292	Unicorn-43595.exe
2052	Unicorn-24567.exe
600	Unicorn-13061.exe
604	Unicorn-32927.exe
324	Unicorn-32927.exe
1156	Unicorn-54271.exe
2020	Unicorn-11847.exe
1788	Unicorn-39881.exe
1380	Unicorn-43965.exe
1048	Unicorn-54826.exe
1640	Unicorn-13238.exe
592	Unicorn-52133.exe
1984	Unicorn-56409.exe
572	Unicorn-36543.exe
2272	Unicorn-1733.exe
912	Unicorn-60493.exe
1528	Unicorn-40627.exe
3008	Unicorn-50270.exe
2848	Unicorn-61131.exe
2484	Unicorn-58438.exe
2520	Unicorn-27712.exe
2500	Unicorn-46741.exe
2204	Unicorn-55101.exe
2924	Unicorn-40156.exe
2932	Unicorn-1816.exe
2552	Unicorn-11951.exe
2348	Unicorn-1645.exe
2780	Unicorn-1645.exe
2808	Unicorn-1645.exe
2904	Unicorn-1645.exe
376	Unicorn-55677.exe
2336	Unicorn-40732.exe
1052	Unicorn-59761.exe
2748	Unicorn-14089.exe
1580	Unicorn-18174.exe
2044	Unicorn-63845.exe
588	Unicorn-11458.exe
1504	Unicorn-11458.exe
1884	Unicorn-61214.exe
1688	Unicorn-36155.exe
1684	Unicorn-20373.exe
1620	Unicorn-13596.exe
2888	Unicorn-63352.exe
2112	Unicorn-26425.exe
1848	Unicorn-57151.exe
3024	Unicorn-61235.exe
2372	Unicorn-14727.exe
2672	Unicorn-65319.exe
2496	Unicorn-53622.exe
2476	Unicorn-7950.exe

Loads dropped DLL 64 IoCs

Processes:

