75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
Size

184KB
MD5

cd279dd6b8fd30d513d132f59b69838e
SHA1

2cbfcd891b69127cd03655d227411f3e5bb5a891
SHA256

75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1
SHA512

2a299feb1d34d091501372790aa45b3692e7901392f7c9504878da9b2a134aa65633de5afc54bc2a5883166c5616d6a378e5dd8f1fdfd2e16c8633544ff97633
SSDEEP

3072:GFqXu7ofP8hOd8wWeDjLRVsUhlnViFbn3:GFjo2K8wVLjsUhlnViFb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-7260.exeUnicorn-62252.exeUnicorn-8303.exeUnicorn-21708.exeUnicorn-49974.exeUnicorn-44505.exeUnicorn-55366.exeUnicorn-9694.exeUnicorn-44588.exeUnicorn-28806.exeUnicorn-22030.exeUnicorn-26114.exeUnicorn-10908.exeUnicorn-17536.exeUnicorn-39025.exeUnicorn-40648.exeUnicorn-25704.exeUnicorn-8298.exeUnicorn-53970.exeUnicorn-10114.exeUnicorn-29980.exeUnicorn-44261.exeUnicorn-32755.exeUnicorn-3420.exeUnicorn-34147.exeUnicorn-53176.exeUnicorn-46207.exeUnicorn-65236.exeUnicorn-19565.exeUnicorn-19565.exeUnicorn-3783.exeUnicorn-54375.exeUnicorn-7867.exeUnicorn-27733.exeUnicorn-36368.exeUnicorn-16502.exeUnicorn-44536.exeUnicorn-34038.exeUnicorn-44899.exeUnicorn-42206.exeUnicorn-50374.exeUnicorn-47037.exeUnicorn-13617.exeUnicorn-13617.exeUnicorn-44344.exeUnicorn-28562.exeUnicorn-52512.exeUnicorn-52512.exeUnicorn-36730.exeUnicorn-60680.exeUnicorn-34614.exeUnicorn-10088.exeUnicorn-37484.exeUnicorn-10841.exeUnicorn-21702.exeUnicorn-19010.exeUnicorn-29870.exeUnicorn-35154.exeUnicorn-35154.exeUnicorn-50099.exeUnicorn-12595.exeUnicorn-31624.exeUnicorn-51490.exeUnicorn-62351.exe

pid	process
1968	Unicorn-7260.exe
3060	Unicorn-62252.exe
2616	Unicorn-8303.exe
2552	Unicorn-21708.exe
2628	Unicorn-49974.exe
2252	Unicorn-44505.exe
1628	Unicorn-55366.exe
2352	Unicorn-9694.exe
1580	Unicorn-44588.exe
2148	Unicorn-28806.exe
1896	Unicorn-22030.exe
1252	Unicorn-26114.exe
1220	Unicorn-10908.exe
1764	Unicorn-17536.exe
596	Unicorn-39025.exe
580	Unicorn-40648.exe
1788	Unicorn-25704.exe
608	Unicorn-8298.exe
1712	Unicorn-53970.exe
352	Unicorn-10114.exe
1116	Unicorn-29980.exe
900	Unicorn-44261.exe
2296	Unicorn-32755.exe
1744	Unicorn-3420.exe
788	Unicorn-34147.exe
2924	Unicorn-53176.exe
1440	Unicorn-46207.exe
2028	Unicorn-65236.exe
1880	Unicorn-19565.exe
2920	Unicorn-19565.exe
1520	Unicorn-3783.exe
1976	Unicorn-54375.exe
2972	Unicorn-7867.exe
2172	Unicorn-27733.exe
2460	Unicorn-36368.exe
2476	Unicorn-16502.exe
2896	Unicorn-44536.exe
372	Unicorn-34038.exe
2144	Unicorn-44899.exe
2184	Unicorn-42206.exe
1232	Unicorn-50374.exe
1236	Unicorn-47037.exe
2392	Unicorn-13617.exe
2180	Unicorn-13617.exe
2640	Unicorn-44344.exe
2200	Unicorn-28562.exe
2756	Unicorn-52512.exe
2564	Unicorn-52512.exe
888	Unicorn-36730.exe
2768	Unicorn-60680.exe
2788	Unicorn-34614.exe
2880	Unicorn-10088.exe
2288	Unicorn-37484.exe
2832	Unicorn-10841.exe
1000	Unicorn-21702.exe
908	Unicorn-19010.exe
2320	Unicorn-29870.exe
2736	Unicorn-35154.exe
2380	Unicorn-35154.exe
1928	Unicorn-50099.exe
2160	Unicorn-12595.exe
3020	Unicorn-31624.exe
2572	Unicorn-51490.exe
2728	Unicorn-62351.exe

Loads dropped DLL 64 IoCs

Processes:

