aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
Size

184KB
MD5

96ce96af80ccf6b43154fb0857c5c2e1
SHA1

55ac875308eef6997810922714e87a068372840f
SHA256

aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95
SHA512

bfa8c323b0c162c4b9d803ea1024a7532eb9f6c04d0d5810a64939fe62ba5e1db5853b1728fbbe77644126373f6a1fb2f2a55a807e3dcd829668ab3c02234522
SSDEEP

1536:p7S/EjZAu3LxotxNs1KAlawMwyIyvZclQmd8O7bR2Vxqtohl5hj5nizpvi:hb53LxoTO1KTdwxWet7bRg4ohlnViF6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-43706.exeUnicorn-64116.exeUnicorn-44251.exeUnicorn-46911.exeUnicorn-16891.exeUnicorn-16891.exeUnicorn-56922.exeUnicorn-36864.exeUnicorn-56730.exeUnicorn-24442.exeUnicorn-20035.exeUnicorn-53765.exeUnicorn-49743.exeUnicorn-36744.exeUnicorn-54533.exeUnicorn-37320.exeUnicorn-17454.exeUnicorn-34667.exeUnicorn-21669.exeUnicorn-42707.exeUnicorn-43781.exeUnicorn-63646.exeUnicorn-30974.exeUnicorn-20537.exeUnicorn-64606.exeUnicorn-60200.exeUnicorn-14528.exeUnicorn-48389.exeUnicorn-35582.exeUnicorn-2717.exeUnicorn-30791.exeUnicorn-35390.exeUnicorn-35785.exeUnicorn-31378.exeUnicorn-52204.exeUnicorn-32146.exeUnicorn-35183.exeUnicorn-65203.exeUnicorn-19532.exeUnicorn-5774.exeUnicorn-37487.exeUnicorn-17429.exeUnicorn-37295.exeUnicorn-5006.exeUnicorn-4814.exeUnicorn-50486.exeUnicorn-41824.exeUnicorn-61690.exeUnicorn-38255.exeUnicorn-38255.exeUnicorn-18197.exeUnicorn-48356.exeUnicorn-2684.exeUnicorn-24439.exeUnicorn-28200.exeUnicorn-24247.exeUnicorn-1636.exeUnicorn-8221.exeUnicorn-35077.exeUnicorn-20194.exeUnicorn-136.exeUnicorn-20002.exeUnicorn-50370.exeUnicorn-30504.exe

pid	process
2312	Unicorn-43706.exe
3044	Unicorn-64116.exe
2664	Unicorn-44251.exe
2500	Unicorn-46911.exe
2680	Unicorn-16891.exe
2652	Unicorn-16891.exe
2356	Unicorn-56922.exe
2112	Unicorn-36864.exe
1540	Unicorn-56730.exe
1884	Unicorn-24442.exe
328	Unicorn-20035.exe
1424	Unicorn-53765.exe
1416	Unicorn-49743.exe
2884	Unicorn-36744.exe
2228	Unicorn-54533.exe
2232	Unicorn-37320.exe
2212	Unicorn-17454.exe
672	Unicorn-34667.exe
320	Unicorn-21669.exe
444	Unicorn-42707.exe
2000	Unicorn-43781.exe
1596	Unicorn-63646.exe
2144	Unicorn-30974.exe
3060	Unicorn-20537.exe
848	Unicorn-64606.exe
2956	Unicorn-60200.exe
2836	Unicorn-14528.exe
2072	Unicorn-48389.exe
1412	Unicorn-35582.exe
2304	Unicorn-2717.exe
1400	Unicorn-30791.exe
1180	Unicorn-35390.exe
2616	Unicorn-35785.exe
2624	Unicorn-31378.exe
2396	Unicorn-52204.exe
2576	Unicorn-32146.exe
2192	Unicorn-35183.exe
396	Unicorn-65203.exe
1512	Unicorn-19532.exe
1628	Unicorn-5774.exe
1668	Unicorn-37487.exe
1536	Unicorn-17429.exe
1608	Unicorn-37295.exe
1980	Unicorn-5006.exe
1624	Unicorn-4814.exe
1216	Unicorn-50486.exe
1524	Unicorn-41824.exe
2916	Unicorn-61690.exe
2012	Unicorn-38255.exe
1040	Unicorn-38255.exe
2184	Unicorn-18197.exe
652	Unicorn-48356.exe
2844	Unicorn-2684.exe
944	Unicorn-24439.exe
1576	Unicorn-28200.exe
1004	Unicorn-24247.exe
2176	Unicorn-1636.exe
2392	Unicorn-8221.exe
1268	Unicorn-35077.exe
2736	Unicorn-20194.exe
2596	Unicorn-136.exe
2784	Unicorn-20002.exe
2464	Unicorn-50370.exe
2632	Unicorn-30504.exe

