6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
Size

184KB
MD5

7e0d67262af124613f38a5d5c4b433fa
SHA1

833974ce0ee4465c8e6ea31f405404230cb1acb3
SHA256

6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7
SHA512

c14c35fbc16fda92589e8a5ef6196a0381eb49ac6a476d1bb1fbc06ba4a2ffda821b8b1e8413c0bde16429f860316f56cc4f8ee389b7f3babc0f2c433227c58f
SSDEEP

3072:BBfn/colNpasdRjYeVAlaXjICYIxPBKHH9KO5q9UGehlnVOFknr:BBMo0YRjqoXjIbn80hlnVOFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-1955.exeUnicorn-12344.exeUnicorn-23205.exeUnicorn-46133.exeUnicorn-11322.exeUnicorn-22183.exeUnicorn-48162.exeUnicorn-24212.exeUnicorn-39994.exeUnicorn-39994.exeUnicorn-16044.exeUnicorn-23741.exeUnicorn-65328.exeUnicorn-7404.exeUnicorn-30539.exeUnicorn-41399.exeUnicorn-57181.exeUnicorn-57181.exeUnicorn-2505.exeUnicorn-35199.exeUnicorn-27607.exeUnicorn-34383.exeUnicorn-54249.exeUnicorn-65110.exeUnicorn-60279.exeUnicorn-56195.exeUnicorn-56195.exeUnicorn-62972.exeUnicorn-17301.exeUnicorn-28161.exeUnicorn-15437.exeUnicorn-26298.exeUnicorn-7269.exeUnicorn-18130.exeUnicorn-56470.exeUnicorn-1794.exeUnicorn-52194.exeUnicorn-17384.exeUnicorn-20076.exeUnicorn-1047.exeUnicorn-42634.exeUnicorn-15245.exeUnicorn-56833.exeUnicorn-41888.exeUnicorn-52749.exeUnicorn-2993.exeUnicorn-33720.exeUnicorn-33720.exeUnicorn-9770.exeUnicorn-31498.exeUnicorn-56325.exeUnicorn-34836.exeUnicorn-54934.exeUnicorn-35905.exeUnicorn-50103.exeUnicorn-15292.exeUnicorn-56880.exeUnicorn-22069.exeUnicorn-64493.exeUnicorn-56901.exeUnicorn-32951.exeUnicorn-18007.exeUnicorn-59594.exeUnicorn-13922.exe

pid	process
1928	Unicorn-1955.exe
2584	Unicorn-12344.exe
2660	Unicorn-23205.exe
2480	Unicorn-46133.exe
2568	Unicorn-11322.exe
2484	Unicorn-22183.exe
2700	Unicorn-48162.exe
2764	Unicorn-24212.exe
1768	Unicorn-39994.exe
1776	Unicorn-39994.exe
1176	Unicorn-16044.exe
1236	Unicorn-23741.exe
2984	Unicorn-65328.exe
1612	Unicorn-7404.exe
1864	Unicorn-30539.exe
1624	Unicorn-41399.exe
2892	Unicorn-57181.exe
492	Unicorn-57181.exe
580	Unicorn-2505.exe
2172	Unicorn-35199.exe
444	Unicorn-27607.exe
2188	Unicorn-34383.exe
2712	Unicorn-54249.exe
952	Unicorn-65110.exe
2000	Unicorn-60279.exe
1984	Unicorn-56195.exe
624	Unicorn-56195.exe
2248	Unicorn-62972.exe
1004	Unicorn-17301.exe
1816	Unicorn-28161.exe
2868	Unicorn-15437.exe
1532	Unicorn-26298.exe
3028	Unicorn-7269.exe
1560	Unicorn-18130.exe
2740	Unicorn-56470.exe
3056	Unicorn-1794.exe
2492	Unicorn-52194.exe
2440	Unicorn-17384.exe
2516	Unicorn-20076.exe
2300	Unicorn-1047.exe
1260	Unicorn-42634.exe
2632	Unicorn-15245.exe
2676	Unicorn-56833.exe
1588	Unicorn-41888.exe
1436	Unicorn-52749.exe
348	Unicorn-2993.exe
1504	Unicorn-33720.exe
1312	Unicorn-33720.exe
1196	Unicorn-9770.exe
572	Unicorn-31498.exe
1916	Unicorn-56325.exe
2124	Unicorn-34836.exe
2072	Unicorn-54934.exe
1820	Unicorn-35905.exe
376	Unicorn-50103.exe
552	Unicorn-15292.exe
1868	Unicorn-56880.exe
2136	Unicorn-22069.exe
1696	Unicorn-64493.exe
1528	Unicorn-56901.exe
2140	Unicorn-32951.exe
1544	Unicorn-18007.exe
2720	Unicorn-59594.exe
2404	Unicorn-13922.exe

