aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
Size

184KB
MD5

8fdbc028a5db67fb8043a5cd6155af9c
SHA1

5529d241844491f016a8489265700d94d49aadac
SHA256

aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9
SHA512

8186ef5f9db977c5a04e342c41697737ee8379c2bc6e48a2ad91b098e820848954f66449476af92c5472f333fd1d3f37af4cea762924a0611f04ec783347609c
SSDEEP

3072:TBfPigolN1fsdRUYehsLpxJ/XKYYzKOdH+hKO5q9UlehlnVOFknT:TBVoFYRUiLPJ/XKeAVhlnVOFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-38075.exeUnicorn-24407.exeUnicorn-56565.exeUnicorn-367.exeUnicorn-11804.exeUnicorn-14072.exeUnicorn-29714.exeUnicorn-43227.exeUnicorn-10616.exeUnicorn-10424.exeUnicorn-65469.exeUnicorn-15837.exeUnicorn-53300.exeUnicorn-27255.exeUnicorn-59927.exeUnicorn-7197.exeUnicorn-49245.exeUnicorn-4341.exeUnicorn-53075.exeUnicorn-5519.exeUnicorn-729.exeUnicorn-24243.exeUnicorn-41456.exeUnicorn-21590.exeUnicorn-22166.exeUnicorn-13812.exeUnicorn-44565.exeUnicorn-24507.exeUnicorn-40734.exeUnicorn-49173.exeUnicorn-29115.exeUnicorn-65426.exeUnicorn-50159.exeUnicorn-30101.exeUnicorn-13272.exeUnicorn-17487.exeUnicorn-17487.exeUnicorn-3286.exeUnicorn-64033.exeUnicorn-4246.exeUnicorn-53566.exeUnicorn-25108.exeUnicorn-41719.exeUnicorn-24148.exeUnicorn-57204.exeUnicorn-37338.exeUnicorn-22071.exeUnicorn-16468.exeUnicorn-14583.exeUnicorn-29876.exeUnicorn-17262.exeUnicorn-15185.exeUnicorn-35051.exeUnicorn-48.exeUnicorn-47858.exeUnicorn-11003.exeUnicorn-41407.exeUnicorn-11579.exeUnicorn-17558.exeUnicorn-11039.exeUnicorn-56691.exeUnicorn-39539.exeUnicorn-55191.exeUnicorn-12783.exe

pid	process
2720	Unicorn-38075.exe
2968	Unicorn-24407.exe
2544	Unicorn-56565.exe
2600	Unicorn-367.exe
1916	Unicorn-11804.exe
2412	Unicorn-14072.exe
656	Unicorn-29714.exe
560	Unicorn-43227.exe
2680	Unicorn-10616.exe
1460	Unicorn-10424.exe
2652	Unicorn-65469.exe
1860	Unicorn-15837.exe
1664	Unicorn-53300.exe
1624	Unicorn-27255.exe
2100	Unicorn-59927.exe
3004	Unicorn-7197.exe
1172	Unicorn-49245.exe
2256	Unicorn-4341.exe
1356	Unicorn-53075.exe
1776	Unicorn-5519.exe
1960	Unicorn-729.exe
964	Unicorn-24243.exe
1856	Unicorn-41456.exe
1800	Unicorn-21590.exe
596	Unicorn-22166.exe
1524	Unicorn-13812.exe
2140	Unicorn-44565.exe
2784	Unicorn-24507.exe
1540	Unicorn-40734.exe
340	Unicorn-49173.exe
2004	Unicorn-29115.exe
2704	Unicorn-65426.exe
2524	Unicorn-50159.exe
2792	Unicorn-30101.exe
2428	Unicorn-13272.exe
1804	Unicorn-17487.exe
2436	Unicorn-17487.exe
792	Unicorn-3286.exe
1500	Unicorn-64033.exe
2760	Unicorn-4246.exe
2732	Unicorn-53566.exe
2884	Unicorn-25108.exe
788	Unicorn-41719.exe
936	Unicorn-24148.exe
920	Unicorn-57204.exe
1708	Unicorn-37338.exe
1336	Unicorn-22071.exe
2080	Unicorn-16468.exe
824	Unicorn-14583.exe
1124	Unicorn-29876.exe
1548	Unicorn-17262.exe
960	Unicorn-15185.exe
1956	Unicorn-35051.exe
1212	Unicorn-48.exe
2092	Unicorn-47858.exe
1692	Unicorn-11003.exe
2780	Unicorn-41407.exe
1972	Unicorn-11579.exe
2556	Unicorn-17558.exe
2456	Unicorn-11039.exe
2656	Unicorn-56691.exe
896	Unicorn-39539.exe
368	Unicorn-55191.exe
1676	Unicorn-12783.exe