Loads dropped DLL 64 IoCs

Processes:

aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exeUnicorn-43706.exeUnicorn-44251.exeUnicorn-64116.exeWerFault.exeUnicorn-46911.exeUnicorn-16891.exeUnicorn-16891.exeWerFault.exeWerFault.exeUnicorn-56922.exeUnicorn-24442.exeUnicorn-20035.exeUnicorn-56730.exeUnicorn-36864.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
2312	Unicorn-43706.exe
2312	Unicorn-43706.exe
3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
2664	Unicorn-44251.exe
3044	Unicorn-64116.exe
2312	Unicorn-43706.exe
3044	Unicorn-64116.exe
2312	Unicorn-43706.exe
2664	Unicorn-44251.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2500	Unicorn-46911.exe
2500	Unicorn-46911.exe
3044	Unicorn-64116.exe
3044	Unicorn-64116.exe
2652	Unicorn-16891.exe
2652	Unicorn-16891.exe
2680	Unicorn-16891.exe
2680	Unicorn-16891.exe
2664	Unicorn-44251.exe
2664	Unicorn-44251.exe
1836	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1836	WerFault.exe
1836	WerFault.exe
1836	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1836	WerFault.exe
2356	Unicorn-56922.exe
2356	Unicorn-56922.exe
2500	Unicorn-46911.exe
2500	Unicorn-46911.exe
1884	Unicorn-24442.exe
1884	Unicorn-24442.exe
2680	Unicorn-16891.exe
2680	Unicorn-16891.exe
328	Unicorn-20035.exe
328	Unicorn-20035.exe
1540	Unicorn-56730.exe
1540	Unicorn-56730.exe
2112	Unicorn-36864.exe
2112	Unicorn-36864.exe
2652	Unicorn-16891.exe
2652	Unicorn-16891.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
2308	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2468	3012	WerFault.exe	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
2940	2312	WerFault.exe	Unicorn-43706.exe
1836	3044	WerFault.exe	Unicorn-64116.exe
1756	2664	WerFault.exe	Unicorn-44251.exe
300	2500	WerFault.exe	Unicorn-46911.exe
608	2652	WerFault.exe	Unicorn-16891.exe
2308	2680	WerFault.exe	Unicorn-16891.exe
2780	2356	WerFault.exe	Unicorn-56922.exe
2152	1884	WerFault.exe	Unicorn-24442.exe
1952	2112	WerFault.exe	Unicorn-36864.exe
2980	328	WerFault.exe	Unicorn-20035.exe
2336	1540	WerFault.exe	Unicorn-56730.exe
2276	1416	WerFault.exe	Unicorn-49743.exe
2348	1424	WerFault.exe	Unicorn-53765.exe
2648	2884	WerFault.exe	Unicorn-36744.exe
2296	320	WerFault.exe	Unicorn-21669.exe
1032	2228	WerFault.exe	Unicorn-54533.exe
1700	2232	WerFault.exe	Unicorn-37320.exe
892	2212	WerFault.exe	Unicorn-17454.exe
2952	672	WerFault.exe	Unicorn-34667.exe
2508	444	WerFault.exe	Unicorn-42707.exe
2716	1596	WerFault.exe	Unicorn-63646.exe
2688	2144	WerFault.exe	Unicorn-30974.exe
1548	3060	WerFault.exe	Unicorn-20537.exe
1720	2836	WerFault.exe	Unicorn-14528.exe
1768	848	WerFault.exe	Unicorn-64606.exe
2424	2072	WerFault.exe	Unicorn-48389.exe
988	1180	WerFault.exe	Unicorn-35390.exe
3064	1400	WerFault.exe	Unicorn-30791.exe
2856	2304	WerFault.exe	Unicorn-2717.exe
2544	2956	WerFault.exe	Unicorn-60200.exe
2872	1412	WerFault.exe	Unicorn-35582.exe
2352	2440	WerFault.exe	Unicorn-59467.exe
3456	2616	WerFault.exe	Unicorn-35785.exe
3472	2624	WerFault.exe	Unicorn-31378.exe
3488	2396	WerFault.exe	Unicorn-52204.exe
3528	2192	WerFault.exe	Unicorn-35183.exe
3572	396	WerFault.exe	Unicorn-65203.exe
3584	1628	WerFault.exe	Unicorn-5774.exe
3592	1512	WerFault.exe	Unicorn-19532.exe
3728	1668	WerFault.exe	Unicorn-37487.exe
3888	2576	WerFault.exe	Unicorn-32146.exe
3988	1524	WerFault.exe	Unicorn-41824.exe
4080	1040	WerFault.exe	Unicorn-38255.exe
3112	1536	WerFault.exe	Unicorn-17429.exe
3128	1216	WerFault.exe	Unicorn-50486.exe
3956	2184	WerFault.exe	Unicorn-18197.exe
1584	652	WerFault.exe	Unicorn-48356.exe
3680	2916	WerFault.exe	Unicorn-61690.exe
3100	1876	WerFault.exe	Unicorn-55627.exe
3212	2560	WerFault.exe	Unicorn-39601.exe
3316	928	WerFault.exe	Unicorn-63421.exe
3344	776	WerFault.exe	Unicorn-58891.exe
3692	1980	WerFault.exe	Unicorn-5006.exe
3864	1480	WerFault.exe	Unicorn-920.exe
3360	1624	WerFault.exe	Unicorn-4814.exe
3976	1608	WerFault.exe	Unicorn-37295.exe
4048	1408	WerFault.exe	Unicorn-26987.exe
4108	2012	WerFault.exe	Unicorn-38255.exe
4116	2968	WerFault.exe	Unicorn-46400.exe
4156	2788	WerFault.exe	Unicorn-55627.exe
4164	1280	WerFault.exe	Unicorn-50614.exe
4204	2844	WerFault.exe	Unicorn-2684.exe
4316	2368	WerFault.exe	Unicorn-35664.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exeUnicorn-43706.exeUnicorn-44251.exeUnicorn-64116.exeUnicorn-46911.exeUnicorn-16891.exeUnicorn-16891.exeUnicorn-36864.exeUnicorn-56922.exeUnicorn-20035.exeUnicorn-24442.exeUnicorn-56730.exeUnicorn-49743.exeUnicorn-53765.exeUnicorn-36744.exeUnicorn-34667.exeUnicorn-17454.exeUnicorn-54533.exeUnicorn-37320.exeUnicorn-21669.exeUnicorn-42707.exeUnicorn-43781.exeUnicorn-63646.exeUnicorn-30974.exeUnicorn-20537.exeUnicorn-64606.exeUnicorn-35582.exeUnicorn-14528.exeUnicorn-60200.exeUnicorn-48389.exeUnicorn-2717.exeUnicorn-35390.exeUnicorn-30791.exeUnicorn-35785.exeUnicorn-31378.exeUnicorn-52204.exeUnicorn-32146.exeUnicorn-65203.exeUnicorn-19532.exeUnicorn-35183.exeUnicorn-5774.exeUnicorn-37487.exeUnicorn-17429.exeUnicorn-37295.exeUnicorn-5006.exeUnicorn-4814.exeUnicorn-50486.exeUnicorn-61690.exeUnicorn-38255.exeUnicorn-38255.exeUnicorn-41824.exeUnicorn-48356.exeUnicorn-18197.exeUnicorn-2684.exeUnicorn-24439.exeUnicorn-28200.exeUnicorn-24247.exeUnicorn-1636.exeUnicorn-8221.exeUnicorn-35077.exeUnicorn-20194.exeUnicorn-20002.exeUnicorn-136.exeUnicorn-50370.exe