722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exeUnicorn-12283.exeUnicorn-27311.exeUnicorn-8282.exeWerFault.exeUnicorn-30047.exeUnicorn-53160.exeUnicorn-64857.exeWerFault.exeWerFault.exeUnicorn-42382.exeUnicorn-11655.exeUnicorn-26600.exeUnicorn-46466.exeUnicorn-61987.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
1324	Unicorn-12283.exe
2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
1324	Unicorn-12283.exe
2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
2988	Unicorn-27311.exe
2988	Unicorn-27311.exe
2596	Unicorn-8282.exe
2596	Unicorn-8282.exe
1324	Unicorn-12283.exe
1324	Unicorn-12283.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2480	Unicorn-30047.exe
2480	Unicorn-30047.exe
2676	Unicorn-53160.exe
2288	Unicorn-64857.exe
2676	Unicorn-53160.exe
2288	Unicorn-64857.exe
2596	Unicorn-8282.exe
2596	Unicorn-8282.exe
2988	Unicorn-27311.exe
2988	Unicorn-27311.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
1072	WerFault.exe
2704	WerFault.exe
2776	Unicorn-42382.exe
2936	Unicorn-11655.exe
2776	Unicorn-42382.exe
2936	Unicorn-11655.exe
2288	Unicorn-64857.exe
1708	Unicorn-26600.exe
2480	Unicorn-30047.exe
2288	Unicorn-64857.exe
2480	Unicorn-30047.exe
1708	Unicorn-26600.exe
2676	Unicorn-53160.exe
2804	Unicorn-46466.exe
2340	Unicorn-61987.exe
2676	Unicorn-53160.exe
2804	Unicorn-46466.exe
2340	Unicorn-61987.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
932	WerFault.exe
932	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2080	2980	WerFault.exe	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
2692	1324	WerFault.exe	Unicorn-12283.exe
1072	2988	WerFault.exe	Unicorn-27311.exe
2704	2596	WerFault.exe	Unicorn-8282.exe
856	2480	WerFault.exe	Unicorn-30047.exe
1100	2676	WerFault.exe	Unicorn-53160.exe
932	2288	WerFault.exe	Unicorn-64857.exe
3020	2776	WerFault.exe	Unicorn-42382.exe
2940	2936	WerFault.exe	Unicorn-11655.exe
2992	1708	WerFault.exe	Unicorn-26600.exe
2548	2340	WerFault.exe	Unicorn-61987.exe
1760	2804	WerFault.exe	Unicorn-46466.exe
1756	1548	WerFault.exe	Unicorn-59377.exe
2308	2052	WerFault.exe	Unicorn-24567.exe
1780	2852	WerFault.exe	Unicorn-4701.exe
1128	2292	WerFault.exe	Unicorn-43595.exe
2144	324	WerFault.exe	Unicorn-32927.exe
860	1572	WerFault.exe	Unicorn-20483.exe
3068	604	WerFault.exe	Unicorn-32927.exe
1576	600	WerFault.exe	Unicorn-13061.exe
1720	1156	WerFault.exe	Unicorn-54271.exe
2324	2020	WerFault.exe	Unicorn-11847.exe
1916	1788	WerFault.exe	Unicorn-39881.exe
3032	1380	WerFault.exe	Unicorn-43965.exe
2452	1048	WerFault.exe	Unicorn-54826.exe
2800	1640	WerFault.exe	Unicorn-13238.exe
2916	2272	WerFault.exe	Unicorn-1733.exe
2624	572	WerFault.exe	Unicorn-36543.exe
2516	592	WerFault.exe	Unicorn-52133.exe
2072	912	WerFault.exe	Unicorn-60493.exe
824	1984	WerFault.exe	Unicorn-56409.exe
888	1528	WerFault.exe	Unicorn-40627.exe
3208	2848	WerFault.exe	Unicorn-61131.exe
3220	3008	WerFault.exe	Unicorn-50270.exe
3432	2500	WerFault.exe	Unicorn-46741.exe
3540	2748	WerFault.exe	Unicorn-14089.exe
3628	2808	WerFault.exe	Unicorn-1645.exe
3644	2552	WerFault.exe	Unicorn-11951.exe
3668	1580	WerFault.exe	Unicorn-18174.exe
3708	2924	WerFault.exe	Unicorn-40156.exe
3988	1052	WerFault.exe	Unicorn-59761.exe
4008	2044	WerFault.exe	Unicorn-63845.exe
4044	1504	WerFault.exe	Unicorn-11458.exe
4036	588	WerFault.exe	Unicorn-11458.exe
4052	2780	WerFault.exe	Unicorn-1645.exe
3104	2520	WerFault.exe	Unicorn-27712.exe
3136	2484	WerFault.exe	Unicorn-58438.exe
3232	2904	WerFault.exe	Unicorn-1645.exe
3248	2336	WerFault.exe	Unicorn-40732.exe
3260	1884	WerFault.exe	Unicorn-61214.exe
3328	2932	WerFault.exe	Unicorn-1816.exe
3340	2348	WerFault.exe	Unicorn-1645.exe
3596	376	WerFault.exe	Unicorn-55677.exe
3116	2496	WerFault.exe	Unicorn-53622.exe
3172	2888	WerFault.exe	Unicorn-63352.exe
3492	2204	WerFault.exe	Unicorn-55101.exe
2428	1620	WerFault.exe	Unicorn-13596.exe
3124	2112	WerFault.exe	Unicorn-26425.exe
3616	3024	WerFault.exe	Unicorn-61235.exe
3812	1688	WerFault.exe	Unicorn-36155.exe
3900	1848	WerFault.exe	Unicorn-57151.exe
3948	1988	WerFault.exe	Unicorn-11842.exe
3972	2768	WerFault.exe	Unicorn-18619.exe
3276	2372	WerFault.exe	Unicorn-14727.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exeUnicorn-12283.exeUnicorn-8282.exeUnicorn-27311.exeUnicorn-64857.exeUnicorn-30047.exeUnicorn-53160.exeUnicorn-42382.exeUnicorn-11655.exeUnicorn-46466.exeUnicorn-26600.exeUnicorn-61987.exeUnicorn-59377.exeUnicorn-24567.exeUnicorn-43595.exeUnicorn-32927.exeUnicorn-32927.exeUnicorn-4701.exeUnicorn-13061.exeUnicorn-20483.exeUnicorn-54271.exeUnicorn-11847.exeUnicorn-39881.exeUnicorn-43965.exeUnicorn-54826.exeUnicorn-13238.exeUnicorn-52133.exeUnicorn-36543.exeUnicorn-56409.exeUnicorn-1733.exeUnicorn-60493.exeUnicorn-40627.exeUnicorn-50270.exeUnicorn-61131.exeUnicorn-58438.exeUnicorn-27712.exeUnicorn-46741.exeUnicorn-55101.exeUnicorn-40156.exeUnicorn-1816.exeUnicorn-11951.exeUnicorn-1645.exeUnicorn-1645.exeUnicorn-1645.exeUnicorn-1645.exeUnicorn-55677.exeUnicorn-14089.exeUnicorn-40732.exeUnicorn-59761.exeUnicorn-18174.exeUnicorn-63845.exeUnicorn-11458.exeUnicorn-11458.exeUnicorn-61214.exeUnicorn-20373.exeUnicorn-36155.exeUnicorn-13596.exeUnicorn-63352.exeUnicorn-26425.exeUnicorn-57151.exeUnicorn-61235.exeUnicorn-14727.exeUnicorn-65319.exeUnicorn-53622.exe