75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exeUnicorn-62252.exeUnicorn-8303.exeWerFault.exeUnicorn-21708.exeUnicorn-49974.exeWerFault.exeUnicorn-44505.exeUnicorn-55366.exeUnicorn-9694.exeWerFault.exeWerFault.exeUnicorn-28806.exeUnicorn-22030.exeUnicorn-44588.exeUnicorn-26114.exeUnicorn-10908.exeWerFault.exe

pid	process
2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
3060	Unicorn-62252.exe
3060	Unicorn-62252.exe
2616	Unicorn-8303.exe
2616	Unicorn-8303.exe
3060	Unicorn-62252.exe
3060	Unicorn-62252.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2552	Unicorn-21708.exe
2552	Unicorn-21708.exe
2616	Unicorn-8303.exe
2628	Unicorn-49974.exe
2616	Unicorn-8303.exe
2628	Unicorn-49974.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
2252	Unicorn-44505.exe
2252	Unicorn-44505.exe
2552	Unicorn-21708.exe
2552	Unicorn-21708.exe
1628	Unicorn-55366.exe
1628	Unicorn-55366.exe
2352	Unicorn-9694.exe
2352	Unicorn-9694.exe
2628	Unicorn-49974.exe
2628	Unicorn-49974.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
2408	WerFault.exe
2408	WerFault.exe
2408	WerFault.exe
2408	WerFault.exe
1944	WerFault.exe
2408	WerFault.exe
2148	Unicorn-28806.exe
2148	Unicorn-28806.exe
1896	Unicorn-22030.exe
1896	Unicorn-22030.exe
1628	Unicorn-55366.exe
1628	Unicorn-55366.exe
1580	Unicorn-44588.exe
1580	Unicorn-44588.exe
1252	Unicorn-26114.exe
2252	Unicorn-44505.exe
1252	Unicorn-26114.exe
2252	Unicorn-44505.exe
2352	Unicorn-9694.exe
1220	Unicorn-10908.exe
2352	Unicorn-9694.exe
1220	Unicorn-10908.exe
2140	WerFault.exe
2140	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2668	2268	WerFault.exe	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
2584	3060	WerFault.exe	Unicorn-62252.exe
996	2616	WerFault.exe	Unicorn-8303.exe
1944	2552	WerFault.exe	Unicorn-21708.exe
2408	2628	WerFault.exe	Unicorn-49974.exe
2140	2252	WerFault.exe	Unicorn-44505.exe
1804	1628	WerFault.exe	Unicorn-55366.exe
808	2352	WerFault.exe	Unicorn-9694.exe
2588	2148	WerFault.exe	Unicorn-28806.exe
2580	1580	WerFault.exe	Unicorn-44588.exe
2492	1252	WerFault.exe	Unicorn-26114.exe
2712	1220	WerFault.exe	Unicorn-10908.exe
2828	1764	WerFault.exe	Unicorn-17536.exe
1740	580	WerFault.exe	Unicorn-40648.exe
2420	596	WerFault.exe	Unicorn-39025.exe
1452	608	WerFault.exe	Unicorn-8298.exe
2060	1788	WerFault.exe	Unicorn-25704.exe
2804	352	WerFault.exe	Unicorn-10114.exe
1868	1116	WerFault.exe	Unicorn-29980.exe
2960	1712	WerFault.exe	Unicorn-53970.exe
2932	900	WerFault.exe	Unicorn-44261.exe
1540	1744	WerFault.exe	Unicorn-3420.exe
2608	2924	WerFault.exe	Unicorn-53176.exe
2528	788	WerFault.exe	Unicorn-34147.exe
2444	2172	WerFault.exe	Unicorn-27733.exe
852	1976	WerFault.exe	Unicorn-54375.exe
2452	1880	WerFault.exe	Unicorn-19565.exe
2364	1440	WerFault.exe	Unicorn-46207.exe
1780	2028	WerFault.exe	Unicorn-65236.exe
1652	2920	WerFault.exe	Unicorn-19565.exe
1256	1520	WerFault.exe	Unicorn-3783.exe
2336	2972	WerFault.exe	Unicorn-7867.exe
3428	2476	WerFault.exe	Unicorn-16502.exe
3420	2460	WerFault.exe	Unicorn-36368.exe
3608	2184	WerFault.exe	Unicorn-42206.exe
3816	2044	WerFault.exe	Unicorn-29954.exe
3844	1236	WerFault.exe	Unicorn-47037.exe
3872	2200	WerFault.exe	Unicorn-28562.exe
3896	2144	WerFault.exe	Unicorn-44899.exe
3940	1232	WerFault.exe	Unicorn-50374.exe
3104	2756	WerFault.exe	Unicorn-52512.exe
3244	2564	WerFault.exe	Unicorn-52512.exe
3232	2288	WerFault.exe	Unicorn-37484.exe
3328	2768	WerFault.exe	Unicorn-60680.exe
3308	2832	WerFault.exe	Unicorn-10841.exe
3360	2640	WerFault.exe	Unicorn-44344.exe
3080	2168	WerFault.exe	Unicorn-45522.exe
3092	536	WerFault.exe	Unicorn-35407.exe
3180	2736	WerFault.exe	Unicorn-35154.exe
3228	2880	WerFault.exe	Unicorn-10088.exe
3400	2912	WerFault.exe	Unicorn-51189.exe
3404	1756	WerFault.exe	Unicorn-14795.exe
3484	2188	WerFault.exe	Unicorn-29124.exe
3524	2728	WerFault.exe	Unicorn-62351.exe
3652	1900	WerFault.exe	Unicorn-9087.exe
3684	1424	WerFault.exe	Unicorn-63441.exe
4028	908	WerFault.exe	Unicorn-19010.exe
4048	2824	WerFault.exe	Unicorn-51552.exe
4056	2320	WerFault.exe	Unicorn-29870.exe
3076	1020	WerFault.exe	Unicorn-53135.exe
3160	3020	WerFault.exe	Unicorn-31624.exe
3396	1680	WerFault.exe	Unicorn-25616.exe
3448	2380	WerFault.exe	Unicorn-35154.exe
3808	2160	WerFault.exe	Unicorn-12595.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exeUnicorn-7260.exeUnicorn-62252.exeUnicorn-8303.exeUnicorn-21708.exeUnicorn-49974.exeUnicorn-44505.exeUnicorn-55366.exeUnicorn-9694.exeUnicorn-44588.exeUnicorn-28806.exeUnicorn-26114.exeUnicorn-10908.exeUnicorn-22030.exeUnicorn-17536.exeUnicorn-39025.exeUnicorn-40648.exeUnicorn-8298.exeUnicorn-29980.exeUnicorn-53970.exeUnicorn-25704.exeUnicorn-10114.exeUnicorn-44261.exeUnicorn-32755.exeUnicorn-3420.exeUnicorn-53176.exeUnicorn-34147.exeUnicorn-65236.exeUnicorn-19565.exeUnicorn-46207.exeUnicorn-3783.exeUnicorn-54375.exeUnicorn-7867.exeUnicorn-27733.exeUnicorn-36368.exeUnicorn-16502.exeUnicorn-44536.exeUnicorn-34038.exeUnicorn-44899.exeUnicorn-42206.exeUnicorn-50374.exeUnicorn-47037.exeUnicorn-13617.exeUnicorn-44344.exeUnicorn-13617.exeUnicorn-28562.exeUnicorn-52512.exeUnicorn-52512.exeUnicorn-34614.exeUnicorn-36730.exeUnicorn-29954.exeUnicorn-10088.exeUnicorn-60680.exeUnicorn-37484.exeUnicorn-10841.exeUnicorn-21702.exeUnicorn-19010.exeUnicorn-29870.exeUnicorn-35154.exeUnicorn-35154.exeUnicorn-50099.exeUnicorn-12595.exeUnicorn-31624.exeUnicorn-51490.exe