pid	process
3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
2312	Unicorn-43706.exe
2664	Unicorn-44251.exe
3044	Unicorn-64116.exe
2500	Unicorn-46911.exe
2652	Unicorn-16891.exe
2680	Unicorn-16891.exe
2112	Unicorn-36864.exe
2356	Unicorn-56922.exe
328	Unicorn-20035.exe
1884	Unicorn-24442.exe
1540	Unicorn-56730.exe
1416	Unicorn-49743.exe
1424	Unicorn-53765.exe
2884	Unicorn-36744.exe
672	Unicorn-34667.exe
2212	Unicorn-17454.exe
2228	Unicorn-54533.exe
2232	Unicorn-37320.exe
320	Unicorn-21669.exe
444	Unicorn-42707.exe
2000	Unicorn-43781.exe
1596	Unicorn-63646.exe
2144	Unicorn-30974.exe
3060	Unicorn-20537.exe
848	Unicorn-64606.exe
1412	Unicorn-35582.exe
2836	Unicorn-14528.exe
2956	Unicorn-60200.exe
2072	Unicorn-48389.exe
2304	Unicorn-2717.exe
1180	Unicorn-35390.exe
1400	Unicorn-30791.exe
2616	Unicorn-35785.exe
2624	Unicorn-31378.exe
2396	Unicorn-52204.exe
2576	Unicorn-32146.exe
396	Unicorn-65203.exe
1512	Unicorn-19532.exe
2192	Unicorn-35183.exe
1628	Unicorn-5774.exe
1668	Unicorn-37487.exe
1536	Unicorn-17429.exe
1608	Unicorn-37295.exe
1980	Unicorn-5006.exe
1624	Unicorn-4814.exe
1216	Unicorn-50486.exe
2916	Unicorn-61690.exe
1040	Unicorn-38255.exe
2012	Unicorn-38255.exe
1524	Unicorn-41824.exe
652	Unicorn-48356.exe
2184	Unicorn-18197.exe
2844	Unicorn-2684.exe
944	Unicorn-24439.exe
1576	Unicorn-28200.exe
1004	Unicorn-24247.exe
2176	Unicorn-1636.exe
2392	Unicorn-8221.exe
1268	Unicorn-35077.exe
2736	Unicorn-20194.exe
2784	Unicorn-20002.exe
2596	Unicorn-136.exe
2464	Unicorn-50370.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exeUnicorn-43706.exeUnicorn-64116.exeUnicorn-44251.exeUnicorn-46911.exeUnicorn-16891.exeUnicorn-16891.exeUnicorn-56922.exe