pid	process
2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
1324	Unicorn-12283.exe
2596	Unicorn-8282.exe
2988	Unicorn-27311.exe
2288	Unicorn-64857.exe
2480	Unicorn-30047.exe
2676	Unicorn-53160.exe
2776	Unicorn-42382.exe
2936	Unicorn-11655.exe
2804	Unicorn-46466.exe
1708	Unicorn-26600.exe
2340	Unicorn-61987.exe
1548	Unicorn-59377.exe
2052	Unicorn-24567.exe
2292	Unicorn-43595.exe
604	Unicorn-32927.exe
324	Unicorn-32927.exe
2852	Unicorn-4701.exe
600	Unicorn-13061.exe
1572	Unicorn-20483.exe
1156	Unicorn-54271.exe
2020	Unicorn-11847.exe
1788	Unicorn-39881.exe
1380	Unicorn-43965.exe
1048	Unicorn-54826.exe
1640	Unicorn-13238.exe
592	Unicorn-52133.exe
572	Unicorn-36543.exe
1984	Unicorn-56409.exe
2272	Unicorn-1733.exe
912	Unicorn-60493.exe
1528	Unicorn-40627.exe
3008	Unicorn-50270.exe
2848	Unicorn-61131.exe
2484	Unicorn-58438.exe
2520	Unicorn-27712.exe
2500	Unicorn-46741.exe
2204	Unicorn-55101.exe
2924	Unicorn-40156.exe
2932	Unicorn-1816.exe
2552	Unicorn-11951.exe
2780	Unicorn-1645.exe
2904	Unicorn-1645.exe
2348	Unicorn-1645.exe
2808	Unicorn-1645.exe
376	Unicorn-55677.exe
2748	Unicorn-14089.exe
2336	Unicorn-40732.exe
1052	Unicorn-59761.exe
1580	Unicorn-18174.exe
2044	Unicorn-63845.exe
588	Unicorn-11458.exe
1504	Unicorn-11458.exe
1884	Unicorn-61214.exe
1684	Unicorn-20373.exe
1688	Unicorn-36155.exe
1620	Unicorn-13596.exe
2888	Unicorn-63352.exe
2112	Unicorn-26425.exe
1848	Unicorn-57151.exe
3024	Unicorn-61235.exe
2372	Unicorn-14727.exe
2672	Unicorn-65319.exe
2496	Unicorn-53622.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exeUnicorn-12283.exeUnicorn-27311.exeUnicorn-8282.exeUnicorn-30047.exeUnicorn-53160.exeUnicorn-64857.exeUnicorn-42382.exe