Loads dropped DLL 64 IoCs

Processes:

6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exeUnicorn-1955.exeUnicorn-23205.exeUnicorn-12344.exeWerFault.exeUnicorn-46133.exeUnicorn-22183.exeUnicorn-11322.exeWerFault.exeWerFault.exeUnicorn-48162.exeUnicorn-16044.exeUnicorn-39994.exeUnicorn-24212.exeUnicorn-39994.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
1928	Unicorn-1955.exe
1928	Unicorn-1955.exe
1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
2660	Unicorn-23205.exe
2660	Unicorn-23205.exe
2584	Unicorn-12344.exe
2584	Unicorn-12344.exe
1928	Unicorn-1955.exe
1928	Unicorn-1955.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
2480	Unicorn-46133.exe
2480	Unicorn-46133.exe
2660	Unicorn-23205.exe
2660	Unicorn-23205.exe
2484	Unicorn-22183.exe
2568	Unicorn-11322.exe
2484	Unicorn-22183.exe
2568	Unicorn-11322.exe
2584	Unicorn-12344.exe
2584	Unicorn-12344.exe
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
836	WerFault.exe
836	WerFault.exe
836	WerFault.exe
836	WerFault.exe
1604	WerFault.exe
836	WerFault.exe
2700	Unicorn-48162.exe
2700	Unicorn-48162.exe
2480	Unicorn-46133.exe
2480	Unicorn-46133.exe
1176	Unicorn-16044.exe
1176	Unicorn-16044.exe
1768	Unicorn-39994.exe
1768	Unicorn-39994.exe
2484	Unicorn-22183.exe
2484	Unicorn-22183.exe
2764	Unicorn-24212.exe
1776	Unicorn-39994.exe
2764	Unicorn-24212.exe
1776	Unicorn-39994.exe
2568	Unicorn-11322.exe
2568	Unicorn-11322.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2872	1860	WerFault.exe	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
884	1928	WerFault.exe	Unicorn-1955.exe
1604	2660	WerFault.exe	Unicorn-23205.exe
836	2584	WerFault.exe	Unicorn-12344.exe
1724	2480	WerFault.exe	Unicorn-46133.exe
2444	2568	WerFault.exe	Unicorn-11322.exe
288	2484	WerFault.exe	Unicorn-22183.exe
2228	2700	WerFault.exe	Unicorn-48162.exe
1800	1768	WerFault.exe	Unicorn-39994.exe
1520	2764	WerFault.exe	Unicorn-24212.exe
2100	1776	WerFault.exe	Unicorn-39994.exe
2948	2984	WerFault.exe	Unicorn-65328.exe
2204	1612	WerFault.exe	Unicorn-7404.exe
2208	1624	WerFault.exe	Unicorn-41399.exe
1708	580	WerFault.exe	Unicorn-2505.exe
1616	2892	WerFault.exe	Unicorn-57181.exe
1880	1864	WerFault.exe	Unicorn-30539.exe
568	492	WerFault.exe	Unicorn-57181.exe
2804	2140	WerFault.exe	Unicorn-32951.exe
284	2172	WerFault.exe	Unicorn-35199.exe
1548	2188	WerFault.exe	Unicorn-34383.exe
920	952	WerFault.exe	Unicorn-65110.exe
1904	2000	WerFault.exe	Unicorn-60279.exe
1976	624	WerFault.exe	Unicorn-56195.exe
1932	1984	WerFault.exe	Unicorn-56195.exe
2088	1816	WerFault.exe	Unicorn-28161.exe
3032	2248	WerFault.exe	Unicorn-62972.exe
2264	1004	WerFault.exe	Unicorn-17301.exe
556	1560	WerFault.exe	Unicorn-18130.exe
3024	2440	WerFault.exe	Unicorn-17384.exe
2232	1532	WerFault.exe	Unicorn-26298.exe
2456	2868	WerFault.exe	Unicorn-15437.exe
852	3028	WerFault.exe	Unicorn-7269.exe
1228	3056	WerFault.exe	Unicorn-1794.exe
1752	1312	WerFault.exe	Unicorn-33720.exe
3080	348	WerFault.exe	Unicorn-2993.exe
3088	2632	WerFault.exe	Unicorn-15245.exe
3152	2516	WerFault.exe	Unicorn-20076.exe
3280	1588	WerFault.exe	Unicorn-41888.exe
4088	2676	WerFault.exe	Unicorn-56833.exe
3204	1436	WerFault.exe	Unicorn-52749.exe
3224	1260	WerFault.exe	Unicorn-42634.exe
3276	2740	WerFault.exe	Unicorn-56470.exe
3272	1196	WerFault.exe	Unicorn-9770.exe
3308	2408	WerFault.exe	Unicorn-33418.exe
3544	2036	WerFault.exe	Unicorn-4171.exe
3628	2720	WerFault.exe	Unicorn-59594.exe
3648	2404	WerFault.exe	Unicorn-13922.exe
3696	1528	WerFault.exe	Unicorn-56901.exe
3732	2840	WerFault.exe	Unicorn-19953.exe
3736	1500	WerFault.exe	Unicorn-59039.exe
3800	2992	WerFault.exe	Unicorn-47342.exe
3828	2820	WerFault.exe	Unicorn-63123.exe
3996	2712	WerFault.exe	Unicorn-54249.exe
3128	572	WerFault.exe	Unicorn-31498.exe
3436	1544	WerFault.exe	Unicorn-18007.exe
3104	1696	WerFault.exe	Unicorn-64493.exe
3660	376	WerFault.exe	Unicorn-50103.exe
3960	1868	WerFault.exe	Unicorn-56880.exe
616	2312	WerFault.exe	Unicorn-41141.exe
3496	1916	WerFault.exe	Unicorn-56325.exe
4104	2124	WerFault.exe	Unicorn-34836.exe
4156	2612	WerFault.exe	Unicorn-43471.exe
4180	2688	WerFault.exe	Unicorn-32864.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exeUnicorn-1955.exeUnicorn-23205.exeUnicorn-12344.exeUnicorn-46133.exeUnicorn-11322.exeUnicorn-22183.exeUnicorn-48162.exeUnicorn-39994.exeUnicorn-24212.exeUnicorn-16044.exeUnicorn-39994.exeUnicorn-23741.exeUnicorn-65328.exeUnicorn-7404.exeUnicorn-30539.exeUnicorn-57181.exeUnicorn-41399.exeUnicorn-2505.exeUnicorn-57181.exeUnicorn-35199.exeUnicorn-27607.exeUnicorn-34383.exeUnicorn-54249.exeUnicorn-65110.exeUnicorn-60279.exeUnicorn-56195.exeUnicorn-56195.exeUnicorn-62972.exeUnicorn-17301.exeUnicorn-28161.exeUnicorn-15437.exeUnicorn-26298.exeUnicorn-18130.exeUnicorn-7269.exeUnicorn-56470.exeUnicorn-1794.exeUnicorn-52194.exeUnicorn-17384.exeUnicorn-20076.exeUnicorn-42634.exeUnicorn-15245.exeUnicorn-41888.exeUnicorn-56833.exeUnicorn-52749.exeUnicorn-2993.exeUnicorn-33720.exeUnicorn-33720.exeUnicorn-9770.exeUnicorn-31498.exeUnicorn-56325.exeUnicorn-34836.exeUnicorn-54934.exeUnicorn-35905.exeUnicorn-50103.exeUnicorn-15292.exeUnicorn-22069.exeUnicorn-56880.exeUnicorn-64493.exeUnicorn-56901.exeUnicorn-32951.exeUnicorn-18007.exeUnicorn-55510.exeUnicorn-59594.exe