description	pid	process	target process
PID 3012 wrote to memory of 2312	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-43706.exe
PID 3012 wrote to memory of 2312	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-43706.exe
PID 3012 wrote to memory of 2312	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-43706.exe
PID 3012 wrote to memory of 2312	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-43706.exe
PID 2312 wrote to memory of 3044	2312	Unicorn-43706.exe	Unicorn-64116.exe
PID 2312 wrote to memory of 3044	2312	Unicorn-43706.exe	Unicorn-64116.exe
PID 2312 wrote to memory of 3044	2312	Unicorn-43706.exe	Unicorn-64116.exe
PID 2312 wrote to memory of 3044	2312	Unicorn-43706.exe	Unicorn-64116.exe
PID 3012 wrote to memory of 2664	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-44251.exe
PID 3012 wrote to memory of 2664	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-44251.exe
PID 3012 wrote to memory of 2664	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-44251.exe
PID 3012 wrote to memory of 2664	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	Unicorn-44251.exe
PID 3012 wrote to memory of 2468	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	WerFault.exe
PID 3012 wrote to memory of 2468	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	WerFault.exe
PID 3012 wrote to memory of 2468	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	WerFault.exe
PID 3012 wrote to memory of 2468	3012	aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe	WerFault.exe
PID 3044 wrote to memory of 2652	3044	Unicorn-64116.exe	Unicorn-16891.exe
PID 3044 wrote to memory of 2652	3044	Unicorn-64116.exe	Unicorn-16891.exe
PID 3044 wrote to memory of 2652	3044	Unicorn-64116.exe	Unicorn-16891.exe
PID 3044 wrote to memory of 2652	3044	Unicorn-64116.exe	Unicorn-16891.exe
PID 2312 wrote to memory of 2500	2312	Unicorn-43706.exe	Unicorn-46911.exe
PID 2312 wrote to memory of 2500	2312	Unicorn-43706.exe	Unicorn-46911.exe
PID 2312 wrote to memory of 2500	2312	Unicorn-43706.exe	Unicorn-46911.exe
PID 2312 wrote to memory of 2500	2312	Unicorn-43706.exe	Unicorn-46911.exe
PID 2664 wrote to memory of 2680	2664	Unicorn-44251.exe	Unicorn-16891.exe
PID 2664 wrote to memory of 2680	2664	Unicorn-44251.exe	Unicorn-16891.exe
PID 2664 wrote to memory of 2680	2664	Unicorn-44251.exe	Unicorn-16891.exe
PID 2664 wrote to memory of 2680	2664	Unicorn-44251.exe	Unicorn-16891.exe
PID 2312 wrote to memory of 2940	2312	Unicorn-43706.exe	WerFault.exe
PID 2312 wrote to memory of 2940	2312	Unicorn-43706.exe	WerFault.exe
PID 2312 wrote to memory of 2940	2312	Unicorn-43706.exe	WerFault.exe
PID 2312 wrote to memory of 2940	2312	Unicorn-43706.exe	WerFault.exe
PID 2500 wrote to memory of 2356	2500	Unicorn-46911.exe	Unicorn-56922.exe
PID 2500 wrote to memory of 2356	2500	Unicorn-46911.exe	Unicorn-56922.exe
PID 2500 wrote to memory of 2356	2500	Unicorn-46911.exe	Unicorn-56922.exe
PID 2500 wrote to memory of 2356	2500	Unicorn-46911.exe	Unicorn-56922.exe
PID 3044 wrote to memory of 2112	3044	Unicorn-64116.exe	Unicorn-36864.exe
PID 3044 wrote to memory of 2112	3044	Unicorn-64116.exe	Unicorn-36864.exe
PID 3044 wrote to memory of 2112	3044	Unicorn-64116.exe	Unicorn-36864.exe
PID 3044 wrote to memory of 2112	3044	Unicorn-64116.exe	Unicorn-36864.exe
PID 2652 wrote to memory of 1540	2652	Unicorn-16891.exe	Unicorn-56730.exe
PID 2652 wrote to memory of 1540	2652	Unicorn-16891.exe	Unicorn-56730.exe
PID 2652 wrote to memory of 1540	2652	Unicorn-16891.exe	Unicorn-56730.exe
PID 2652 wrote to memory of 1540	2652	Unicorn-16891.exe	Unicorn-56730.exe
PID 2680 wrote to memory of 1884	2680	Unicorn-16891.exe	Unicorn-24442.exe
PID 2680 wrote to memory of 1884	2680	Unicorn-16891.exe	Unicorn-24442.exe
PID 2680 wrote to memory of 1884	2680	Unicorn-16891.exe	Unicorn-24442.exe
PID 2680 wrote to memory of 1884	2680	Unicorn-16891.exe	Unicorn-24442.exe
PID 2664 wrote to memory of 328	2664	Unicorn-44251.exe	Unicorn-20035.exe
PID 2664 wrote to memory of 328	2664	Unicorn-44251.exe	Unicorn-20035.exe
PID 2664 wrote to memory of 328	2664	Unicorn-44251.exe	Unicorn-20035.exe
PID 2664 wrote to memory of 328	2664	Unicorn-44251.exe	Unicorn-20035.exe
PID 3044 wrote to memory of 1836	3044	Unicorn-64116.exe	WerFault.exe
PID 3044 wrote to memory of 1836	3044	Unicorn-64116.exe	WerFault.exe
PID 3044 wrote to memory of 1836	3044	Unicorn-64116.exe	WerFault.exe
PID 3044 wrote to memory of 1836	3044	Unicorn-64116.exe	WerFault.exe
PID 2664 wrote to memory of 1756	2664	Unicorn-44251.exe	WerFault.exe
PID 2664 wrote to memory of 1756	2664	Unicorn-44251.exe	WerFault.exe
PID 2664 wrote to memory of 1756	2664	Unicorn-44251.exe	WerFault.exe
PID 2664 wrote to memory of 1756	2664	Unicorn-44251.exe	WerFault.exe
PID 2356 wrote to memory of 1424	2356	Unicorn-56922.exe	Unicorn-53765.exe
PID 2356 wrote to memory of 1424	2356	Unicorn-56922.exe	Unicorn-53765.exe
PID 2356 wrote to memory of 1424	2356	Unicorn-56922.exe	Unicorn-53765.exe
PID 2356 wrote to memory of 1424	2356	Unicorn-56922.exe	Unicorn-53765.exe