Loads dropped DLL 64 IoCs

Processes:

aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exeUnicorn-38075.exeUnicorn-24407.exeUnicorn-56565.exeWerFault.exeUnicorn-11804.exeUnicorn-14072.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-29714.exeUnicorn-10616.exeUnicorn-43227.exeUnicorn-10424.exeWerFault.exeWerFault.exe

pid	process
2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
2720	Unicorn-38075.exe
2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
2720	Unicorn-38075.exe
2968	Unicorn-24407.exe
2968	Unicorn-24407.exe
2720	Unicorn-38075.exe
2720	Unicorn-38075.exe
2544	Unicorn-56565.exe
2544	Unicorn-56565.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
1916	Unicorn-11804.exe
1916	Unicorn-11804.exe
2412	Unicorn-14072.exe
2412	Unicorn-14072.exe
2544	Unicorn-56565.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
2544	Unicorn-56565.exe
2968	Unicorn-24407.exe
2968	Unicorn-24407.exe
1036	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
748	WerFault.exe
656	Unicorn-29714.exe
656	Unicorn-29714.exe
1916	Unicorn-11804.exe
1916	Unicorn-11804.exe
2680	Unicorn-10616.exe
2680	Unicorn-10616.exe
560	Unicorn-43227.exe
560	Unicorn-43227.exe
1460	Unicorn-10424.exe
1460	Unicorn-10424.exe
2412	Unicorn-14072.exe
2412	Unicorn-14072.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
656	Unicorn-29714.exe
656	Unicorn-29714.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2064	2216	WerFault.exe	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
2068	2720	WerFault.exe	Unicorn-38075.exe
1036	2600	WerFault.exe	Unicorn-367.exe
748	2968	WerFault.exe	Unicorn-24407.exe
1100	2544	WerFault.exe	Unicorn-56565.exe
2300	1916	WerFault.exe	Unicorn-11804.exe
1812	2412	WerFault.exe	Unicorn-14072.exe
1264	656	WerFault.exe	Unicorn-29714.exe
1756	2680	WerFault.exe	Unicorn-10616.exe
1108	560	WerFault.exe	Unicorn-43227.exe
2176	1460	WerFault.exe	Unicorn-10424.exe
2444	2652	WerFault.exe	Unicorn-65469.exe
2016	1860	WerFault.exe	Unicorn-15837.exe
2756	1624	WerFault.exe	Unicorn-27255.exe
1276	3004	WerFault.exe	Unicorn-7197.exe
1232	1664	WerFault.exe	Unicorn-53300.exe
1904	2100	WerFault.exe	Unicorn-59927.exe
536	1172	WerFault.exe	Unicorn-49245.exe
2192	2256	WerFault.exe	Unicorn-4341.exe
2632	1356	WerFault.exe	Unicorn-53075.exe
2396	964	WerFault.exe	Unicorn-24243.exe
2476	596	WerFault.exe	Unicorn-22166.exe
2432	1856	WerFault.exe	Unicorn-41456.exe
436	1960	WerFault.exe	Unicorn-729.exe
2520	1800	WerFault.exe	Unicorn-21590.exe
396	1212	WerFault.exe	Unicorn-48.exe
1556	1524	WerFault.exe	Unicorn-13812.exe
3020	2140	WerFault.exe	Unicorn-44565.exe
1228	1540	WerFault.exe	Unicorn-40734.exe
2700	2524	WerFault.exe	Unicorn-50159.exe
852	2704	WerFault.exe	Unicorn-65426.exe
528	2792	WerFault.exe	Unicorn-30101.exe
2692	1804	WerFault.exe	Unicorn-17487.exe
1704	2436	WerFault.exe	Unicorn-17487.exe
2144	340	WerFault.exe	Unicorn-49173.exe
2936	2004	WerFault.exe	Unicorn-29115.exe
2728	2428	WerFault.exe	Unicorn-13272.exe
3084	792	WerFault.exe	Unicorn-3286.exe
3340	2784	WerFault.exe	Unicorn-24507.exe
3664	1500	WerFault.exe	Unicorn-64033.exe
3684	2760	WerFault.exe	Unicorn-4246.exe
3708	920	WerFault.exe	Unicorn-57204.exe
3748	960	WerFault.exe	Unicorn-15185.exe
3772	2080	WerFault.exe	Unicorn-16468.exe
3820	2092	WerFault.exe	Unicorn-47858.exe
3828	788	WerFault.exe	Unicorn-41719.exe
3868	824	WerFault.exe	Unicorn-14583.exe
3276	1428	WerFault.exe	Unicorn-7049.exe
3380	1972	WerFault.exe	Unicorn-11579.exe
3396	2556	WerFault.exe	Unicorn-17558.exe
3604	2656	WerFault.exe	Unicorn-56691.exe
3648	368	WerFault.exe	Unicorn-55191.exe
3700	1336	WerFault.exe	Unicorn-22071.exe
3808	2104	WerFault.exe	Unicorn-29613.exe
3896	2288	WerFault.exe	Unicorn-62477.exe
4024	2732	WerFault.exe	Unicorn-53566.exe
3920	2000	WerFault.exe	Unicorn-56167.exe
4044	1364	WerFault.exe	Unicorn-36301.exe
3200	2604	WerFault.exe	Unicorn-22343.exe
3328	2264	WerFault.exe	Unicorn-53837.exe
3456	1956	WerFault.exe	Unicorn-35051.exe
3568	1708	WerFault.exe	Unicorn-37338.exe
3536	1548	WerFault.exe	Unicorn-17262.exe
4012	936	WerFault.exe	Unicorn-24148.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exeUnicorn-38075.exeUnicorn-24407.exeUnicorn-56565.exeUnicorn-367.exeUnicorn-11804.exeUnicorn-14072.exeUnicorn-29714.exeUnicorn-43227.exeUnicorn-10616.exeUnicorn-10424.exeUnicorn-65469.exeUnicorn-15837.exeUnicorn-27255.exeUnicorn-53300.exeUnicorn-7197.exeUnicorn-59927.exeUnicorn-49245.exeUnicorn-4341.exeUnicorn-53075.exeUnicorn-24243.exeUnicorn-22166.exeUnicorn-41456.exeUnicorn-729.exeUnicorn-21590.exeUnicorn-13812.exeUnicorn-44565.exeUnicorn-24507.exeUnicorn-40734.exeUnicorn-49173.exeUnicorn-29115.exeUnicorn-65426.exeUnicorn-50159.exeUnicorn-30101.exeUnicorn-13272.exeUnicorn-17487.exeUnicorn-17487.exeUnicorn-3286.exeUnicorn-64033.exeUnicorn-4246.exeUnicorn-53566.exeUnicorn-41719.exeUnicorn-25108.exeUnicorn-22071.exeUnicorn-57204.exeUnicorn-37338.exeUnicorn-24148.exeUnicorn-16468.exeUnicorn-14583.exeUnicorn-29876.exeUnicorn-15185.exeUnicorn-17262.exeUnicorn-35051.exeUnicorn-48.exeUnicorn-47858.exeUnicorn-11003.exeUnicorn-41407.exeUnicorn-11579.exeUnicorn-17558.exeUnicorn-11039.exeUnicorn-56691.exeUnicorn-39539.exeUnicorn-55191.exeUnicorn-12783.exe