pid	process
1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
1928	Unicorn-1955.exe
2660	Unicorn-23205.exe
2584	Unicorn-12344.exe
2480	Unicorn-46133.exe
2568	Unicorn-11322.exe
2484	Unicorn-22183.exe
2700	Unicorn-48162.exe
1768	Unicorn-39994.exe
2764	Unicorn-24212.exe
1176	Unicorn-16044.exe
1776	Unicorn-39994.exe
1236	Unicorn-23741.exe
2984	Unicorn-65328.exe
1612	Unicorn-7404.exe
1864	Unicorn-30539.exe
492	Unicorn-57181.exe
1624	Unicorn-41399.exe
580	Unicorn-2505.exe
2892	Unicorn-57181.exe
2172	Unicorn-35199.exe
444	Unicorn-27607.exe
2188	Unicorn-34383.exe
2712	Unicorn-54249.exe
952	Unicorn-65110.exe
2000	Unicorn-60279.exe
1984	Unicorn-56195.exe
624	Unicorn-56195.exe
2248	Unicorn-62972.exe
1004	Unicorn-17301.exe
1816	Unicorn-28161.exe
2868	Unicorn-15437.exe
1532	Unicorn-26298.exe
1560	Unicorn-18130.exe
3028	Unicorn-7269.exe
2740	Unicorn-56470.exe
3056	Unicorn-1794.exe
2492	Unicorn-52194.exe
2440	Unicorn-17384.exe
2516	Unicorn-20076.exe
1260	Unicorn-42634.exe
2632	Unicorn-15245.exe
1588	Unicorn-41888.exe
2676	Unicorn-56833.exe
1436	Unicorn-52749.exe
348	Unicorn-2993.exe
1504	Unicorn-33720.exe
1312	Unicorn-33720.exe
1196	Unicorn-9770.exe
572	Unicorn-31498.exe
1916	Unicorn-56325.exe
2124	Unicorn-34836.exe
2072	Unicorn-54934.exe
1820	Unicorn-35905.exe
376	Unicorn-50103.exe
552	Unicorn-15292.exe
2136	Unicorn-22069.exe
1868	Unicorn-56880.exe
1696	Unicorn-64493.exe
1528	Unicorn-56901.exe
2140	Unicorn-32951.exe
1544	Unicorn-18007.exe
2476	Unicorn-55510.exe
2720	Unicorn-59594.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exeUnicorn-1955.exeUnicorn-23205.exeUnicorn-12344.exeUnicorn-46133.exeUnicorn-22183.exeUnicorn-11322.exeUnicorn-48162.exe