pid	process
2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
1968	Unicorn-7260.exe
3060	Unicorn-62252.exe
2616	Unicorn-8303.exe
2552	Unicorn-21708.exe
2628	Unicorn-49974.exe
2252	Unicorn-44505.exe
1628	Unicorn-55366.exe
2352	Unicorn-9694.exe
1580	Unicorn-44588.exe
2148	Unicorn-28806.exe
1252	Unicorn-26114.exe
1220	Unicorn-10908.exe
1896	Unicorn-22030.exe
1764	Unicorn-17536.exe
596	Unicorn-39025.exe
580	Unicorn-40648.exe
608	Unicorn-8298.exe
1116	Unicorn-29980.exe
1712	Unicorn-53970.exe
1788	Unicorn-25704.exe
352	Unicorn-10114.exe
900	Unicorn-44261.exe
2296	Unicorn-32755.exe
1744	Unicorn-3420.exe
2924	Unicorn-53176.exe
788	Unicorn-34147.exe
2028	Unicorn-65236.exe
1880	Unicorn-19565.exe
1440	Unicorn-46207.exe
1520	Unicorn-3783.exe
1976	Unicorn-54375.exe
2972	Unicorn-7867.exe
2172	Unicorn-27733.exe
2460	Unicorn-36368.exe
2476	Unicorn-16502.exe
2896	Unicorn-44536.exe
372	Unicorn-34038.exe
2144	Unicorn-44899.exe
2184	Unicorn-42206.exe
1232	Unicorn-50374.exe
1236	Unicorn-47037.exe
2392	Unicorn-13617.exe
2640	Unicorn-44344.exe
2180	Unicorn-13617.exe
2200	Unicorn-28562.exe
2756	Unicorn-52512.exe
2564	Unicorn-52512.exe
2788	Unicorn-34614.exe
888	Unicorn-36730.exe
2044	Unicorn-29954.exe
2880	Unicorn-10088.exe
2768	Unicorn-60680.exe
2288	Unicorn-37484.exe
2832	Unicorn-10841.exe
1000	Unicorn-21702.exe
908	Unicorn-19010.exe
2320	Unicorn-29870.exe
2736	Unicorn-35154.exe
2380	Unicorn-35154.exe
1928	Unicorn-50099.exe
2160	Unicorn-12595.exe
3020	Unicorn-31624.exe
2572	Unicorn-51490.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exeUnicorn-62252.exeUnicorn-8303.exeUnicorn-21708.exeUnicorn-49974.exeUnicorn-44505.exeUnicorn-55366.exeUnicorn-9694.exe