pid	process
2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
2720	Unicorn-38075.exe
2968	Unicorn-24407.exe
2544	Unicorn-56565.exe
2600	Unicorn-367.exe
1916	Unicorn-11804.exe
2412	Unicorn-14072.exe
656	Unicorn-29714.exe
560	Unicorn-43227.exe
2680	Unicorn-10616.exe
1460	Unicorn-10424.exe
2652	Unicorn-65469.exe
1860	Unicorn-15837.exe
1624	Unicorn-27255.exe
1664	Unicorn-53300.exe
3004	Unicorn-7197.exe
2100	Unicorn-59927.exe
1172	Unicorn-49245.exe
2256	Unicorn-4341.exe
1356	Unicorn-53075.exe
964	Unicorn-24243.exe
596	Unicorn-22166.exe
1856	Unicorn-41456.exe
1960	Unicorn-729.exe
1800	Unicorn-21590.exe
1524	Unicorn-13812.exe
2140	Unicorn-44565.exe
2784	Unicorn-24507.exe
1540	Unicorn-40734.exe
340	Unicorn-49173.exe
2004	Unicorn-29115.exe
2704	Unicorn-65426.exe
2524	Unicorn-50159.exe
2792	Unicorn-30101.exe
2428	Unicorn-13272.exe
1804	Unicorn-17487.exe
2436	Unicorn-17487.exe
792	Unicorn-3286.exe
1500	Unicorn-64033.exe
2760	Unicorn-4246.exe
2732	Unicorn-53566.exe
788	Unicorn-41719.exe
2884	Unicorn-25108.exe
1336	Unicorn-22071.exe
920	Unicorn-57204.exe
1708	Unicorn-37338.exe
936	Unicorn-24148.exe
2080	Unicorn-16468.exe
824	Unicorn-14583.exe
1124	Unicorn-29876.exe
960	Unicorn-15185.exe
1548	Unicorn-17262.exe
1956	Unicorn-35051.exe
1212	Unicorn-48.exe
2092	Unicorn-47858.exe
1692	Unicorn-11003.exe
2780	Unicorn-41407.exe
1972	Unicorn-11579.exe
2556	Unicorn-17558.exe
2456	Unicorn-11039.exe
2656	Unicorn-56691.exe
896	Unicorn-39539.exe
368	Unicorn-55191.exe
1676	Unicorn-12783.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exeUnicorn-38075.exeUnicorn-24407.exeUnicorn-56565.exeUnicorn-11804.exeUnicorn-367.exeUnicorn-14072.exeUnicorn-29714.exe