description	pid	process	target process
PID 1860 wrote to memory of 1928	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-1955.exe
PID 1860 wrote to memory of 1928	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-1955.exe
PID 1860 wrote to memory of 1928	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-1955.exe
PID 1860 wrote to memory of 1928	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-1955.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-1955.exe	Unicorn-12344.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-1955.exe	Unicorn-12344.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-1955.exe	Unicorn-12344.exe
PID 1928 wrote to memory of 2584	1928	Unicorn-1955.exe	Unicorn-12344.exe
PID 1860 wrote to memory of 2660	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-23205.exe
PID 1860 wrote to memory of 2660	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-23205.exe
PID 1860 wrote to memory of 2660	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-23205.exe
PID 1860 wrote to memory of 2660	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	Unicorn-23205.exe
PID 1860 wrote to memory of 2872	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	WerFault.exe
PID 1860 wrote to memory of 2872	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	WerFault.exe
PID 1860 wrote to memory of 2872	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	WerFault.exe
PID 1860 wrote to memory of 2872	1860	6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe	WerFault.exe
PID 2660 wrote to memory of 2480	2660	Unicorn-23205.exe	Unicorn-46133.exe
PID 2660 wrote to memory of 2480	2660	Unicorn-23205.exe	Unicorn-46133.exe
PID 2660 wrote to memory of 2480	2660	Unicorn-23205.exe	Unicorn-46133.exe
PID 2660 wrote to memory of 2480	2660	Unicorn-23205.exe	Unicorn-46133.exe
PID 2584 wrote to memory of 2568	2584	Unicorn-12344.exe	Unicorn-11322.exe
PID 2584 wrote to memory of 2568	2584	Unicorn-12344.exe	Unicorn-11322.exe
PID 2584 wrote to memory of 2568	2584	Unicorn-12344.exe	Unicorn-11322.exe
PID 2584 wrote to memory of 2568	2584	Unicorn-12344.exe	Unicorn-11322.exe
PID 1928 wrote to memory of 2484	1928	Unicorn-1955.exe	Unicorn-22183.exe
PID 1928 wrote to memory of 2484	1928	Unicorn-1955.exe	Unicorn-22183.exe
PID 1928 wrote to memory of 2484	1928	Unicorn-1955.exe	Unicorn-22183.exe
PID 1928 wrote to memory of 2484	1928	Unicorn-1955.exe	Unicorn-22183.exe
PID 1928 wrote to memory of 884	1928	Unicorn-1955.exe	WerFault.exe
PID 1928 wrote to memory of 884	1928	Unicorn-1955.exe	WerFault.exe
PID 1928 wrote to memory of 884	1928	Unicorn-1955.exe	WerFault.exe
PID 1928 wrote to memory of 884	1928	Unicorn-1955.exe	WerFault.exe
PID 2480 wrote to memory of 2700	2480	Unicorn-46133.exe	Unicorn-48162.exe
PID 2480 wrote to memory of 2700	2480	Unicorn-46133.exe	Unicorn-48162.exe
PID 2480 wrote to memory of 2700	2480	Unicorn-46133.exe	Unicorn-48162.exe
PID 2480 wrote to memory of 2700	2480	Unicorn-46133.exe	Unicorn-48162.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-23205.exe	Unicorn-24212.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-23205.exe	Unicorn-24212.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-23205.exe	Unicorn-24212.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-23205.exe	Unicorn-24212.exe
PID 2484 wrote to memory of 1768	2484	Unicorn-22183.exe	Unicorn-39994.exe
PID 2484 wrote to memory of 1768	2484	Unicorn-22183.exe	Unicorn-39994.exe
PID 2484 wrote to memory of 1768	2484	Unicorn-22183.exe	Unicorn-39994.exe
PID 2484 wrote to memory of 1768	2484	Unicorn-22183.exe	Unicorn-39994.exe
PID 2568 wrote to memory of 1776	2568	Unicorn-11322.exe	Unicorn-39994.exe
PID 2568 wrote to memory of 1776	2568	Unicorn-11322.exe	Unicorn-39994.exe
PID 2568 wrote to memory of 1776	2568	Unicorn-11322.exe	Unicorn-39994.exe
PID 2568 wrote to memory of 1776	2568	Unicorn-11322.exe	Unicorn-39994.exe
PID 2584 wrote to memory of 1176	2584	Unicorn-12344.exe	Unicorn-16044.exe
PID 2584 wrote to memory of 1176	2584	Unicorn-12344.exe	Unicorn-16044.exe
PID 2584 wrote to memory of 1176	2584	Unicorn-12344.exe	Unicorn-16044.exe
PID 2584 wrote to memory of 1176	2584	Unicorn-12344.exe	Unicorn-16044.exe
PID 2660 wrote to memory of 1604	2660	Unicorn-23205.exe	WerFault.exe
PID 2660 wrote to memory of 1604	2660	Unicorn-23205.exe	WerFault.exe
PID 2660 wrote to memory of 1604	2660	Unicorn-23205.exe	WerFault.exe
PID 2660 wrote to memory of 1604	2660	Unicorn-23205.exe	WerFault.exe
PID 2584 wrote to memory of 836	2584	Unicorn-12344.exe	WerFault.exe
PID 2584 wrote to memory of 836	2584	Unicorn-12344.exe	WerFault.exe
PID 2584 wrote to memory of 836	2584	Unicorn-12344.exe	WerFault.exe
PID 2584 wrote to memory of 836	2584	Unicorn-12344.exe	WerFault.exe
PID 2700 wrote to memory of 1236	2700	Unicorn-48162.exe	Unicorn-23741.exe
PID 2700 wrote to memory of 1236	2700	Unicorn-48162.exe	Unicorn-23741.exe
PID 2700 wrote to memory of 1236	2700	Unicorn-48162.exe	Unicorn-23741.exe
PID 2700 wrote to memory of 1236	2700	Unicorn-48162.exe	Unicorn-23741.exe