C:\Users\Admin\AppData\Local\Temp\aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe
"C:\Users\Admin\AppData\Local\Temp\aa964556523f3ac8ac33a8a71ae248e442e2ef24fc56fe9f5362e8a1d014cb95.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
9⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
10⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
11⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 220
12⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
11⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
10⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
11⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
12⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
13⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
13⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 220
12⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
11⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
9⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
11⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
12⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
13⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
13⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
12⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
10⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
9⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
8⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
9⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
11⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
12⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
13⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
12⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
11⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
10⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 220
12⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
9⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
- Program crash
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
8⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 220
11⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 216
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
11⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
12⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
9⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
8⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
7⤵
- Program crash
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
8⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
9⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
10⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
11⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
12⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
13⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 236
12⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
10⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
9⤵
- Program crash
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
8⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
11⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
9⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
8⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
7⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
8⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
10⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 236
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
10⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
8⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
8⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
9⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
11⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
12⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
12⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
10⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
9⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
8⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
10⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
11⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
12⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 236
12⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
11⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
7⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
8⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
11⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
8⤵
- Program crash
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
7⤵
- Program crash
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
7⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
12⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
13⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
11⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
10⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
8⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
10⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
11⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
11⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
10⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
8⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
7⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
6⤵
- Program crash
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
9⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
11⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
12⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
11⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
9⤵
- Program crash
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
8⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
10⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
12⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
9⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
8⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
7⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
11⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
12⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 236
11⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
9⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
10⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
11⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
11⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
8⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 220
7⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-50486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50486.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
7⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
11⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-35125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35125.exe
9⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
10⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
11⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 236
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
9⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
8⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-4022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4022.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
10⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
8⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
7⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
6⤵
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
8⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
11⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
12⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 236
12⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 236
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
8⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
7⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-3169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3169.exe
9⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
10⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 236
10⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
9⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
8⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
7⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
6⤵
- Program crash
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
5⤵
- Program crash
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
9⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
10⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
11⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
12⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
13⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
12⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
11⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
10⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
9⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
11⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 220
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
11⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
10⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
8⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 220
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
9⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
8⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
11⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
12⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
12⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
11⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
9⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
10⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 220
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 220
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
8⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
7⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
10⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 240
11⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
8⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
7⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
10⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
11⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
8⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
7⤵
- Program crash
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
6⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
10⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
11⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
12⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
11⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
9⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
7⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
11⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
8⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 220
7⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
6⤵
- Executes dropped EXE
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
7⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
9⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
10⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
11⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
11⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 220
9⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
8⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
9⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 236
10⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
9⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
8⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 220
7⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
5⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
8⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 220
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
9⤵
- Program crash
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
10⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 236
11⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
10⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 236
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
8⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
7⤵
- Program crash
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
9⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
10⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
10⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
9⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
8⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
7⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
6⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
11⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
12⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
10⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
7⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
8⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
9⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
10⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
11⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
10⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
9⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
8⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
7⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
6⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
7⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
9⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
10⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
10⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
9⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
8⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
7⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
6⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
5⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
9⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
10⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
12⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
13⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
13⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
11⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
11⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
12⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 220
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 220
11⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
8⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
12⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
9⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
11⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
10⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
11⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
8⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:396