description	pid	process	target process
PID 2216 wrote to memory of 2720	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-38075.exe
PID 2216 wrote to memory of 2720	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-38075.exe
PID 2216 wrote to memory of 2720	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-38075.exe
PID 2216 wrote to memory of 2720	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-38075.exe
PID 2216 wrote to memory of 2544	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-56565.exe
PID 2720 wrote to memory of 2968	2720	Unicorn-38075.exe	Unicorn-24407.exe
PID 2720 wrote to memory of 2968	2720	Unicorn-38075.exe	Unicorn-24407.exe
PID 2720 wrote to memory of 2968	2720	Unicorn-38075.exe	Unicorn-24407.exe
PID 2216 wrote to memory of 2544	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-56565.exe
PID 2720 wrote to memory of 2968	2720	Unicorn-38075.exe	Unicorn-24407.exe
PID 2216 wrote to memory of 2544	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-56565.exe
PID 2216 wrote to memory of 2544	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	Unicorn-56565.exe
PID 2216 wrote to memory of 2064	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	WerFault.exe
PID 2216 wrote to memory of 2064	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	WerFault.exe
PID 2216 wrote to memory of 2064	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	WerFault.exe
PID 2216 wrote to memory of 2064	2216	aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe	WerFault.exe
PID 2968 wrote to memory of 2600	2968	Unicorn-24407.exe	Unicorn-367.exe
PID 2968 wrote to memory of 2600	2968	Unicorn-24407.exe	Unicorn-367.exe
PID 2968 wrote to memory of 2600	2968	Unicorn-24407.exe	Unicorn-367.exe
PID 2968 wrote to memory of 2600	2968	Unicorn-24407.exe	Unicorn-367.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-38075.exe	Unicorn-11804.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-38075.exe	Unicorn-11804.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-38075.exe	Unicorn-11804.exe
PID 2720 wrote to memory of 1916	2720	Unicorn-38075.exe	Unicorn-11804.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-56565.exe	Unicorn-14072.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-56565.exe	Unicorn-14072.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-56565.exe	Unicorn-14072.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-56565.exe	Unicorn-14072.exe
PID 2720 wrote to memory of 2068	2720	Unicorn-38075.exe	WerFault.exe
PID 2720 wrote to memory of 2068	2720	Unicorn-38075.exe	WerFault.exe
PID 2720 wrote to memory of 2068	2720	Unicorn-38075.exe	WerFault.exe
PID 2720 wrote to memory of 2068	2720	Unicorn-38075.exe	WerFault.exe
PID 1916 wrote to memory of 656	1916	Unicorn-11804.exe	Unicorn-29714.exe
PID 1916 wrote to memory of 656	1916	Unicorn-11804.exe	Unicorn-29714.exe
PID 1916 wrote to memory of 656	1916	Unicorn-11804.exe	Unicorn-29714.exe
PID 1916 wrote to memory of 656	1916	Unicorn-11804.exe	Unicorn-29714.exe
PID 2600 wrote to memory of 1036	2600	Unicorn-367.exe	WerFault.exe
PID 2600 wrote to memory of 1036	2600	Unicorn-367.exe	WerFault.exe
PID 2600 wrote to memory of 1036	2600	Unicorn-367.exe	WerFault.exe
PID 2600 wrote to memory of 1036	2600	Unicorn-367.exe	WerFault.exe
PID 2412 wrote to memory of 560	2412	Unicorn-14072.exe	Unicorn-43227.exe
PID 2412 wrote to memory of 560	2412	Unicorn-14072.exe	Unicorn-43227.exe
PID 2412 wrote to memory of 560	2412	Unicorn-14072.exe	Unicorn-43227.exe
PID 2412 wrote to memory of 560	2412	Unicorn-14072.exe	Unicorn-43227.exe
PID 2544 wrote to memory of 2680	2544	Unicorn-56565.exe	Unicorn-10616.exe
PID 2544 wrote to memory of 2680	2544	Unicorn-56565.exe	Unicorn-10616.exe
PID 2544 wrote to memory of 2680	2544	Unicorn-56565.exe	Unicorn-10616.exe
PID 2544 wrote to memory of 2680	2544	Unicorn-56565.exe	Unicorn-10616.exe
PID 2968 wrote to memory of 1460	2968	Unicorn-24407.exe	Unicorn-10424.exe
PID 2968 wrote to memory of 1460	2968	Unicorn-24407.exe	Unicorn-10424.exe
PID 2968 wrote to memory of 1460	2968	Unicorn-24407.exe	Unicorn-10424.exe
PID 2968 wrote to memory of 1460	2968	Unicorn-24407.exe	Unicorn-10424.exe
PID 2968 wrote to memory of 748	2968	Unicorn-24407.exe	WerFault.exe
PID 2968 wrote to memory of 748	2968	Unicorn-24407.exe	WerFault.exe
PID 2968 wrote to memory of 748	2968	Unicorn-24407.exe	WerFault.exe
PID 2968 wrote to memory of 748	2968	Unicorn-24407.exe	WerFault.exe
PID 2544 wrote to memory of 1100	2544	Unicorn-56565.exe	WerFault.exe
PID 2544 wrote to memory of 1100	2544	Unicorn-56565.exe	WerFault.exe
PID 2544 wrote to memory of 1100	2544	Unicorn-56565.exe	WerFault.exe
PID 2544 wrote to memory of 1100	2544	Unicorn-56565.exe	WerFault.exe
PID 656 wrote to memory of 2652	656	Unicorn-29714.exe	Unicorn-65469.exe
PID 656 wrote to memory of 2652	656	Unicorn-29714.exe	Unicorn-65469.exe
PID 656 wrote to memory of 2652	656	Unicorn-29714.exe	Unicorn-65469.exe
PID 656 wrote to memory of 2652	656	Unicorn-29714.exe	Unicorn-65469.exe