description	pid	process	target process
PID 2268 wrote to memory of 1968	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-7260.exe
PID 2268 wrote to memory of 1968	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-7260.exe
PID 2268 wrote to memory of 1968	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-7260.exe
PID 2268 wrote to memory of 1968	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-7260.exe
PID 2268 wrote to memory of 3060	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-62252.exe
PID 2268 wrote to memory of 3060	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-62252.exe
PID 2268 wrote to memory of 3060	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-62252.exe
PID 2268 wrote to memory of 3060	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	Unicorn-62252.exe
PID 2268 wrote to memory of 2668	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	WerFault.exe
PID 2268 wrote to memory of 2668	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	WerFault.exe
PID 2268 wrote to memory of 2668	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	WerFault.exe
PID 2268 wrote to memory of 2668	2268	75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe	WerFault.exe
PID 3060 wrote to memory of 2616	3060	Unicorn-62252.exe	Unicorn-8303.exe
PID 3060 wrote to memory of 2616	3060	Unicorn-62252.exe	Unicorn-8303.exe
PID 3060 wrote to memory of 2616	3060	Unicorn-62252.exe	Unicorn-8303.exe
PID 3060 wrote to memory of 2616	3060	Unicorn-62252.exe	Unicorn-8303.exe
PID 2616 wrote to memory of 2552	2616	Unicorn-8303.exe	Unicorn-21708.exe
PID 2616 wrote to memory of 2552	2616	Unicorn-8303.exe	Unicorn-21708.exe
PID 2616 wrote to memory of 2552	2616	Unicorn-8303.exe	Unicorn-21708.exe
PID 2616 wrote to memory of 2552	2616	Unicorn-8303.exe	Unicorn-21708.exe
PID 3060 wrote to memory of 2628	3060	Unicorn-62252.exe	Unicorn-49974.exe
PID 3060 wrote to memory of 2628	3060	Unicorn-62252.exe	Unicorn-49974.exe
PID 3060 wrote to memory of 2628	3060	Unicorn-62252.exe	Unicorn-49974.exe
PID 3060 wrote to memory of 2628	3060	Unicorn-62252.exe	Unicorn-49974.exe
PID 3060 wrote to memory of 2584	3060	Unicorn-62252.exe	WerFault.exe
PID 3060 wrote to memory of 2584	3060	Unicorn-62252.exe	WerFault.exe
PID 3060 wrote to memory of 2584	3060	Unicorn-62252.exe	WerFault.exe
PID 3060 wrote to memory of 2584	3060	Unicorn-62252.exe	WerFault.exe
PID 2552 wrote to memory of 2252	2552	Unicorn-21708.exe	Unicorn-44505.exe
PID 2552 wrote to memory of 2252	2552	Unicorn-21708.exe	Unicorn-44505.exe
PID 2552 wrote to memory of 2252	2552	Unicorn-21708.exe	Unicorn-44505.exe
PID 2552 wrote to memory of 2252	2552	Unicorn-21708.exe	Unicorn-44505.exe
PID 2616 wrote to memory of 1628	2616	Unicorn-8303.exe	Unicorn-55366.exe
PID 2616 wrote to memory of 1628	2616	Unicorn-8303.exe	Unicorn-55366.exe
PID 2616 wrote to memory of 1628	2616	Unicorn-8303.exe	Unicorn-55366.exe
PID 2616 wrote to memory of 1628	2616	Unicorn-8303.exe	Unicorn-55366.exe
PID 2628 wrote to memory of 2352	2628	Unicorn-49974.exe	Unicorn-9694.exe
PID 2628 wrote to memory of 2352	2628	Unicorn-49974.exe	Unicorn-9694.exe
PID 2628 wrote to memory of 2352	2628	Unicorn-49974.exe	Unicorn-9694.exe
PID 2628 wrote to memory of 2352	2628	Unicorn-49974.exe	Unicorn-9694.exe
PID 2616 wrote to memory of 996	2616	Unicorn-8303.exe	WerFault.exe
PID 2616 wrote to memory of 996	2616	Unicorn-8303.exe	WerFault.exe
PID 2616 wrote to memory of 996	2616	Unicorn-8303.exe	WerFault.exe
PID 2616 wrote to memory of 996	2616	Unicorn-8303.exe	WerFault.exe
PID 2252 wrote to memory of 1580	2252	Unicorn-44505.exe	Unicorn-44588.exe
PID 2252 wrote to memory of 1580	2252	Unicorn-44505.exe	Unicorn-44588.exe
PID 2252 wrote to memory of 1580	2252	Unicorn-44505.exe	Unicorn-44588.exe
PID 2252 wrote to memory of 1580	2252	Unicorn-44505.exe	Unicorn-44588.exe
PID 2552 wrote to memory of 2148	2552	Unicorn-21708.exe	Unicorn-28806.exe
PID 2552 wrote to memory of 2148	2552	Unicorn-21708.exe	Unicorn-28806.exe
PID 2552 wrote to memory of 2148	2552	Unicorn-21708.exe	Unicorn-28806.exe
PID 2552 wrote to memory of 2148	2552	Unicorn-21708.exe	Unicorn-28806.exe
PID 1628 wrote to memory of 1896	1628	Unicorn-55366.exe	Unicorn-22030.exe
PID 1628 wrote to memory of 1896	1628	Unicorn-55366.exe	Unicorn-22030.exe
PID 1628 wrote to memory of 1896	1628	Unicorn-55366.exe	Unicorn-22030.exe
PID 1628 wrote to memory of 1896	1628	Unicorn-55366.exe	Unicorn-22030.exe
PID 2352 wrote to memory of 1252	2352	Unicorn-9694.exe	Unicorn-26114.exe
PID 2352 wrote to memory of 1252	2352	Unicorn-9694.exe	Unicorn-26114.exe
PID 2352 wrote to memory of 1252	2352	Unicorn-9694.exe	Unicorn-26114.exe
PID 2352 wrote to memory of 1252	2352	Unicorn-9694.exe	Unicorn-26114.exe
PID 2628 wrote to memory of 1220	2628	Unicorn-49974.exe	Unicorn-10908.exe
PID 2628 wrote to memory of 1220	2628	Unicorn-49974.exe	Unicorn-10908.exe
PID 2628 wrote to memory of 1220	2628	Unicorn-49974.exe	Unicorn-10908.exe
PID 2628 wrote to memory of 1220	2628	Unicorn-49974.exe	Unicorn-10908.exe