C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
10⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
11⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
12⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 236
12⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
7⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
10⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
11⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
10⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
7⤵
- Program crash
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
6⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
7⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35166.exe
8⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
11⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
12⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
12⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 220
11⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
10⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
12⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 220
11⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 220
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
7⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
9⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
10⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
11⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 236
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
10⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
8⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
7⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
6⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
8⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
9⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
10⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
10⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
9⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
8⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
7⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
6⤵
- Program crash
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
5⤵
- Program crash
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
7⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
8⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
10⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
11⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
11⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
10⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
8⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
7⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
9⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
10⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
10⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
9⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 216
8⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
7⤵
- Program crash
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
6⤵
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
6⤵
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
6⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
7⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
8⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
9⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
9⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
8⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
7⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
6⤵
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
5⤵
- Program crash
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
7⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
10⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 236
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
9⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
10⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
11⤵
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 236
11⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 220
10⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
9⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 216
8⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
7⤵
- Program crash
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
6⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
7⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
10⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
11⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
10⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
8⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
7⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
8⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
9⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
10⤵
PID:11656

C:\Users\Admin\AppData\Local\Temp\Unicorn-59558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59558.exe
11⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 204
10⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 220
9⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
6⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
6⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
7⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
8⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
9⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
10⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
10⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 220
9⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 220
8⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
6⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-43644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43644.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
8⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
9⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
9⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
8⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
7⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 220
6⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
5⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
6⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
9⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
10⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
10⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
7⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
6⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
5⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
9⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 236
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 236
9⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
8⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
7⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
6⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 220
5⤵
- Program crash
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
4⤵
- Program crash
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 220
3⤵
- Loads dropped DLL
- Program crash
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
2⤵
- Program crash
PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe

Filesize
184KB

MD5
63dbd338655250335078f03da5ba35bb

SHA1
a803b62aed546769a27fb9d0cf8d78afa3e3a61e

SHA256
1231af215f3bde148ae045849606256cea52f2be9d437c451b18813cbfbf697b

SHA512
b6671b0528bae55fbbb206b99eb7c8615ea46f4311e816241330a2b4a477a90b85921406318f7783ba9f3ebd31a2528d9003f6da77e0f8d6919a62690af16d97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe

Filesize
184KB

MD5
675e4df01f2aaa93b3e9eb1bf2a2fb5c

SHA1
6d933a630147126817effccfc8ca3857c72e48c2

SHA256
9f5fa14a8a19760263653ff12074e9225703ad32cfb90637265dd1a6779b400f

SHA512
14a9c82894ef5790f32d9d1dfa6f9a484da762d8c56b1fab15bfcde2a65155e9f70efae96a938f6f32f55cc39ceab747271c45ab4f8f58c41c9bff6fba3b4162

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe

Filesize
184KB

MD5
701ac0fdd70f67fb04e9e78085837899

SHA1
5f471e977ec9f4c75b8a0ed0db7280d783f93280

SHA256
2a57e29638b6584449e815f98bf49eb35b30b2c8b6844068d8c9df16634d864b

SHA512
a33e1d68e80edae11c7bea5f652df5719bf471e8d441d2a12c03f6b6f79048fa52d1bfcc381a02c6d43b9a3d8e899da4d3059e87c382a4162d470bc2b1b6ea4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe

Filesize
184KB

MD5
614198bcbec509b39a261ecd08fe76a2

SHA1
a33a5f4d81dacabd6cf85500c763a1f6e754db83

SHA256
6118000fa69db0022161b6585a8303b0beb94b61394058c4f41ca17a118c98ec

SHA512
b0b3e5905efe7e3c46f5327d293db65f7eb9789fbba924f2d9a8b41ae636275ee658cb6063817d02ad9ca110da819d3e75affa4d0e9ac8f577f241957c07b577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe

Filesize
184KB

MD5
ea414706cf793158473af69d9afe727a

SHA1
a4f31e9752a8307b7bd84f0f5751b19a80f6b434

SHA256
6a9a4a9e751b5af8d4d47120785aaeb6e8a9cd13938539b888bf756a6427ae90

SHA512
6ab655ef67358d42711eb7b3415c958274e3d1013a42765c77753525ad62442cf3471e342c21ba8ac8cc97e69c8d928fc9d6c5834cf120c59906d0a01098f49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe

Filesize
184KB

MD5
00a38d48e1a206843cece4cf46074d5d

SHA1
28e85019ea6943346fc7da61b0f5a29a222b2e30

SHA256
14880669688aaec1d9422d40c1311f7006bbf9065d629871253c0a66c21b022e

SHA512
c60a86e7d5151f783f0a11191252dd2205da36b53c08d7997ad2de6bd17e5fb3031db3705c9f7e1ee088e4b80712fd51560ed772554df2cdf8ae91ebc052a0a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe

Filesize
184KB

MD5
f4912bab2e081497464e2b4e82e1d65f

SHA1
b548f94a704aba16e375baa05200926e8760f526

SHA256
14f840e017abb98420518a0a4cac070fb893a76f250d761f6528ba879f2f3971

SHA512
4e7d39825e64516a980e082752ce460c21805a229246e89dbb3e1e52970a129fadf6cde68b836ffe5696badbf7f265294536c1108f5a5297fae2ac0fe0e575b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe

Filesize
184KB

MD5
b33fdb66f90612c4efea068ba2cefce4

SHA1
2cc2793cbdf9fb385c2789f03b8709732c6f57e5

SHA256
921620cd31eaa429f8552b21644e8d2ec4c290534cb81f20512dc61673ff9235

SHA512
af332c691c05d20951a0cf4b7b55f0f8bb7c7d4ace6aa7be2c6135e20859227f7ecebe761172fa698b126c929762ac15d43a3078cb000357efb8d4f72cc65254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe

Filesize
184KB

MD5
7d504e13f51c71bc1ae8379089f7562e

SHA1
250a6170ceb1a964f004c08988366d58edcf0425

SHA256
45216746970999cf2878c1cb5a9330336cc32300bf38f206d3a39b011c7ddcb8

SHA512
c682507266f362c23615829741899a5fbacc681cc933d3f79b080423287a00132e4ebbf4525bcd3ae6b456fc0fee4ed21fae50f1444f3f9c3f7bd85ad67a4f9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe

Filesize
184KB

MD5
7be53533446e845764b192044ee96dec

SHA1
c69ab2e0020fe28a16ffc8486836acb13d1ae4dd

SHA256
fc86c66abe8764c7121edcac23247ea7aca0ed2f2551e510fa21112359f616cd

SHA512
4b5bd55e5acc4d0b268878abf8befebfa700588d11f02543d8507286376de46c0ebdcdafbf8143d7695b8606444ce59c0f84d27d7e88fed3e2b300b74f07ac99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe

Filesize
184KB

MD5
5231be1728a7e9006f709dcdce7ee61d

SHA1
ed488751153f36489ef5293562356c486b066040

SHA256
404a7f10eb0d806ccc99a8192f4eee70d2078b8172e3a0d402aa815035ee3bfb

SHA512
a41469942a813e2ca388b2af89c4789ac57e1af151337ae0f066db60805556e6506f7f66b888b913181f493660501a443389f20cfa7c29e6f2c141bdde9ab561

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe

Filesize
184KB

MD5
7b8ae34d0e1e9dc2ac3ae444867fae94

SHA1
207dae3a2e226312bf3d0dffcd41534c675040c4

SHA256
91dea50a651d728fdd76180b55fab9fd2e02fc03f94c3b1f3fecaaa21584dbf7

SHA512
02469e42498461f0f401fe40ff8bcc5b783ef26f71bb910137d81a4f733598aaa6dc37eb0b6caebe8de11b2ec455e1c63f0d2b1acdee92a79319b8ebb48a20ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe

Filesize
184KB

MD5
fa862017a30023cfb9f3a82091c6b4a9

SHA1
5b5d0470e52c1deeeef07258cb983deaf4829ae8

SHA256
e152112f43bb0141747cdfba6d6147e45cbda956e0b0b7a7a1c1832c001c3072

SHA512
ec629a84c112ecd1b59c9943fef1305b7838005d234a165e487a90c115e4e993f8f58f27452b1dbb90988f12f7a53b5de63783062793f9689ddac3fb480bcbe2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe

Filesize
184KB

MD5
7a81a95ca255d6a68e29742980297050

SHA1
6280f137e8adb301fea73ffbe14944692de6c38c

SHA256
5ec828a5ae6dccd5f313267586b3e6783e37fb1b6a1875bf835bbc1f2f284474

SHA512
df119f2393c119c163d32bbbcec8a6d88cec1127187ab273fcb9d331fa030f203fe185b4db646125e72f8af559247908bb1de1da496a33e846637578f5bfb987

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe

Filesize
184KB

MD5
6237f963d4c3c5088b4d4ffdcf550b79

SHA1
8f1c3c23c79166d5f7ca79e6ab84f50e634c5d27

SHA256
969be11b5ad6254687f0889e7260ba3ebaca4a704ef6afae5a9b98e2a12888e6

SHA512
5706bc1c2563d4a66a0a6b2f641953e5da0227a9bf2874c47c7e73f99adece8f93b7a4945e5380d29b43fc123039b0a44b02ad3ad9dbc7275b050b9fbd355877

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe

Filesize
184KB

MD5
fe1d3caa86194d4d6420ad2c6dd93a92

SHA1
60e4a3d1488670892e13881337076b8a6e76edcb

SHA256
130411c87a1dd70db1ebf560be9cbcecb79d3ef24f8c76882f5d3b83e52aca95

SHA512
90dc98e358ca158eb9900dd39b41f25aad0587d778feae58939f45fa73e3e947ba3075ec72399bda6526b49149a7f4907a923431970c8d890e7ebb516184803f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe

Filesize
184KB

MD5
21388bf8f07f3cd59db60f29630410c5

SHA1
14a57cf59b80004d8a3bc7b39c62f1cd7dcfebe9

SHA256
d4c388360594da57280cfe8d10d012505e0d4eca9641008e2a4d2515fc2f26ab

SHA512
e361944d4a1c3f793c03cc4d35f535278ff5bab3ba028f2d4b25a0f75cfc8b0927105d47ee7235a4be8951d3c2127766a9cd435edfb0ce66284e8429c4b7e275

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe

Filesize
184KB

MD5
99c5431e1bfff8d458dc7a7c38583a22

SHA1
2af356910baf4013ea75dd05bc43227022632409

SHA256
996e94be58023d9a7c08f254172bf2ef326df8de1bc5be2e41580bc3ca4dbffb

SHA512
d611cf166ec5c8042a5c67c834287694d9eaee3ea02959284f6e2b507c65f545f10efc5ff03ed63dfec43d50e58eb38bb38ebe6d6c7688b9bdab6e4c6c10239d

Download Submit