C:\Users\Admin\AppData\Local\Temp\aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe
"C:\Users\Admin\AppData\Local\Temp\aaf732c36bb6aed11c48f8fae48e15fe786078943c7606c1f181caf85ca3edf9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
9⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
10⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
11⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
12⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
13⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
14⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
15⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 236
15⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 236
14⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
13⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
12⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
11⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
10⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
9⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
11⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
12⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
13⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
14⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
13⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
12⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
11⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
10⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
9⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
8⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
10⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
11⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
12⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
13⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
12⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
11⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
9⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
8⤵
- Program crash
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
8⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
9⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
11⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
12⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
13⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
14⤵
PID:388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 236
13⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
12⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
10⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
9⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
8⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
11⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
12⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
13⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
13⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
12⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 236
11⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
11⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-32622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32622.exe
12⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
11⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 220
10⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
9⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 220
8⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
7⤵
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
12⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 236
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
10⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
11⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-50441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50441.exe
12⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 236
12⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
8⤵
- Program crash
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
11⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
12⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
12⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
10⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
9⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
10⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
11⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 236
10⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 220
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
8⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
7⤵
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
6⤵
- Program crash
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
10⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
12⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
12⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
11⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
10⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
10⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
11⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 236
11⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
7⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
11⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
10⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
9⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
8⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
7⤵
- Program crash
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
6⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
5⤵
- Program crash
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:656