C:\Users\Admin\AppData\Local\Temp\75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe
"C:\Users\Admin\AppData\Local\Temp\75fb5de55ffd06c9c359815571938add00731efbf1915d0b6c974923ceae51f1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
8⤵
- Executes dropped EXE
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
10⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
11⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
12⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
13⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
14⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
15⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
15⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
14⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
13⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
12⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
11⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
10⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
11⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
12⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
13⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
14⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
14⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
13⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
12⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
11⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 220
10⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
9⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
10⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
12⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
13⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
14⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
14⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
13⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
12⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
11⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
10⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
9⤵
- Program crash
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
9⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
10⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
11⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
12⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
13⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
14⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 220
14⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
13⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
12⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
11⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
11⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
12⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
13⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
12⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
9⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
11⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
12⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
13⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
14⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 236
11⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
10⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
9⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
8⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
9⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
10⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
11⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
12⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
13⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
14⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
15⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
14⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
12⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
11⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
10⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
11⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
12⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
13⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
14⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
13⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
12⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 236
11⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
10⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
9⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
8⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
9⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
11⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
12⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
13⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
13⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
12⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
11⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
10⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
9⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
8⤵
- Program crash
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
9⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
10⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
11⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
12⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
13⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
14⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
14⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
13⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
12⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
10⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
9⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
12⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
13⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
12⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
11⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
10⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
8⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
9⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
10⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
11⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
12⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
13⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
14⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 236
14⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
13⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
12⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
11⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
10⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
11⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
12⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
13⤵
PID:11600