C:\Users\Admin\AppData\Local\Temp\6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe
"C:\Users\Admin\AppData\Local\Temp\6841a1c4f033da587539759a19c0952fcdc425c9204abee02fcda6dec43714a7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
9⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
10⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
11⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
12⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
13⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
14⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
14⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
13⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
12⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 216
11⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
10⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
9⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
10⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
11⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
12⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
13⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
12⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
11⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
10⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
9⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
8⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
9⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
12⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
13⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
13⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
10⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
8⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
8⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
9⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
10⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
11⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
12⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
13⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
13⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
12⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
9⤵
- Program crash
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
8⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
11⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
12⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
12⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
11⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
10⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
8⤵
- Program crash
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 220
7⤵
- Program crash
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
6⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
8⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
11⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
12⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
13⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
13⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
12⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
11⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 236
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
11⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
10⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-31472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31472.exe
7⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
12⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
10⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
7⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
6⤵
- Program crash
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
9⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
10⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
11⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
12⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31757.exe
13⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
13⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
12⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
11⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
10⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 216
9⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
8⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
11⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 236
12⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
10⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
9⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 188
8⤵
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
11⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 236
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
10⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
11⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
12⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
12⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
8⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
11⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
12⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
7⤵
- Program crash
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
8⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
12⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
13⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
11⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
10⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-23088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23088.exe
11⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
12⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
12⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
11⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
8⤵
- Program crash
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
7⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
10⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
11⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 236
12⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
8⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
7⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
11⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
12⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
12⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 220
10⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
9⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
10⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
11⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
10⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
9⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
8⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
6⤵
- Program crash
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
11⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
12⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 200
13⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
9⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
8⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
10⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
11⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
12⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
13⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 220
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 236
11⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
9⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
8⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
11⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 236
12⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
8⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
7⤵
- Program crash
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
7⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
8⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
12⤵
PID:12280