C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
6⤵
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
9⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2756.exe
10⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
11⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
12⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
13⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
14⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
13⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
12⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
11⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
10⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
12⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
8⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
11⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
12⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
10⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
9⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
8⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
11⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
12⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
12⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
9⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
12⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
12⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
10⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
7⤵
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
8⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
13⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 236
13⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
11⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
9⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
7⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
11⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
7⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
6⤵
- Program crash
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 240
5⤵
- Program crash
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
9⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
10⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
11⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
12⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
13⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
14⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 236
13⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
12⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
11⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
10⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
9⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
8⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-6674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6674.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
11⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
12⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
12⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 236
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
9⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
8⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
8⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
11⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
12⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
12⤵
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
11⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
11⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
7⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
7⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
11⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
11⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 236
10⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
8⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
7⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
6⤵
- Program crash
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
10⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
7⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
9⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
10⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
11⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 236
11⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 236
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
8⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
7⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
6⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
9⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
10⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
11⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 236
11⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
9⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
7⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
6⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
5⤵
- Program crash
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
9⤵
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 220
10⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 236
9⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
8⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
11⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
9⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
8⤵
- Program crash
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
10⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
11⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
12⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
13⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 236
13⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 236
12⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
11⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
10⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
9⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
11⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
12⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
8⤵
- Program crash
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
7⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-29115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29115.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
11⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 200
12⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
10⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 236
11⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
8⤵
- Program crash
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
7⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
10⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
11⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
8⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
7⤵
- Program crash
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
8⤵
- Program crash
PID:396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
7⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
11⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
12⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
9⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
8⤵
- Program crash
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
7⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
7⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
10⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
11⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
10⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
11⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
11⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
8⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
7⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
6⤵
- Program crash
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
5⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
5⤵
- Executes dropped EXE
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
8⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
11⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
12⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
12⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
11⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
9⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
11⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
12⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 236
11⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
8⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
7⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:368

C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
10⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 236
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
8⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 236
7⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
5⤵
- Program crash
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
7⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
12⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
9⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
8⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
9⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
10⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
11⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
10⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
9⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
8⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 220
7⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
6⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
12⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
11⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
10⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
9⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
8⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
9⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
10⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
11⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
11⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
9⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
8⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
6⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
8⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
10⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
11⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
10⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
8⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
7⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
6⤵
- Program crash
PID:528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
5⤵
- Program crash
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
7⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
12⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 236
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
7⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
8⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
10⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-1675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1675.exe
11⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
8⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
7⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
6⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
6⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
5⤵
- Program crash
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Program crash
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
2⤵
- Program crash
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe

Filesize
184KB

MD5
ae1b6201b2d964a4282a8ad704f8e529

SHA1
3f1221b9fb15702c741bf9a1504185181342f0ba

SHA256
4e561927e493e7fec6a83b4c4670fa5bccf9ab0ed36f6055c3b11628f33de238

SHA512
47ec13538446e2ced7f159bb939adaf641133f7c4254e8a7bcae42b6ff290e992da3181a37349478db3c0b5c7f96f9b7543be9ebd6e07d472ccd397a31230ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe

Filesize
184KB

MD5
8384dd39ab5ae795875115292c78dbb5

SHA1
4e1944a8fe299df4f9d1ac3df1de51e535f664ec

SHA256
4e6908ff335ab0a37c6a33adba30880b2722edb4ecbfe029fb6213faee90ead9

SHA512
8331240879e0d78d50e7644071f4c76265566032f6f91601b3d2fc6f711f5bd3ca304261ef9660aa8d0a5ba2f4e11168a456ed20495d470c6d324838ebcee07a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe

Filesize
184KB

MD5
dfcb42d298f107fa5999c1bdcd4e20b1

SHA1
af8345a363d7167db7dd74ec92ecf195dcb58df2

SHA256
ec9a6de0fb82532b1e427d5faa5ee4c71ae475e795f42d5689bd26ed0b238445

SHA512
0196a51a847d50e4d84102f881c9525ca6c594b2eaf3d7e7a7fbefa3d1a85e661aee823c50af925e539585a1a8332c58cb24e25d737836e050a3691e974a0b6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe

Filesize
184KB

MD5
3c41ca11540e7cf8508c0fbccc369268

SHA1
5b67df9e9ae36f94c3bd0760155563557dfd2ef4

SHA256
4d1743fadc172973c4707040e34ae2ceca57a2d4a5153990d5d46abfd87c6876

SHA512
6d33b737343523ddecaae93004f38d37d2a4dc69bf3b4c568b550c8e5554accc378cb6204d93b8aaef8c4ba7b2f5df83e5d753fc240e2a67dc8af0e3df542283