description	pid	process	target process
PID 2980 wrote to memory of 1324	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-12283.exe
PID 2980 wrote to memory of 1324	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-12283.exe
PID 2980 wrote to memory of 1324	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-12283.exe
PID 2980 wrote to memory of 1324	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-12283.exe
PID 1324 wrote to memory of 2596	1324	Unicorn-12283.exe	Unicorn-8282.exe
PID 1324 wrote to memory of 2596	1324	Unicorn-12283.exe	Unicorn-8282.exe
PID 1324 wrote to memory of 2596	1324	Unicorn-12283.exe	Unicorn-8282.exe
PID 1324 wrote to memory of 2596	1324	Unicorn-12283.exe	Unicorn-8282.exe
PID 2980 wrote to memory of 2988	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-27311.exe
PID 2980 wrote to memory of 2988	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-27311.exe
PID 2980 wrote to memory of 2988	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-27311.exe
PID 2980 wrote to memory of 2988	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	Unicorn-27311.exe
PID 2980 wrote to memory of 2080	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	WerFault.exe
PID 2980 wrote to memory of 2080	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	WerFault.exe
PID 2980 wrote to memory of 2080	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	WerFault.exe
PID 2980 wrote to memory of 2080	2980	722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe	WerFault.exe
PID 2988 wrote to memory of 2288	2988	Unicorn-27311.exe	Unicorn-64857.exe
PID 2988 wrote to memory of 2288	2988	Unicorn-27311.exe	Unicorn-64857.exe
PID 2988 wrote to memory of 2288	2988	Unicorn-27311.exe	Unicorn-64857.exe
PID 2988 wrote to memory of 2288	2988	Unicorn-27311.exe	Unicorn-64857.exe
PID 2596 wrote to memory of 2480	2596	Unicorn-8282.exe	Unicorn-30047.exe
PID 2596 wrote to memory of 2480	2596	Unicorn-8282.exe	Unicorn-30047.exe
PID 2596 wrote to memory of 2480	2596	Unicorn-8282.exe	Unicorn-30047.exe
PID 2596 wrote to memory of 2480	2596	Unicorn-8282.exe	Unicorn-30047.exe
PID 1324 wrote to memory of 2676	1324	Unicorn-12283.exe	Unicorn-53160.exe
PID 1324 wrote to memory of 2676	1324	Unicorn-12283.exe	Unicorn-53160.exe
PID 1324 wrote to memory of 2676	1324	Unicorn-12283.exe	Unicorn-53160.exe
PID 1324 wrote to memory of 2676	1324	Unicorn-12283.exe	Unicorn-53160.exe
PID 1324 wrote to memory of 2692	1324	Unicorn-12283.exe	WerFault.exe
PID 1324 wrote to memory of 2692	1324	Unicorn-12283.exe	WerFault.exe
PID 1324 wrote to memory of 2692	1324	Unicorn-12283.exe	WerFault.exe
PID 1324 wrote to memory of 2692	1324	Unicorn-12283.exe	WerFault.exe
PID 2480 wrote to memory of 2776	2480	Unicorn-30047.exe	Unicorn-42382.exe
PID 2480 wrote to memory of 2776	2480	Unicorn-30047.exe	Unicorn-42382.exe
PID 2480 wrote to memory of 2776	2480	Unicorn-30047.exe	Unicorn-42382.exe
PID 2480 wrote to memory of 2776	2480	Unicorn-30047.exe	Unicorn-42382.exe
PID 2676 wrote to memory of 2804	2676	Unicorn-53160.exe	Unicorn-46466.exe
PID 2676 wrote to memory of 2804	2676	Unicorn-53160.exe	Unicorn-46466.exe
PID 2676 wrote to memory of 2804	2676	Unicorn-53160.exe	Unicorn-46466.exe
PID 2676 wrote to memory of 2804	2676	Unicorn-53160.exe	Unicorn-46466.exe
PID 2288 wrote to memory of 2936	2288	Unicorn-64857.exe	Unicorn-11655.exe
PID 2288 wrote to memory of 2936	2288	Unicorn-64857.exe	Unicorn-11655.exe
PID 2288 wrote to memory of 2936	2288	Unicorn-64857.exe	Unicorn-11655.exe
PID 2288 wrote to memory of 2936	2288	Unicorn-64857.exe	Unicorn-11655.exe
PID 2596 wrote to memory of 1708	2596	Unicorn-8282.exe	Unicorn-26600.exe
PID 2596 wrote to memory of 1708	2596	Unicorn-8282.exe	Unicorn-26600.exe
PID 2596 wrote to memory of 1708	2596	Unicorn-8282.exe	Unicorn-26600.exe
PID 2596 wrote to memory of 1708	2596	Unicorn-8282.exe	Unicorn-26600.exe
PID 2988 wrote to memory of 2340	2988	Unicorn-27311.exe	Unicorn-61987.exe
PID 2988 wrote to memory of 2340	2988	Unicorn-27311.exe	Unicorn-61987.exe
PID 2988 wrote to memory of 2340	2988	Unicorn-27311.exe	Unicorn-61987.exe
PID 2988 wrote to memory of 2340	2988	Unicorn-27311.exe	Unicorn-61987.exe
PID 2988 wrote to memory of 1072	2988	Unicorn-27311.exe	WerFault.exe
PID 2988 wrote to memory of 1072	2988	Unicorn-27311.exe	WerFault.exe
PID 2988 wrote to memory of 1072	2988	Unicorn-27311.exe	WerFault.exe
PID 2988 wrote to memory of 1072	2988	Unicorn-27311.exe	WerFault.exe
PID 2596 wrote to memory of 2704	2596	Unicorn-8282.exe	WerFault.exe
PID 2596 wrote to memory of 2704	2596	Unicorn-8282.exe	WerFault.exe
PID 2596 wrote to memory of 2704	2596	Unicorn-8282.exe	WerFault.exe
PID 2596 wrote to memory of 2704	2596	Unicorn-8282.exe	WerFault.exe
PID 2776 wrote to memory of 1572	2776	Unicorn-42382.exe	Unicorn-20483.exe
PID 2776 wrote to memory of 1572	2776	Unicorn-42382.exe	Unicorn-20483.exe
PID 2776 wrote to memory of 1572	2776	Unicorn-42382.exe	Unicorn-20483.exe
PID 2776 wrote to memory of 1572	2776	Unicorn-42382.exe	Unicorn-20483.exe

C:\Users\Admin\AppData\Local\Temp\722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe
"C:\Users\Admin\AppData\Local\Temp\722207466cd0600fa0c1c60e49ec801efda33365e5aab995bd5c49c410b0417a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
9⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
11⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
12⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
13⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 216
13⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
12⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 216
10⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
9⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
10⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
11⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 220
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
8⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
7⤵
- Program crash
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
9⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
11⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
12⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
13⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
13⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 236
12⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
10⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
9⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
12⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 220
12⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
11⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
10⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
7⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
11⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
12⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
11⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
9⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
8⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
7⤵
- Program crash
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
6⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
8⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
9⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
10⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
11⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
12⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
13⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 236
13⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
12⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
11⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exe
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
12⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
11⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
8⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
9⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
8⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
8⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
8⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
7⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
10⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
11⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 236
12⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
11⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 220
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
7⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
10⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
11⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
10⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 220
7⤵
- Program crash
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
6⤵
- Program crash
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
9⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
11⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
12⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
13⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 220
13⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
12⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 216
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
9⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
8⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
11⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
12⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
12⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 236
11⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 236
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
9⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
8⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
8⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
11⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
12⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 220
13⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
11⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
11⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
12⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
8⤵
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
7⤵
- Program crash
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-57151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57151.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
11⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
12⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
10⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
8⤵
- Program crash
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
7⤵
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
6⤵
- Program crash
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
7⤵
- Executes dropped EXE
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
8⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
10⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
11⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
9⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
10⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
11⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
11⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
10⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
8⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
7⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
9⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
10⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
11⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
10⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
7⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
7⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-64992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64992.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 208
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
10⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
10⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
11⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
11⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
10⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
8⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
7⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
9⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
10⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-62990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62990.exe
11⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
11⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
10⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 220
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
8⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
6⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
5⤵
- Program crash
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
8⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
9⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
11⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-60374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60374.exe
12⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 212
13⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 220
12⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 220
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 220
11⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
10⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 220
8⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
8⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
10⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
10⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
11⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
9⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
8⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
7⤵
- Program crash
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
11⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
12⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
8⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
7⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
10⤵
PID:8472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
8⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
7⤵
- Program crash
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
6⤵
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
7⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
8⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
11⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
12⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
9⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
10⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
11⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 220
11⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
10⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
9⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
8⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
7⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
10⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
8⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
6⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
7⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
10⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
11⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
11⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
8⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
7⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
6⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
5⤵
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
7⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
10⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
11⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
12⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 220
11⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-64779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64779.exe
7⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
9⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
10⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
11⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 220
10⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
7⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
6⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
7⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
9⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
10⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 220
11⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
10⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
9⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 216
8⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
7⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
6⤵
- Program crash
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
6⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
9⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
10⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
11⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
10⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
9⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
8⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
7⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
6⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
7⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
9⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
10⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 236
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
9⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 236
8⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
7⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 220
6⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
5⤵
- Program crash
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
10⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
11⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
12⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
13⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
13⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
12⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
11⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
9⤵
- Program crash
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
11⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
12⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
13⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
12⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
10⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
10⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-65226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65226.exe
11⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
11⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
9⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
8⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
8⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
11⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
12⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
12⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
11⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
10⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
11⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
12⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
11⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
9⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
10⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
12⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
10⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
8⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
7⤵
- Program crash
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
8⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
11⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
12⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
13⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
12⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
11⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
11⤵
PID:8912

C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 236
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
11⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 240
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
11⤵
PID:9228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9228 -s 216
12⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
11⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 220
8⤵
- Program crash
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
7⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-6663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6663.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
10⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
11⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
12⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
9⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
10⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
11⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
10⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
7⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
6⤵
- Program crash
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-6471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6471.exe
8⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-9284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9284.exe
10⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
11⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 220
10⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
9⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
7⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
10⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 200
11⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
7⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
7⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
10⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
11⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 220
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 220
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
9⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
10⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
11⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
10⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 236
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
7⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
8⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
10⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-61324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61324.exe
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
10⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
8⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
7⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
6⤵
- Program crash
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 220
5⤵
- Program crash
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
8⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
10⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 204
12⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
11⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
10⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
9⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
8⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
9⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
10⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
11⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
10⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
8⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
7⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
8⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
9⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
10⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
11⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
11⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 220
10⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
8⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
7⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
6⤵
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
7⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
9⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
10⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
11⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
10⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
8⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
7⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48651.exe
8⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
9⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
10⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
10⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
9⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
8⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
6⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
7⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
8⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
9⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
10⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 220
10⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
9⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
8⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
7⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
6⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
5⤵
- Program crash
PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
7⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
10⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
11⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 220
11⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
9⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
10⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
11⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
10⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
9⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
6⤵
- Program crash
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
5⤵
- Program crash
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
6⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
7⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
9⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
10⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
11⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 236
11⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
10⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
8⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
8⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
9⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
10⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
10⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 236
9⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
8⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 220
7⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
6⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
7⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
8⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
9⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
10⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
10⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
9⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
8⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
7⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
6⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
5⤵
- Program crash
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
4⤵
- Program crash
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
2⤵
- Program crash
PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe

Filesize
184KB

MD5
4d7f45a56bd0f2cffafb5ca869c1bc65

SHA1
8d5fdc054f0d23e94222734a386ab567b648bce5

SHA256
e64797157713222f196cb95c0a0886616629f46243c42269448eedb94152ac14

SHA512
9d6de99e1b6f0f23c79b19b54de5259f9dd887906d2e627a58696b80e27f492e73b63414301ea9a1aed7bd023ee40d9c617e70b60ed72fddf2f5bb65733c219a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe

Filesize
184KB

MD5
e6fbb46973bc4d8d30dba42d40445ba0

SHA1
8b4dfae9683499e37e3a2f85c4ab8197de1e827f

SHA256
95058afe4fb293f70399d2ddd7c0d5983b9d123e617812c32e0844479adf33d0

SHA512
42243cd9e9bb3c412509a9b7189e2c5b52cb7aa7a442171a33ed13435303170e2c1a6f45f05f541de936b3b9710fcdb3073a20790cc295da947cf917afbd68a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe

Filesize
184KB

MD5
3e96a9ce56886783d7810e118e09d7e6

SHA1
5f8268a5fd1d207cb15cee909d5a4afd58f855fd

SHA256
be004d33df6b6b90668cc4275313a075cce0f2302794de52e23e9c720f3eb951

SHA512
9afd0d8014ffc3c4f03134df327701c31092fbc3982d946937748fc0a62d5fb56203428d158cb04d5df93e68275afbf619284bd5c66f459d2f149f742cb08e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe

Filesize
184KB

MD5
5a349b74fb36d3b63965339baecf4d2d

SHA1
bfc2a518886fff686c477ab411309d0ae2349b66

SHA256
99b481327b72a538f77d4eca90cc9284ead346114fade5a55de12e0d7e2a7d5f

SHA512
c9e02c557d5547d12997969642e00e46a01e08babc78f9414fe4188b6ad66fd1e72badf8f621f561a476fe6855308619d83e3cb7f1a8ef9159a40a3af1391e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe

Filesize
184KB

MD5
6d59283a578927e69414a8b328ca2a54

SHA1
9c9eb2aa29a300d877215559a67425d3f82b9060

SHA256
4564c9126922fc5008c6903efbac64654fd6400831efa8704f08133b3c2d4120

SHA512
06ce2514494b09062acc3cc9fcd3bdf8ba2fd319d3224bb0c2e525ba78403f975f5f1e5b3222871e38adbbc7caff62d4d707c5c85fc5fb1771fb33b6366e22ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe

Filesize
184KB

MD5
31262450053cf391386dfaf2cd2950a0

SHA1
13f748be887858c8813df33f082904cfefb41b92

SHA256
2536c3e9f627f39daf4480f60a04d6167ef0ae8c82f819a05064e4c92a771603

SHA512
2d92e079474368858186a3e7bd22d858459a190c761f9f33c937e572edf47321c32d2d62082109b7cae47e3b5476e6f86b26329edbadc790a2877ffa5bc0a836

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe

Filesize
184KB

MD5
61fc8be0c86ee64f26801cdc8b9ee7a7

SHA1
1337e7d7d268964ff079c22f8bdf88161da840f2

SHA256
53a85ee8375f3e87a402cc7cdb99ad65cd133743dc1bc2bc20a1e44a5562a9e9

SHA512
d0c9257e7e8c0275466f15f9892626cfcd5c493c8da62a310ce9a0f92bb0812c12ce856255bb9de41d76625b60918cf501ac5a3b02ef74727e9255c4ab19cd28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe

Filesize
184KB

MD5
b105694e50ae36e543ff336a07caec59

SHA1
0e93a83189cdb5896613a60723f4b9f34bb1a4ec

SHA256
6ab673b7844dadc776b1640da1bf6e28ea3e4413d77237d675539630553e2263

SHA512
be07740b71918e45bc0aa7e410b943d37375a80b1be957314d9d526bf930a64d200e66de151de313e1957e44bf3b57e6a546b6f69302944d489b08fbbb1eb30d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe

Filesize
184KB

MD5
b6df4802db8b8522df630aa8d485618a

SHA1
c1726117e70bef5dde8afae1eb0b1d4c6db65246

SHA256
da8cb25968446e1645e0d74f9e7a5bdb56337900d7adc8960915ac02b26facab

SHA512
c236481e290b748ae7eaf1a41e7abcf2314d3cd6148d7ae30d380b3e682984ffba0cc2419147d5d9ab58eab0fa7d0171a40b4ae590f7871bc3cd88e44ccdfd99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6471.exe

Filesize
184KB

MD5
13bcdffc85b59ede12d513b67c45aba2

SHA1
dc06b8d66a3d329c66ebd3e745cdc65a6b294d1c

SHA256
18c0e43a56e58a396196c69bd7f36b20d320e5898f2abd9506fbdc1f4da4a510

SHA512
2d1c33c8ab7eb3640645d220fbb3ee91fd32a184a230988f51b8b44e7a52e9ba59a0dabcb341c08004f667d3825641b4b499eb147ef13825d239b982cde7eec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6663.exe

Filesize
184KB

MD5
62c8f1c5eacecda8019e72e63ec45c3c

SHA1
d5201c39cda98d14f5f0a5494c3d76efab6d9301

SHA256
0c7c2ade4952f9cd2b51bafa8cadf8d3ecbf6eea1acbd2b065105050f806b7f4

SHA512
8f1180bbabb705d73f66ff1338ec1c5a6b1ddf9865c1f716ca82f6730577cd30ec7ea5bf5e035c3b7d128724d0be9984e0415af3f06a91416c30cd52e5bdbdfd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe

Filesize
184KB

MD5
3b3cf453e4637e9ece87c9cc1b8fc4e6

SHA1
c5067b55246e2d376928fba8297d731c18221533

SHA256
96cd0730b795fac4f879a1848ff137d7a00a01b2666cb2bf73bddc89ea5ca0ca

SHA512
c49a41453a4e160d3575f0befd6e8fa3c0a4af5f810e3901207b47dd106ffdcdf1210aeb7a28473b508903341745aa481bf7ef19ed15d4d2ee1d1bfa07a57699

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe

Filesize
184KB

MD5
89a11e4b11609048752849a69b377912

SHA1
898eb85356edcc3e06c06218c38337d22227d86e

SHA256
82464b637b71ff753374be2d9f7c37933a9e90a29fecd1f96b4b8da87246a09a

SHA512
4888bf05bc1d1b38f790060cb845e3a431ba51aeee7d2756e514d5a23526c5a5be9f26fce0dc48baf6f576a523507e519ed03616c9e434df20d5727b45a6f7b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe

Filesize
184KB

MD5
85f943be114b4d51b70a05f47eaf36eb

SHA1
cf08afd362847a8b9cdd0c92cd7c259479f82183

SHA256
3bc19a6e8c45cfd585c6c46405783fa112faef8b4dd8a3fbecee44ab869f08fe

SHA512
f145eb4ade88af1010d27e84dab78a8debcc9b308651c5f428a9c41d0d4c952d0dc3fb6344434123474be91bf9caeb868b86efef68971fc254994691b496434d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe

Filesize
184KB

MD5
5821624f9dbaad428651cbe970d78c93

SHA1
fe4a938d739a815bac666a8fd107d233a9254194

SHA256
af8a622f9e374ed3eacc08098413e8233226cfd50a298f0822ed8eb0d2e51c80

SHA512
553e5450bb4a4cdd107d3521f86022dc45873b340008372f609bd4d807e6ab22ead4ea6f4376d43758e4290dd1e11d866ed2ca8b82355234251c6c9822d95852

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe

Filesize
184KB

MD5
6beb3e83a5b8f887a3b770b5bcbc6732

SHA1
339f1d403f882809ae3b81ff84b6307f1323ab73

SHA256
1d7474cda1c2f250c6c39ea0a6f84fb78497687dba64fc5671cc53e29c2e6511

SHA512
f5dc9dfa9d105163cbb50bba6e9c229951ca1fba5a5ea9dc8635cf9b8bd2c1282355bb7bee7dbee5aa8765ea5a7f1889d5d0f2f5bb881ccff6a4e9db42c3bc4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe

Filesize
184KB

MD5
828832fca61567b471729e09631a053a

SHA1
c26f489bad20d82a751e56ecdd2083aed0f4401e

SHA256
b0b086a57372739ee2b8d58ff642950f2d506bdc45191ddef270e261bcb843ff

SHA512
1fdd8c979755f252657754de82eb515ce0cf350738d1b00137b0210cdd699e47a3f5a4430ee40c33ea047b2503f412f356423b30eefe8fc9944ad45b0e61b721

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe

Filesize
184KB

MD5
8e9de485bd55b41d344f2c244107f44e

SHA1
a8f1bad471621384554359cc26f57d445a7778b4

SHA256
a36bac9d1389aa69cdeb4b035905e697d72156a8a7e98fef46198b07f7672051

SHA512
b46fc3419c2e39bbc33ad383aa60b32a17ffe039d3f22f5c8627833ea6f19dd9b94035fc2dfd9b93f210a7a32f262d96ebaea6c4b73352bb3a61e26feae0b78a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe

Filesize
184KB

MD5
704207395a1ea49544fc64d993daae4a

SHA1
c5275914947bd812f6c50225214bbdf7359ec1b4

SHA256
7e936260a9d0adb8ea6d90bd6428fefe89778fd09f6913d18939893eb4da43f9

SHA512
f8a5a1b7935066ee8956be49473b9f8ede8d83e90bd25f67e1b2fecc281e3391ee5b5d2d814b00a4e908bfc0ce4e25b0e6b715b835e56e4e1cd6c47c0cce5828

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe

Filesize
184KB

MD5
72e5df9855f3d2a4b0156791125ebb31

SHA1
38ac4af6f08f7515d43cd884444409ba72e3e3c6

SHA256
419f1694ca5c97212e6cde19a741c0e4e5dcc0c900cf30ea3e9190eeeb727e45

SHA512
7f9cb02039174af229cc6d5f9dc94908bfe88b9632971be219c6559c8dc7576c8856106b66b0a33aa1fa0cf91e39a34ca7c8567b68b9c4bf07688dd7752faa67

Download Submit