C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
13⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12280 -s 216
13⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 220
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
11⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 220
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
10⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
8⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
7⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
11⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
12⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
10⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
7⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 220
6⤵
- Program crash
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
7⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
8⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
11⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
12⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
13⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
13⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
12⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
9⤵
- Program crash
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
10⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
11⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
12⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
12⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
10⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
7⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
10⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
12⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
12⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
11⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
8⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
6⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
7⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
10⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
11⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
11⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
10⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
7⤵
- Program crash
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 220
6⤵
- Program crash
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
5⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
6⤵
- Executes dropped EXE
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
11⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 216
12⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 220
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
8⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
8⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
9⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
10⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
11⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 220
11⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
10⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
9⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
7⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
6⤵
- Program crash
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
6⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
7⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
11⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
8⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
7⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
8⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
9⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
10⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
10⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
9⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
8⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
7⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
6⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
7⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
8⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
9⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
10⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
10⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
9⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
8⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
7⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 220
6⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
5⤵
- Program crash
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
9⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
10⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
11⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
12⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
13⤵
PID:9280

C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
14⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
14⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
13⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
12⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
11⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
10⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
13⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
12⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
11⤵
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
8⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
11⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
12⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
13⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
11⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
9⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
8⤵
- Program crash
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
8⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
10⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
11⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
12⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
13⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
12⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
11⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
9⤵
- Program crash
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
8⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
12⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
13⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
11⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
9⤵
- Program crash
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
10⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26933.exe
11⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
12⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
11⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
8⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
10⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
11⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
7⤵
- Program crash
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
7⤵
- Executes dropped EXE
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
8⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
10⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
12⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
13⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 220
13⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 236
12⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
9⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
8⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
7⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 200
8⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
10⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
11⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
8⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
7⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
8⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
9⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
10⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
9⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
8⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 220
7⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
6⤵
- Program crash
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
5⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
11⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-33970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33970.exe
12⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
13⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
11⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
11⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 200
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 220
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
9⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
8⤵
- Program crash
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
7⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
11⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
12⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 220
12⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 220
11⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
10⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 216
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
7⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
7⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
11⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 216
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
7⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
8⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
9⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
10⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
11⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 236
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
10⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
9⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
8⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
7⤵
- Program crash
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
6⤵
- Program crash
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
7⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
10⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
9⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
10⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
11⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
10⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
8⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
7⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
6⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
7⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
9⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
10⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
11⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
11⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
10⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
9⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
7⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
6⤵
- Program crash
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
5⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:492

C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
9⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
11⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
12⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
13⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
12⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3009.exe
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 220
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
11⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
12⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 236
12⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
11⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
6⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
7⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62511.exe
10⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
11⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
12⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 236
12⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
7⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
8⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
8⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
9⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
10⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
9⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 220
8⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 220
7⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
6⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
6⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
7⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
10⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
11⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
8⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
7⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
6⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
7⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
8⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
9⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
10⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 236
10⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
9⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
8⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
7⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
6⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 240
5⤵
- Program crash
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
6⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
9⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
10⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 236
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
10⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
9⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
7⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 216
6⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
5⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
6⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
9⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
10⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
11⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 220
10⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
8⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 216
7⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
6⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
5⤵
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
4⤵
- Program crash
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
2⤵
- Program crash
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe

Filesize
184KB

MD5
eaef19a3acd4fa1a121f8449ae2997fd

SHA1
63d210dc33e622012af214f9e1afb59f93991a99

SHA256
af3936ca286bebcd176a9d4b9d22ac74b0e5073d3ac9c26ea1efbdc1090f7a4c

SHA512
56ec1b8723fbd82f246644ff59f7561345f4f628c1df74f854de68188c6a2b276bee4239708396f1b5d59218a0d536a1d46bd3468f8a392da143e9e425b34bcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe

Filesize
184KB

MD5
840c18bc5aff1a40db533b015a31eeb5

SHA1
9ca6ad5101d871388c04089ffbc993294cce2fbe

SHA256
ced1c71d9e583b15e123cd6be8792158ad692d5625569b53c289d93409788e3e

SHA512
0808e25dee6999eb0e0a94fbc8061a17a537654b9cc4535db784380ed0b2ad173d530d659991435fefbb822ae3f41e6429eb430bfb44a86d8376c4f3907bb3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe

Filesize
184KB

MD5
601e882637a47f024be716969f083a88

SHA1
86f3d4375e4af66cea974ad76be6a88db0454861

SHA256
2fe881c5670f90c24d4aa668b61af535ea348644621943b7a7aaee4e69594a9f

SHA512
413c8c4d72c7f21ee8c514ba461614ba9e3463160cea4c2adee2efe698645bc128630e534af80ac1df61e1d6900fce9a50ed8c01246575a868f24ffd692e112d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe

Filesize
184KB

MD5
0f7b1b190955fcaa45c04dab030b2bfb

SHA1
9f22a55fe733ed3b5450f5c36d0e3db306f11358

SHA256
7e26a449b37767f687aaa8e7377f24eb32fcea767806c0f756a39548b40d464c

SHA512
a9ede8eede52b1e1dc12cc8779197f0cf4719f88a2889d33974a2a7637363c181c7cc5572efd9b32601498338d649199d4b34d4022521066eba69d0c6f0e0513

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe

Filesize
184KB

MD5
9e588445ecab2fb9c6372de12bfe601a

SHA1
28a93972490bede23ccf709411bef1cf8d7ccabb

SHA256
aca86c98c9e287080d1cc9ffc9b5fc79c212fed14f50a81713a8db36f93f566c

SHA512
d20701bbf9204c10a19379bf2865ad4273f90d10ea1f52aa69cf5be6c25898a81f0a2e7f4a835009032037a90811765b48f673b5f856258f6b2ea7f448560820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe

Filesize
184KB

MD5
4d7360fe256cb8fafdbdf457101df569

SHA1
556be86a709b89d3fc706676285745acfe86df32

SHA256
3020ef494b57bd6ca08bdfa5a5abe5383f286bfdbcff077a5977736dc57800cf

SHA512
caa0b6ccb78b849e409db4156952dc8a1d01052622350694a897ec90374d76e7256bfa6a7a70e05d3d31ce1056f6a63f4975df3e116a01c8cfb6e69ce30675da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe

Filesize
184KB

MD5
14ec0362d4e60d55ff8e47592ee83953

SHA1
5a6996a5c9a107a5a77facaa6c9afa1ad181d765

SHA256
e9a450fb703c810cee0d1b49ea688f39b5e4717e4e38c463cb312e50d829a5ca

SHA512
731c54ebd68a067a130c32b85fffe097f33109a7220ca49f3e27fe8147ba8c91301740d4125fbb7ccdc2f75686dd7ac720a3f77baf05b80b26bcd01b1a5ca6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe

Filesize
184KB

MD5
6fa01c3bcd73d31552d3d5801a6f5e90

SHA1
6565e86b0232a75ad50d94549c4e6476735e992b

SHA256
c1e7f206a4143c723b294bc8d72cb2605118969a4679c99ad58d6971d4677a2b

SHA512
5abca05da032c6d28e5e5f81a7c9bcbc0e0a5e82424f26db8a42e5fda6ad39b845c3f510c60cf374c262dd779209e84879815f90e376711a08e6382d6cb61056

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe

Filesize
184KB

MD5
b16f0ec600fb8666413435dc553097bb

SHA1
44114e03fb5c16dfe3bc6adf8923dca2919aad7e

SHA256
e10949b06b607279ed116829b4f2908c2d4ed7baf110d4915f8a23eb3760e525

SHA512
9947958986015fcda759978734b5ab24337d2a80a2345be8383605c13912730f625187712c30c66b138bc75fe8cfb64d0a01a16bcc051f21d0596bfc24f91b22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe

Filesize
184KB

MD5
a0b22db1f3be23d35839dca0a17d5fa6

SHA1
f1e05f17d99b894259e93e079af1646149c8947b

SHA256
39fba482e0608f7c67a7e58c41b964392a3a7543d42068ba6afebbf88c15dfa5

SHA512
dfea8838bef4552ad1d3098a26b180ddc5f5646b2f91f6ab266e9f9b5a51783776d24f79ae07b69346f85704159848c3118df23c7fd019e932130cdd1fd22b0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe

Filesize
184KB

MD5
d52cb01dd044083f73a5264b5bb9a412

SHA1
10f7c1694003761a17bf31ee368459757368047d

SHA256
d6c0a17615fb0c37077aa444a4d7ac86d8a17d544bbf683eb4468de1fdce37e6

SHA512
5de5f25de8fcb4ab9c715ea8312f6fb36b5048876eb3f20128ec30e54a5e1883e3f43beba22d121638c4dd33d6de313ec6650c53b5ea35740866b0c33626097e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe

Filesize
184KB

MD5
15951b414bc579812abbd5c273a50bad

SHA1
c2fe51a48a6ef38fbc55f9e6ce59d209321ba6e4

SHA256
0d7b31b060415def41fdfede79b6cba6b02ad9c2018d1e7c0abd9cd635ab6554

SHA512
724f3d84caf5c27ed25d66095fc7b793a3f75ef9189e7524ab4e7ede789c8fa2860b9069512fabb132fe7030a4c0cf779c5d79d2ab3d23fbe9c9d6fb996b8c16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe

Filesize
184KB

MD5
00139231850330071405dc670c44fab1

SHA1
8e98dc4ca1fd6736a84f02e12661e65a7f0d5b02

SHA256
65723e7defc428acdf10625a0c473ecb794b51b15b7fbc83666a401b188f754a

SHA512
70a151e101d6b83b86c488dd51df70f6050c457f588a1af93740e97cfcd36c4f9f620d0107d6bc397f89223a99ef70c6a8d73d7fc47dbc3326f6cea4d5438c92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe

Filesize
184KB

MD5
2453974a148e59f15e1c645b92a3a1ca

SHA1
8e386c17b266bddc45c477adc76edbfa07892333

SHA256
9ebcb1b20c48c545dc17ac3d37c6cd83d17cb3e6cad0b0f5d50548eb9125d679

SHA512
3d8aefa88d475a263c49d215c42db40b9980a076826ea6ad193fbbb6938d37d6d43d49d4b3c155391ae8e4df2e5735b19c8949080adb98c3929a16939673892c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe

Filesize
184KB

MD5
86cb2c7d64956358ee860472cd117e18

SHA1
c8790fcfb6dfdfd69e9bf08b0fcfd650ae665ef1

SHA256
158b01c395837793767dd522760df39bd835db695b94f800085e76f276d8ca44

SHA512
e83fb0b0e5f218b578a69430e2611742823c2e10d350b17c424323e7fcfa7d388912f282acb765827c489c8055b4e0676e484a87d7200ab0ffae5f7a726d68c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe

Filesize
184KB

MD5
1329b6abf2a41ec1ba60f5d7e838f2e3

SHA1
f29a1f2aeb8267712cc90cfd2cde3d1dd0e92648

SHA256
3182d5247128a6413f8dcd41f26db1a2ac6564c80e145649066fb3b8c339ce61

SHA512
55862bbe216ab793b6561de148c7b177e6e1418b6f653aa4e704387b193c795e38c5ddf242c844b6cfbec8bd3a3da848b06666dcd9a3fa5d8d94bc6d0b06ff17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe

Filesize
184KB

MD5
71a2ea24014112a8bf1a35c6ca4c9b24

SHA1
7b96915f937bbcc7ca9525afec80d38723881f4f

SHA256
3f8e4e680232a75569bd81b63e5da7479ba47ed3e5da8390ae65b638769ed16e

SHA512
a774054ece7d64658de146a7204eff8b2eea977e031ba9040d5e93a74f90d2f419490968f1eab16e2fb6b8e97d976d5b1af3688df776b7ab6da33b75efccc029

Download Submit