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe

Filesize
184KB

MD5
ad58b179b3df21c1635beb9bdbc16dd7

SHA1
edaf1c757351894f9f5e9a16d80dd889e5ba19b3

SHA256
4ee65bd65e076e54eb108d0bce59f4e87efcd63c7dda23128fb772b780971777

SHA512
44e1e8b0c51e30cecbf1a7c32adab719effbebaf67d3346d65661bcb46a952ac8da33958df351de833a399967ebd0e18a9a0c5849391a01608a7a161986d906c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe

Filesize
184KB

MD5
a37f8380ac5d9c8686832156a6cf1874

SHA1
6c84a69edc9185f5041ede8a42b4a67393e59494

SHA256
231488e6bab8520c2a32f341ee39782afce4346d230189e592372f1c1671c098

SHA512
3ccf2b274ef636e3f465de9c3a092087b1b0771b9da5b8c807af2d4b18c276240ecc3004ac6533ad326e16ecb53d2f50c9208fbc03a761382ed4b20019b84494

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe

Filesize
184KB

MD5
ab0e09e0a849a01711a10cc77dea5592

SHA1
3ce51c87eb4b607b7580e8ace1f827b84d9b27c2

SHA256
04a4a94203835bb68d90e6d0c333d41f78f65e089ebb382d56810d8dbddc6285

SHA512
9eb98f1e86ce273de9a938dd172235f0f60ae3b71ab462e756432009c603105c2ef3b8ab6370b8b83c49659bd554000fc86e98d26689af7324266451f3ef9017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe

Filesize
184KB

MD5
f4008a6dffa4045d59ab4bc5933ba820

SHA1
2cdb141cc69df6545851a7997b7394e147639924

SHA256
7ca756f79c27a7fab35365181a84d762a56dd88a8a96ab707062830476dd619c

SHA512
d4d6f9e0e3d50d2884c14b7364ab92d6e4b9da1f8af4fb235b5749059855a276937250e3d4490ae074fb875b2da548166096b5a3653fab95179b2c13705a2b3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6674.exe

Filesize
184KB

MD5
e7921c0c16a362c7b5730d1736ce8430

SHA1
5b1a6a825656b5478d7d8f4a86cde6a257738719

SHA256
bf5d82710bb9c20d9d7f7a1f6c94936b3ba85ef2ffe8855c8b1a44d20c49e13a

SHA512
73d14c139ab32317e4ac286066a22b201db008a7fe207e562eb30df1225e2766ee344e338dc6034f34338ce41864945ca23a489f8e864a06837de34264292254

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe

Filesize
184KB

MD5
402f137db26eef9b516e8b930c3e453e

SHA1
3ab7f82d26518ae0e2460b4514e55e07e92581c9

SHA256
be5f767c106bcc0193f600ebfdf7128e3f7ac6791f6448710213a2941230926d

SHA512
7cd387bb38aa91d91ba44cd752018f47fd10368a9bc898c4968ab79439be539f1ce49afd7bf4a1b1bacfe62d518649d202f5c85c0b2f61057b9dc3e92b1e8439

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe

Filesize
184KB

MD5
179c9e20e98fe83d95f8d53830374d9e

SHA1
7ab7d971e34db6f1fb7fc1461c419f80429a1652

SHA256
b7e7ab02cbe34840645a3a0abfc91174e0cc72482198a8adf1b779941d119446

SHA512
68ec5655c8a88bb38747fc14d09b05030f1aae994c8cc24d57b60b2f062371f4b880fcf93cbf0bdf55c3610bd4ea44e668474f40a9b62e846f8439801615d182

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe

Filesize
184KB

MD5
edc8072a835877616bef685c5f61b7cc

SHA1
9891fbcf3989dda4dd881ff2c21ca6c86ad6f6ed

SHA256
2e13681b2076b9b0348fe435eb78ebaaacccec68b189b9b908a3c5c9e094f562

SHA512
8acb78b5ec236dde761804b9af4c67c402b8a5632f14d57a4d576f03aab90c31a5e212bafff1e7f4d82b26d781c9ee6f3c2147a1b5f5e1c2150259ed350b5966

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe

Filesize
184KB

MD5
1face29ea085ed8207c8f5daa4553878

SHA1
5b6d46c4e2e7850189f9a755fc3f10bda40054fe

SHA256
761921a68d47ec4d937618733b6db0e34a582f61a24a3ce5bb098b963fc062d9

SHA512
a528cd88d750c2eed7482fc7ddf9c5fa82676c2fada481d27dbb10131edc75d0b51aba575f43dd0d37b980eeb7294cc3cd90a4035a5217f92c4ecf8153ae014f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe

Filesize
184KB

MD5
76161353ecb2202f04f18f25df922b89

SHA1
3c2958fa21788ec41ca3ee9b4f12e620deb75bb3

SHA256
9eadc14ffa1c68a9fa69ab75259b47c041d09e9114101f5a358a95d78cb75361

SHA512
b799ffd5bb47f926996c45cc401f52199069ab9be093a771a5ab1ff0f92d642900d6c8cd878e173a857afc00ee4fdea84642fc7da5a9e588a6800e8c19915034

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe

Filesize
184KB

MD5
bac49dd2fcd23ba4f69a7e740ce6ec07

SHA1
39337bdefdf213f2fa41cd9a7d7f1dd800ac9692

SHA256
1f1a36e95c3633bce7c915da5b6ff77d40a0a7a84595fef6f1a0769a521f6285

SHA512
fa6c512af8d6332f6a7f49052d46078c1c1a615dbd897ba96650990ad2070942abea93f618da0a3229060299a5275d01bcb5c0ac6ff193c202cc415867d1e20f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-367.exe

Filesize
184KB

MD5
4ed19650c9148233025d0f73f0e245f2

SHA1
429ccadd4b2ea66d7fdf9ed36dc145a1f695caff

SHA256
38f70cef0789b3c46ef5737481cb3e56205d3524b204678c271d9b10e31a6fb1

SHA512
d85410093fcd33495d76e74e754a80ebebfb7b4d478c7ec6cf8fab647001fd9bfe1dceb62534fa987a1a63efd38318e1043d0d8e923ee653ad583a260360c413

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe

Filesize
184KB

MD5
1e35281b00756d38073e54644cae81c5

SHA1
eae7d9f2ea2888c7c64a6a911ca8d39fac409726

SHA256
99ff6bff6e9e4724b594d1035dab1729dd7527b5bd21aa00ebdfd150a1d84c08

SHA512
ae4526edb8211ea2408f0b95c746f1b576e99678607494730116c75aa933a21297fc90e06cd3f1c8edc16e29ee4686ac410c40c4570f4a138b04748d5567d2e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe

Filesize
184KB

MD5
23a526b1cd88c4d974b2bcbb52b50988

SHA1
9ec854a4d984c9383e86f76d5adf00fdfe66a420

SHA256
c2a8d1b01c0c4604bdfd1c589a13884befa0d8a9acf98e4a8300b2bc45f0d600

SHA512
e4795ee036494f2912cbcc98d20d9f6776eda9de48adf6625c5c3690538d321cfc9a6f037f26feb2f04e52352d22ce5f7ee4bfc7b5905170737730741f7efcd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe

Filesize
184KB

MD5
7668550495958141e65fcfbc7eb66b5b

SHA1
0db56e013c3765da6cfc429c11412bc82b447252

SHA256
469742db51a0beeed2c6ce877e61a8b948a68764897483815c94b63817755252

SHA512
5db5085e7acc172bd770607fd1ebbc817459696bfef4565e31246c98b5c92dc749cf88a8ccb3c1963129f5592c4c723023bcf3c87109c0b0b827b517104c5bde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe

Filesize
184KB

MD5
3bd4f36445ad62f8ab474af10487d103

SHA1
69dd2cf9360ee626d33a262a74872d39aadf9c5e

SHA256
4c55806c91f0acea42b87cf657cdbad90ee5a1c406afe499097df31dc3113295

SHA512
8e0ebbd7e2271510c18b5e5b2420b3184f222a69461edebcc8003a5ff7ed3d7fbc160681f28be8a6e126c4cdb06e6b09d05a796377ec5e32a829dc9def60c7ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe

Filesize
184KB

MD5
4a6aa6c86b44b09fa24709fb86687160

SHA1
7563a88542610b9078b3aa25662bd469ebfa85dd

SHA256
0f03711a486649f59c7e45c4bb9caa5159e0d6fb351c6d79761b5169df5ca464

SHA512
fdb0df9a32abc9f33abd6f301c42e6470623fe9f3ff8496ef7b68122bd7a3270374c1d565baacc9a48437b1fc25fab300af19965a3e8f447d2a507420e7f53f3

Download Submit