C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
14⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11600 -s 216
14⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
13⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
12⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
11⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
10⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
12⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
13⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
14⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 220
13⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
12⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
11⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
9⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
8⤵
- Program crash
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
7⤵
- Program crash
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Loads dropped DLL
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
10⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
11⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
12⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
13⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
14⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
15⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
16⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
15⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
14⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
13⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
12⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
11⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
12⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
13⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
14⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
15⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
14⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
13⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
12⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
11⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
11⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
12⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
13⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
14⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 220
14⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
13⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
12⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
11⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
10⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
9⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
11⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
12⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
13⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
14⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 236
14⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
13⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
12⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
11⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
10⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
11⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
12⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 236
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
12⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
11⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
10⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
9⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
9⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
11⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
12⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
13⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
13⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
12⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 220
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
10⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
8⤵
- Program crash
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
9⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
11⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
12⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
13⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
14⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
15⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
14⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
13⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
12⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
11⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
12⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
13⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 220
13⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 220
12⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
10⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
11⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
12⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
13⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
12⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
9⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
12⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
13⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
14⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
13⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
12⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
9⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
8⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
9⤵
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
11⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
12⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-55842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55842.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 236
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
12⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
10⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
9⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
8⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
10⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
11⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
11⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 212
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
11⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
10⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
8⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
6⤵
- Program crash
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-50374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50374.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
10⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
11⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
12⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
13⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
14⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
14⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
13⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
12⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
11⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
10⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
9⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
12⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
13⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
13⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 220
12⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
10⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
9⤵
- Program crash
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
9⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
10⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
11⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
12⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 236
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
12⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
11⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 216
10⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
9⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
8⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
9⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
11⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
12⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
13⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
10⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
9⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
10⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
12⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 220
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 216
9⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
8⤵
- Program crash
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
7⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
12⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
13⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
12⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
11⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
9⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
8⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
7⤵
- Executes dropped EXE
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
11⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
12⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
12⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
8⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
7⤵
- Program crash
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
9⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
10⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
11⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
12⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
13⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
14⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 220
13⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
12⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
10⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
9⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
9⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 188
10⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
11⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 236
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
10⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
9⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
8⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
7⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-42419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42419.exe
8⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
10⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
11⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
12⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 236
13⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
12⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
11⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
12⤵
PID:11548

C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
13⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11548 -s 216
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 220
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 220
11⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
9⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 224
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
7⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
11⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
10⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
8⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 220
7⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
6⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-46207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46207.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
9⤵
PID:388

C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
10⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
11⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
12⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
13⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
14⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
14⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
13⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
11⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 236
10⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
10⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
11⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
12⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
13⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
13⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
12⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
11⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
9⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
8⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
10⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
11⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
12⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
13⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
14⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
13⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
12⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
11⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
10⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 216
9⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 220
8⤵
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
11⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
12⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
13⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
13⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 236
12⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 236
11⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
10⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
10⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
11⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
12⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
13⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 220
11⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
8⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
7⤵
- Program crash
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-65236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
9⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
10⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
11⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
12⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 240
13⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
12⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
11⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
10⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
9⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
8⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
11⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
12⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
13⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 236
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
9⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
7⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
10⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
11⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
11⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
10⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
8⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
7⤵
- Program crash
PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
6⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
8⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
9⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
10⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
11⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
12⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
13⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
13⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
12⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
11⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-57876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57876.exe
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 220
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
8⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 236
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
9⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
8⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
10⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
11⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 220
11⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
7⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
6⤵
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
5⤵
- Program crash
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
8⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
9⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
11⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
12⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
13⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
14⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 236
12⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
11⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
10⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
9⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
8⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-37707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37707.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
11⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12157.exe
12⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
12⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
9⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 220
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
8⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
11⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
11⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
9⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
8⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
7⤵
- Program crash
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
7⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
8⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
11⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
12⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
12⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
9⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
8⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
7⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
10⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
11⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
8⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
7⤵
- Program crash
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
6⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
8⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
11⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
12⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
8⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
7⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
9⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
10⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
11⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
12⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 236
10⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
9⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
8⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
7⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
7⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
10⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
11⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 236
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
10⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
9⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 216
8⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
7⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
6⤵
- Program crash
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
5⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
2⤵
- Program crash
PID:2668

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
Filesize
184KB

MD5
e44c2da0a61bbb51bcdec71c32fa377d

SHA1
a85b5e29fdff2d2ab1d90d07924deb313e87b8fe

SHA256
24c66dbd07132aa4a12c46d749f2113722fabe01d56e322f6f4d9be4b9a64132

SHA512
d3a33b0ad7da7863037e9133536ecc6657b28e6348a1163061f4fce016dd55b58ebd228c71811a7a9659372baae3be107815bac994d8793da43227b513021227

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
Filesize
184KB

MD5
2561fa4ee2b28d17ebcd2b3d6aa31855

SHA1
59e69080e7f281454383b719a2e3ff59b117c650

SHA256
4746036a8ae94c5fa9c8dfb5cf7274179f43132212caced7cbfa953165c0182a

SHA512
f2c3efb53c17a1ad4f10dcf506398a534aac4eed878ad3a0731b530f4b6beb475190e5815103c230707b7723e182a03adb6a2f0c4686b87c3b58bff452f23553

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
Filesize
184KB

MD5
a9d536f6ae021d2b752a2683b41de8d7

SHA1
2e7a220c7e83d840a9bdb058ca2e5560d56e9d0c

SHA256
25aae4e48c5600c5d03a8275227fc1c014f0bec87ab8e543d9490d0ce1b554fe

SHA512
50ac8c9cb98d0ed284b443d5dea8c3b4833ba381acc51a070bd2f4e2355c9110cfa0ef092cc172cc259c4c512b5a441650c935dce31c28558bed4b27fe804dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
Filesize
184KB

MD5
b17846dbd4c3fc404a5cf23a93c24211

SHA1
ca502291c0508b4d2d61d6f248e96191d6e78ba8

SHA256
7006d61191a4ccbbc584966d626992344806227b1ffcb46d203de59adf205764

SHA512
ab9b16d92a2d8b7fe27b9130bd3d7af24f26ff94866126d0eab946c7b54913a4aaa341781fbb6550f8e226128b675cbfa0b374735e976335828be6172ad16e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
Filesize
184KB

MD5
40c55548fd304481528e17169b463d9f

SHA1
17f5da78342af8fb6f2d43169c214901a5ef9bbc

SHA256
69c4bf09beed3dbe3fdb1d100eb85e676b2f8c48019204f486bb51bd7b42f1d3

SHA512
daf1193a626cd9bafa535f2581ff3ea66db531b3f1c0e58271d2f70c5aebdecff9b75aa56c03b834b4fe0c1fae6bafc6e7e4cf46d193d01dd078248f10cf9ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
Filesize
184KB

MD5
66484940bcf1df0d697b9b10b9922c55

SHA1
98cc69cb607774acaa36292a4acf2f88415b8639

SHA256
46d8f00ae8654286d237ad1c61ab5f4e3c77380d18cfd28261961cc00b4d4e89

SHA512
9a63eafd4028278c479de6c5fbb3b69dff661ee42954fe9533c8583bd5a8cd0798fc6dae2317a9feb482f12e78ab59bdeb24454629b634f7b26c2515d63106be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
Filesize
184KB

MD5
b1cdb866db048eb03a2a33c994739116

SHA1
5f542841b36e48fe8b35ef02aa369aaea2948945

SHA256
1ad3d15dda369d2ae97b0b155c0908356067359f77b6aecb6954b6d95e3cfad6

SHA512
b2fb42e57fb1e575b17b1d6b1aad2162115f9676e3d571c774edccf2badfa3b42bf989385d9318db61195bbc33d79fe205e59d4dff81918cc61ea21d0fbb18b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
Filesize
184KB

MD5
1901642824fa405c6fb7cc94ae42b6b3

SHA1
fe7ca2becff97cee2337cbe56cfb5c9a73f8d0d5

SHA256
11284036a385635dfeaf84be48ef71677c459ba2cd782ca7932357cda6231321

SHA512
fcf69e0bea20153a087b57f1b0ca86b333e028d84ae2a99f58fafe71b7229a3832e131213d66c9bfdf80d8167283c716f68ba9afc7716f299b0d9763cf117977

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
Filesize
184KB

MD5
00e295491b33c2a380c4fee35ee76631

SHA1
8e5188a13c99e542ca5deb8ba620b3e45472d644

SHA256
61d4c5f9b8b1886309e08a0a72d7609929ac450de110f98868fcccb7fe46cbaa

SHA512
278edb51fa59572b0f9aad31ebe8ae0b026c07d1d00a13bbfafa07b1ab17483bf5621cfb1e32d46842189267262f99292aa381c583f13105562dff38fce42a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
Filesize
184KB

MD5
a6a9147d662928ff4291c98aa4e85f8c

SHA1
e0f42d34abaa563146ce06c9a1ebb88e5b5d6b48

SHA256
e4bd8bc4477c29efab5beee6ed4b6f170e1929b61f485cebfb98f413259b6918

SHA512
e6ad9fa31669adac6289958429e5f1d88a68f95d6d9cac93f10fc1dd77f29860ba22f05de593af1d1f653df1d2dfbd2c3cb870379a7904f4430d4c64f92958c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
Filesize
184KB

MD5
7b95b562fac1ecb2217b40d75b09eb6d

SHA1
8040c1d25edfd422c045f04d94b7c1841a12ce10

SHA256
99d8d25b1a03c2095c10d9eb29f1cf2c505e3115af4131f9935e20e893557520

SHA512
eccefa040e6b1d1ebf381936359eef47841444db09862325555ffa6c376ed3055b2e43de0b3cba7c6365813c001c85030e53f0110563141a20a8d53416cf67fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
Filesize
184KB

MD5
12937730613fd1e4da4a596cffaedf63

SHA1
70bc15ab79c40aa256aab7d298626e1b1403cf0d

SHA256
595bab8f7453d713f73dec1505d50b12ca71db44ac26b051c44fef9c22ed54b4

SHA512
12867cb0dcad7912dc75e43bd5d6cdfd3db2c82f0394a93c3e50e5317f927349f0ba6cb10687b3ec192729f5911050638fb0c030f170f3cf65e50c5a4d6d3f26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
Filesize
184KB

MD5
8ebf08095edff242389795b35f62bb86

SHA1
1e930ffaebbb41f95d44592033dd1d6a6c0adc14

SHA256
9907edcc1b346dbbc6311436c8dd43c53e343a6e0391c5c8bfdf34395523da42

SHA512
f71505d0d40a847d06916063bb00f819196362c8e55e998931ad6627e4287a88cbc2758dbf8a49cdfe53bac449433c3f8f96ce4a0eb51b67894bb6f25c85eaab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
Filesize
184KB

MD5
00b4c99d054d0aaeaa7d490643a82973

SHA1
9a15b28a5997e5fe93ed83f3373ed36d4378b6d5

SHA256
e573d79c98098a8cc0e36d7e91eba97c22cb480c4e21df984fae22f345ff37b1

SHA512
58243a35d667e63630cce7d9b6960948ea04b407921713b4df56e43df2e00262a11b4a1880b55145a18286f0c2d3716814e50d0a051c94f93240598422cf7f7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
Filesize
184KB

MD5
2178f0b9b40a47be4bd1cf176886825d

SHA1
4d8a37e8ff1ad17d4911941b6a525dd6561cbb2c

SHA256
598ce70cc953c4490eb61801da94db60c348ad27f31529062f81c9b1fe050f70

SHA512
a510b1580e06ba7bbc9ddf92c37aee7ea0ccdceb69feef5693272ab71d2fbf84f397c9c9cbdbadc3df521f7d4cc1a7f2a03b5f2550babef9261c5847c07455c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
Filesize
184KB

MD5
d3c989b68e9ce1ba5be6422b6ac7e8cd

SHA1
b72707449ab1d6d2da1b54d344cc49f6b99994b8

SHA256
5e79a0acea69161d1a20dbdfaa0a3f418d5bcaac573083b56aa07fab059b5461

SHA512
e2aec7fba1aeb0d346c4ffae6ef6d5eca0c4a97f4dc94a2dccbd92ba0bed61950aec2d3fec48eadceec7d63e7862874f7b19dd3c43f79844e2fc697250a515a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
Filesize
184KB

MD5
487b3aa97ec94d1fed6656dc14bd8a24

SHA1
4f7b908f70cc6b85d6a7a9b36d9edecf45f88872

SHA256
9defb5d522ededa8a299d116cc7a9b7e8d45ee1299e1f8df49fd6cbc1862d7fb

SHA512
5adfb0f71393f179b702d4960483774f8b98c7ac265e66e3e996716d99d61e160bf3280cb046523455dfc8c63ab4c9a300a923b3cc3c63921aa67be19799bd5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
Filesize
184KB

MD5
38404660bbe644c1c67294ad5aba36a0

SHA1
f2ae022d71f3ad7d55885fd37109d6de9c488362

SHA256
15b112dc189b871a9d8db573f2e57aec8d568b1c3567d1484f11a834d152ca17

SHA512
88d35680aad18a4aedb420043327db239e02469c8829aecdaa07e56c17b6290cd947b460761ba703b8c3dfb7983843240429e2b3d37fb43ad6d2c2934a0feca4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
Filesize
184KB

MD5
bcb4f372346244d45c9e4b88ab0267ef

SHA1
e797207d40c1ec6f8e348571d035bd7c2e77dffa

SHA256
9b1218b28831f7e5de4fc325de7bef71bcbae5cde9f93c2a6e8a51ac93a67ebb

SHA512
1c9cd23140ddd8648056d8c4bfd6cc988d8459e768bece753e01daab18ea05fc1caa9de851261b244429676daeee40b3913fafbd5997817d237f46a4cbb4b285

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
Filesize
184KB

MD5
5e51f323e4b4f9a7397de3b576da543c

SHA1
0c7ad626a169d598fd4e97ccbdb965689fb607d4

SHA256
82959941b977d82a853ab24899b520b8bfc2a9e57a8705e3f26713a1c3f8bc1a

SHA512
64076b209e4c62a881c2ab30745af52870fadab98f4d01a6e60c2fc6780c90d4eb51e1d3dc273dc1d56326b26dafb649bf9913acf82057d072cf51e6b85860d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
Filesize
184KB

MD5
ca51d4b1310021fbf72b0e91d37ca360

SHA1
c2280fd2542b2c9b1c8755d6a5fb43e34c678174

SHA256
ec3872365685daf4f7b7fab922a8f133e7f8acc57922a9a34a6270658ae70d3a

SHA512
53bb4ef9315916a912edcab9cac5d1a84781752181dd5149acee6f23e1d17cb55fd156d1dd0942cf6db43db2991534e883471cdc990ae706e309932892bb1557

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
Filesize
184KB

MD5
4747e19bdac9bbd5585189f8ed54a493

SHA1
f42b1c79f4f36fe2aae56f2cacb5c2c803759689

SHA256
7d1c5a1902f2800bba361ff0baedaf8f97c1429b39380ca4365b723c498de327

SHA512
072b11d87f0a7bd65232d363db136d9fba4429b1ea049483162c3a21c929f952cdb24967c871e22029899775f9320850327e5409e623318fcda9506b92586ea4

Download Submit
memory/2920-918-0x00000000027F0000-0x000000000294C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads