ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
Size

184KB
MD5

b21efcd7f34f07aade651c8906cb5c88
SHA1

bfad99d2b19852493aded01043744b456f9894bd
SHA256

ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432
SHA512

d713616b970f95aa9ed1b69258bb2e8cecb5eec9f38c54e5aead0d0b848044d9865f02b326be9f510b3f173006cc31ce38c21834dc240766da2fc852a84f2fce
SSDEEP

3072:xZU3m8of74hcdFaWepxLR8smhlnViFJn3:xZuoOIFapLmsmhlnViFJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-21685.exeUnicorn-35357.exeUnicorn-15491.exeUnicorn-8455.exeUnicorn-43327.exeUnicorn-50277.exeUnicorn-48103.exeUnicorn-61486.exeUnicorn-16007.exeUnicorn-11292.exeUnicorn-57540.exeUnicorn-11868.exeUnicorn-48765.exeUnicorn-33690.exeUnicorn-13824.exeUnicorn-21480.exeUnicorn-2190.exeUnicorn-41433.exeUnicorn-41433.exeUnicorn-21759.exeUnicorn-53000.exeUnicorn-9144.exeUnicorn-53192.exeUnicorn-22335.exeUnicorn-33326.exeUnicorn-17822.exeUnicorn-63685.exeUnicorn-48382.exeUnicorn-16478.exeUnicorn-42989.exeUnicorn-7741.exeUnicorn-34445.exeUnicorn-6755.exeUnicorn-17066.exeUnicorn-36932.exeUnicorn-4451.exeUnicorn-6267.exeUnicorn-37700.exeUnicorn-37892.exeUnicorn-50699.exeUnicorn-18479.exeUnicorn-4643.exeUnicorn-24509.exeUnicorn-57949.exeUnicorn-49267.exeUnicorn-34618.exeUnicorn-30403.exeUnicorn-61452.exeUnicorn-29356.exeUnicorn-51037.exeUnicorn-31171.exeUnicorn-15484.exeUnicorn-46081.exeUnicorn-46657.exeUnicorn-18531.exeUnicorn-51587.exeUnicorn-51457.exeUnicorn-38650.exeUnicorn-34016.exeUnicorn-49283.exeUnicorn-3481.exeUnicorn-47015.exeUnicorn-62666.exeUnicorn-62666.exe

pid	process
2120	Unicorn-21685.exe
2872	Unicorn-35357.exe
2696	Unicorn-15491.exe
2572	Unicorn-8455.exe
2424	Unicorn-43327.exe
2784	Unicorn-50277.exe
2976	Unicorn-48103.exe
2988	Unicorn-61486.exe
1544	Unicorn-16007.exe
2508	Unicorn-11292.exe
1276	Unicorn-57540.exe
2008	Unicorn-11868.exe
1824	Unicorn-48765.exe
2388	Unicorn-33690.exe
596	Unicorn-13824.exe
852	Unicorn-21480.exe
2356	Unicorn-2190.exe
1216	Unicorn-41433.exe
1100	Unicorn-41433.exe
1168	Unicorn-21759.exe
2044	Unicorn-53000.exe
1480	Unicorn-9144.exe
1468	Unicorn-53192.exe
1236	Unicorn-22335.exe
1012	Unicorn-33326.exe
1652	Unicorn-17822.exe
1692	Unicorn-63685.exe
1948	Unicorn-48382.exe
1524	Unicorn-16478.exe
3064	Unicorn-42989.exe
2596	Unicorn-7741.exe
2616	Unicorn-34445.exe
2612	Unicorn-6755.exe
2724	Unicorn-17066.exe
2544	Unicorn-36932.exe
1768	Unicorn-4451.exe
2076	Unicorn-6267.exe
2152	Unicorn-37700.exe
2844	Unicorn-37892.exe
3000	Unicorn-50699.exe
2672	Unicorn-18479.exe
2680	Unicorn-4643.exe
2744	Unicorn-24509.exe
1260	Unicorn-57949.exe
1336	Unicorn-49267.exe
2876	Unicorn-34618.exe
448	Unicorn-30403.exe
724	Unicorn-61452.exe
2288	Unicorn-29356.exe
1112	Unicorn-51037.exe
2360	Unicorn-31171.exe
1724	Unicorn-15484.exe
1676	Unicorn-46081.exe
1600	Unicorn-46657.exe
2140	Unicorn-18531.exe
1672	Unicorn-51587.exe
2172	Unicorn-51457.exe
2728	Unicorn-38650.exe
2536	Unicorn-34016.exe
2124	Unicorn-49283.exe
2624	Unicorn-3481.exe
2524	Unicorn-47015.exe
2568	Unicorn-62666.exe
2720	Unicorn-62666.exe

Loads dropped DLL 64 IoCs

Processes:

ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exeUnicorn-21685.exeUnicorn-15491.exeWerFault.exeUnicorn-35357.exeUnicorn-8455.exeUnicorn-43327.exeWerFault.exeWerFault.exeUnicorn-50277.exeUnicorn-48103.exeUnicorn-16007.exeUnicorn-61486.exeWerFault.exeWerFault.exeUnicorn-11292.exeUnicorn-33690.exeUnicorn-57540.exe

pid	process
2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
2120	Unicorn-21685.exe
2120	Unicorn-21685.exe
2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
2696	Unicorn-15491.exe
2696	Unicorn-15491.exe
2120	Unicorn-21685.exe
2120	Unicorn-21685.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
2872	Unicorn-35357.exe
2872	Unicorn-35357.exe
2572	Unicorn-8455.exe
2572	Unicorn-8455.exe
2696	Unicorn-15491.exe
2696	Unicorn-15491.exe
2424	Unicorn-43327.exe
2424	Unicorn-43327.exe
2748	WerFault.exe
2644	WerFault.exe
2644	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2644	WerFault.exe
2748	WerFault.exe
2644	WerFault.exe
2644	WerFault.exe
2784	Unicorn-50277.exe
2784	Unicorn-50277.exe
2748	WerFault.exe
2572	Unicorn-8455.exe
2572	Unicorn-8455.exe
2976	Unicorn-48103.exe
2976	Unicorn-48103.exe
1544	Unicorn-16007.exe
1544	Unicorn-16007.exe
2988	Unicorn-61486.exe
2988	Unicorn-61486.exe
2424	Unicorn-43327.exe
2424	Unicorn-43327.exe
1428	WerFault.exe
1428	WerFault.exe
1428	WerFault.exe
1428	WerFault.exe
1428	WerFault.exe
1416	WerFault.exe
1416	WerFault.exe
1416	WerFault.exe
1416	WerFault.exe
1416	WerFault.exe
2508	Unicorn-11292.exe
2508	Unicorn-11292.exe
2784	Unicorn-50277.exe
2784	Unicorn-50277.exe
2388	Unicorn-33690.exe
1276	Unicorn-57540.exe
1276	Unicorn-57540.exe
2388	Unicorn-33690.exe
2988	Unicorn-61486.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1736	2168	WerFault.exe	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
3008	2120	WerFault.exe	Unicorn-21685.exe
2748	2872	WerFault.exe	Unicorn-35357.exe
2644	2696	WerFault.exe	Unicorn-15491.exe
1428	2572	WerFault.exe	Unicorn-8455.exe
1416	2424	WerFault.exe	Unicorn-43327.exe
720	2784	WerFault.exe	Unicorn-50277.exe
2320	2976	WerFault.exe	Unicorn-48103.exe
2328	1544	WerFault.exe	Unicorn-16007.exe
816	2988	WerFault.exe	Unicorn-61486.exe
1548	2508	WerFault.exe	Unicorn-11292.exe
2752	2388	WerFault.exe	Unicorn-33690.exe
2504	1276	WerFault.exe	Unicorn-57540.exe
872	596	WerFault.exe	Unicorn-13824.exe
1248	1824	WerFault.exe	Unicorn-48765.exe
2268	2008	WerFault.exe	Unicorn-11868.exe
2808	2616	WerFault.exe	Unicorn-34445.exe
2916	852	WerFault.exe	Unicorn-21480.exe
1800	2356	WerFault.exe	Unicorn-2190.exe
1516	1216	WerFault.exe	Unicorn-41433.exe
1368	1100	WerFault.exe	Unicorn-41433.exe
1980	2044	WerFault.exe	Unicorn-53000.exe
2064	1168	WerFault.exe	Unicorn-21759.exe
2796	1468	WerFault.exe	Unicorn-53192.exe
796	1012	WerFault.exe	Unicorn-33326.exe
1752	1236	WerFault.exe	Unicorn-22335.exe
1908	1480	WerFault.exe	Unicorn-9144.exe
2856	1652	WerFault.exe	Unicorn-17822.exe
2640	1524	WerFault.exe	Unicorn-16478.exe
2184	1948	WerFault.exe	Unicorn-48382.exe
2684	3064	WerFault.exe	Unicorn-42989.exe
2232	2544	WerFault.exe	Unicorn-36932.exe
2592	2152	WerFault.exe	Unicorn-37700.exe
2368	3000	WerFault.exe	Unicorn-50699.exe
1224	2076	WerFault.exe	Unicorn-6267.exe
2308	2724	WerFault.exe	Unicorn-17066.exe
1732	1768	WerFault.exe	Unicorn-4451.exe
3100	1692	WerFault.exe	Unicorn-63685.exe
3108	2612	WerFault.exe	Unicorn-6755.exe
3136	1112	WerFault.exe	Unicorn-51037.exe
3300	2844	WerFault.exe	Unicorn-37892.exe
3308	2672	WerFault.exe	Unicorn-18479.exe
3316	2680	WerFault.exe	Unicorn-4643.exe
3332	2596	WerFault.exe	Unicorn-7741.exe
3848	1672	WerFault.exe	Unicorn-51587.exe
3968	1724	WerFault.exe	Unicorn-15484.exe
3992	448	WerFault.exe	Unicorn-30403.exe
4000	2744	WerFault.exe	Unicorn-24509.exe
4008	2360	WerFault.exe	Unicorn-31171.exe
4056	1676	WerFault.exe	Unicorn-46081.exe
4064	2140	WerFault.exe	Unicorn-18531.exe
3088	2172	WerFault.exe	Unicorn-51457.exe
3080	2568	WerFault.exe	Unicorn-62666.exe
3268	2536	WerFault.exe	Unicorn-34016.exe
3340	1260	WerFault.exe	Unicorn-57949.exe
3260	2720	WerFault.exe	Unicorn-62666.exe
3484	2288	WerFault.exe	Unicorn-29356.exe
3476	724	WerFault.exe	Unicorn-61452.exe
3280	1564	WerFault.exe	Unicorn-65474.exe
3480	2464	WerFault.exe	Unicorn-50674.exe
3836	808	WerFault.exe	Unicorn-54504.exe
3572	1324	WerFault.exe	Unicorn-14405.exe
3860	2524	WerFault.exe	Unicorn-47015.exe
3868	2876	WerFault.exe	Unicorn-34618.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exeUnicorn-21685.exeUnicorn-15491.exeUnicorn-35357.exeUnicorn-8455.exeUnicorn-43327.exeUnicorn-50277.exeUnicorn-48103.exeUnicorn-16007.exeUnicorn-61486.exeUnicorn-11292.exeUnicorn-57540.exeUnicorn-11868.exeUnicorn-48765.exeUnicorn-33690.exeUnicorn-13824.exeUnicorn-21480.exeUnicorn-2190.exeUnicorn-41433.exeUnicorn-41433.exeUnicorn-21759.exeUnicorn-53000.exeUnicorn-9144.exeUnicorn-53192.exeUnicorn-33326.exeUnicorn-22335.exeUnicorn-17822.exeUnicorn-63685.exeUnicorn-48382.exeUnicorn-16478.exeUnicorn-42989.exeUnicorn-7741.exeUnicorn-34445.exeUnicorn-6755.exeUnicorn-17066.exeUnicorn-36932.exeUnicorn-4451.exeUnicorn-6267.exeUnicorn-37700.exeUnicorn-50699.exeUnicorn-37892.exeUnicorn-18479.exeUnicorn-4643.exeUnicorn-24509.exeUnicorn-57949.exeUnicorn-49267.exeUnicorn-34618.exeUnicorn-30403.exeUnicorn-61452.exeUnicorn-51037.exeUnicorn-29356.exeUnicorn-31171.exeUnicorn-46081.exeUnicorn-15484.exeUnicorn-46657.exeUnicorn-18531.exeUnicorn-51587.exeUnicorn-51457.exeUnicorn-38650.exeUnicorn-3481.exeUnicorn-34016.exeUnicorn-49283.exeUnicorn-62666.exeUnicorn-47015.exe

pid	process
2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
2120	Unicorn-21685.exe
2696	Unicorn-15491.exe
2872	Unicorn-35357.exe
2572	Unicorn-8455.exe
2424	Unicorn-43327.exe
2784	Unicorn-50277.exe
2976	Unicorn-48103.exe
1544	Unicorn-16007.exe
2988	Unicorn-61486.exe
2508	Unicorn-11292.exe
1276	Unicorn-57540.exe
2008	Unicorn-11868.exe
1824	Unicorn-48765.exe
2388	Unicorn-33690.exe
596	Unicorn-13824.exe
852	Unicorn-21480.exe
2356	Unicorn-2190.exe
1216	Unicorn-41433.exe
1100	Unicorn-41433.exe
1168	Unicorn-21759.exe
2044	Unicorn-53000.exe
1480	Unicorn-9144.exe
1468	Unicorn-53192.exe
1012	Unicorn-33326.exe
1236	Unicorn-22335.exe
1652	Unicorn-17822.exe
1692	Unicorn-63685.exe
1948	Unicorn-48382.exe
1524	Unicorn-16478.exe
3064	Unicorn-42989.exe
2596	Unicorn-7741.exe
2616	Unicorn-34445.exe
2612	Unicorn-6755.exe
2724	Unicorn-17066.exe
2544	Unicorn-36932.exe
1768	Unicorn-4451.exe
2076	Unicorn-6267.exe
2152	Unicorn-37700.exe
3000	Unicorn-50699.exe
2844	Unicorn-37892.exe
2672	Unicorn-18479.exe
2680	Unicorn-4643.exe
2744	Unicorn-24509.exe
1260	Unicorn-57949.exe
1336	Unicorn-49267.exe
2876	Unicorn-34618.exe
448	Unicorn-30403.exe
724	Unicorn-61452.exe
1112	Unicorn-51037.exe
2288	Unicorn-29356.exe
2360	Unicorn-31171.exe
1676	Unicorn-46081.exe
1724	Unicorn-15484.exe
1600	Unicorn-46657.exe
2140	Unicorn-18531.exe
1672	Unicorn-51587.exe
2172	Unicorn-51457.exe
2728	Unicorn-38650.exe
2624	Unicorn-3481.exe
2536	Unicorn-34016.exe
2124	Unicorn-49283.exe
2568	Unicorn-62666.exe
2524	Unicorn-47015.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exeUnicorn-21685.exeUnicorn-15491.exeUnicorn-35357.exeUnicorn-8455.exeUnicorn-43327.exeUnicorn-50277.exeUnicorn-48103.exe

description	pid	process	target process
PID 2168 wrote to memory of 2120	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-21685.exe
PID 2168 wrote to memory of 2120	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-21685.exe
PID 2168 wrote to memory of 2120	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-21685.exe
PID 2168 wrote to memory of 2120	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-21685.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-21685.exe	Unicorn-35357.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-21685.exe	Unicorn-35357.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-21685.exe	Unicorn-35357.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-21685.exe	Unicorn-35357.exe
PID 2168 wrote to memory of 2696	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-15491.exe
PID 2168 wrote to memory of 2696	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-15491.exe
PID 2168 wrote to memory of 2696	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-15491.exe
PID 2168 wrote to memory of 2696	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	Unicorn-15491.exe
PID 2168 wrote to memory of 1736	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	WerFault.exe
PID 2168 wrote to memory of 1736	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	WerFault.exe
PID 2168 wrote to memory of 1736	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	WerFault.exe
PID 2168 wrote to memory of 1736	2168	ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe	WerFault.exe
PID 2696 wrote to memory of 2572	2696	Unicorn-15491.exe	Unicorn-8455.exe
PID 2696 wrote to memory of 2572	2696	Unicorn-15491.exe	Unicorn-8455.exe
PID 2696 wrote to memory of 2572	2696	Unicorn-15491.exe	Unicorn-8455.exe
PID 2696 wrote to memory of 2572	2696	Unicorn-15491.exe	Unicorn-8455.exe
PID 2120 wrote to memory of 2424	2120	Unicorn-21685.exe	Unicorn-43327.exe
PID 2120 wrote to memory of 2424	2120	Unicorn-21685.exe	Unicorn-43327.exe
PID 2120 wrote to memory of 2424	2120	Unicorn-21685.exe	Unicorn-43327.exe
PID 2120 wrote to memory of 2424	2120	Unicorn-21685.exe	Unicorn-43327.exe
PID 2120 wrote to memory of 3008	2120	Unicorn-21685.exe	WerFault.exe
PID 2120 wrote to memory of 3008	2120	Unicorn-21685.exe	WerFault.exe
PID 2120 wrote to memory of 3008	2120	Unicorn-21685.exe	WerFault.exe
PID 2120 wrote to memory of 3008	2120	Unicorn-21685.exe	WerFault.exe
PID 2872 wrote to memory of 2784	2872	Unicorn-35357.exe	Unicorn-50277.exe
PID 2872 wrote to memory of 2784	2872	Unicorn-35357.exe	Unicorn-50277.exe
PID 2872 wrote to memory of 2784	2872	Unicorn-35357.exe	Unicorn-50277.exe
PID 2872 wrote to memory of 2784	2872	Unicorn-35357.exe	Unicorn-50277.exe
PID 2572 wrote to memory of 2976	2572	Unicorn-8455.exe	Unicorn-48103.exe
PID 2572 wrote to memory of 2976	2572	Unicorn-8455.exe	Unicorn-48103.exe
PID 2572 wrote to memory of 2976	2572	Unicorn-8455.exe	Unicorn-48103.exe
PID 2572 wrote to memory of 2976	2572	Unicorn-8455.exe	Unicorn-48103.exe
PID 2696 wrote to memory of 2988	2696	Unicorn-15491.exe	Unicorn-61486.exe
PID 2696 wrote to memory of 2988	2696	Unicorn-15491.exe	Unicorn-61486.exe
PID 2696 wrote to memory of 2988	2696	Unicorn-15491.exe	Unicorn-61486.exe
PID 2696 wrote to memory of 2988	2696	Unicorn-15491.exe	Unicorn-61486.exe
PID 2424 wrote to memory of 1544	2424	Unicorn-43327.exe	Unicorn-16007.exe
PID 2424 wrote to memory of 1544	2424	Unicorn-43327.exe	Unicorn-16007.exe
PID 2424 wrote to memory of 1544	2424	Unicorn-43327.exe	Unicorn-16007.exe
PID 2424 wrote to memory of 1544	2424	Unicorn-43327.exe	Unicorn-16007.exe
PID 2696 wrote to memory of 2644	2696	Unicorn-15491.exe	WerFault.exe
PID 2696 wrote to memory of 2644	2696	Unicorn-15491.exe	WerFault.exe
PID 2696 wrote to memory of 2644	2696	Unicorn-15491.exe	WerFault.exe
PID 2696 wrote to memory of 2644	2696	Unicorn-15491.exe	WerFault.exe
PID 2872 wrote to memory of 2748	2872	Unicorn-35357.exe	WerFault.exe
PID 2872 wrote to memory of 2748	2872	Unicorn-35357.exe	WerFault.exe
PID 2872 wrote to memory of 2748	2872	Unicorn-35357.exe	WerFault.exe
PID 2872 wrote to memory of 2748	2872	Unicorn-35357.exe	WerFault.exe
PID 2784 wrote to memory of 2508	2784	Unicorn-50277.exe	Unicorn-11292.exe
PID 2784 wrote to memory of 2508	2784	Unicorn-50277.exe	Unicorn-11292.exe
PID 2784 wrote to memory of 2508	2784	Unicorn-50277.exe	Unicorn-11292.exe
PID 2784 wrote to memory of 2508	2784	Unicorn-50277.exe	Unicorn-11292.exe
PID 2572 wrote to memory of 1276	2572	Unicorn-8455.exe	Unicorn-57540.exe
PID 2572 wrote to memory of 1276	2572	Unicorn-8455.exe	Unicorn-57540.exe
PID 2572 wrote to memory of 1276	2572	Unicorn-8455.exe	Unicorn-57540.exe
PID 2572 wrote to memory of 1276	2572	Unicorn-8455.exe	Unicorn-57540.exe
PID 2976 wrote to memory of 2008	2976	Unicorn-48103.exe	Unicorn-11868.exe
PID 2976 wrote to memory of 2008	2976	Unicorn-48103.exe	Unicorn-11868.exe
PID 2976 wrote to memory of 2008	2976	Unicorn-48103.exe	Unicorn-11868.exe
PID 2976 wrote to memory of 2008	2976	Unicorn-48103.exe	Unicorn-11868.exe

C:\Users\Admin\AppData\Local\Temp\ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe
"C:\Users\Admin\AppData\Local\Temp\ad4cce2f86245edc2b3bf34fbf0bf66d6efda47348a7fc2659997ccce979d432.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
9⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
10⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
11⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
12⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
13⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
14⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
15⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
15⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
14⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 236
13⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
12⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 216
11⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
10⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
9⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
10⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
12⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
13⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
14⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
14⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
13⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
11⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 216
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
9⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
8⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
9⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
10⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31139.exe
11⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
12⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
13⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
14⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
15⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
14⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
13⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
12⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
11⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
10⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
9⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
8⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
8⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
9⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
10⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
11⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
12⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
13⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
14⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
15⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 236
14⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
13⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
12⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
11⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 216
10⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
9⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
8⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
11⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
12⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
13⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
14⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
14⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
13⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 236
11⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
9⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 220
8⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
7⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
8⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
11⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
12⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
13⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
14⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
14⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
13⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
12⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
9⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
8⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
10⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
11⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
12⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
11⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 236
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
8⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
7⤵
- Program crash
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
8⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
12⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
13⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
14⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 216
14⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
13⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
9⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
8⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
7⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
10⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
12⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
13⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 220
12⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 220
11⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
8⤵
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
7⤵
- Program crash
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
7⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
10⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
11⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
12⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
13⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
13⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
12⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
9⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
10⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
11⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
12⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
10⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 220
7⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
6⤵
- Program crash
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
5⤵
- Program crash
PID:720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
9⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
11⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
12⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
13⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
14⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 220
15⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
14⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
13⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
12⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
11⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
10⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
9⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
11⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
12⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
13⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
14⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
12⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
9⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
8⤵
- Program crash
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
10⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
11⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
12⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
13⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
13⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 220
11⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
8⤵
- Program crash
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
7⤵
- Program crash
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
8⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-50441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50441.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
11⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
12⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-39445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39445.exe
13⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
14⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
13⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
12⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
9⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
11⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
12⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
13⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
11⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
9⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
7⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
10⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
11⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
12⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
13⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
13⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
12⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
8⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
7⤵
- Program crash
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
6⤵
- Program crash
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-1362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1362.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
11⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
13⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
14⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 220
14⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
13⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
12⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
11⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
11⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
12⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
12⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
10⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
7⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
11⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 236
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 236
10⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-43121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43121.exe
11⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
12⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
13⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 216
13⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
11⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
7⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
6⤵
- Program crash
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
5⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
8⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
11⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
12⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
13⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
12⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 220
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
8⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
7⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
12⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
13⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
7⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
9⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
10⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
11⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 236
12⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 236
11⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
10⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
8⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
7⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
6⤵
- Program crash
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
7⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
10⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
11⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
12⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
13⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
13⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
12⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
11⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
10⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
8⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
7⤵
- Program crash
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
6⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
8⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
9⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
10⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
11⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
12⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 220
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
11⤵
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
10⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
8⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
7⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
6⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
5⤵
- Program crash
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
10⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
12⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
13⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
14⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 216
14⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 220
13⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
11⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
12⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\Unicorn-60956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60956.exe
13⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 216
13⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
8⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
7⤵
- Program crash
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
8⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
10⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
11⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
12⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-20993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20993.exe
13⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
14⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
14⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
13⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
12⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
11⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
12⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
12⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 220
8⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
7⤵
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
- Program crash
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
8⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
10⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
11⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
12⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
13⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
14⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
13⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
12⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
11⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
10⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
11⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
12⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 236
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
9⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
11⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
12⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
13⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
11⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 216
8⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
7⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
6⤵
- Executes dropped EXE
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
11⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
12⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 220
13⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
7⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 220
6⤵
- Program crash
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
5⤵
- Program crash
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
8⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
11⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
12⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
13⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
14⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
14⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
13⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
12⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-42171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42171.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
12⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
13⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
12⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
8⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
11⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
12⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
13⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
13⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
12⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
10⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
9⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
7⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
10⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
12⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
13⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
13⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
12⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 236
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
8⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
7⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
6⤵
- Program crash
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:724

C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
7⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48535.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
11⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
12⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 236
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
8⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 236
7⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
6⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
7⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
8⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
9⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
10⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
11⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 236
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
10⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
9⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
8⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
7⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
5⤵
- Program crash
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
8⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
11⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-10659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10659.exe
12⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
13⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
14⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 236
13⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
12⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 236
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
8⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
7⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
10⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
11⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-65205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65205.exe
12⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
13⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
11⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
8⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
7⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
7⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
10⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
11⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
12⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
13⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 236
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
11⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
7⤵
- Program crash
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
6⤵
- Program crash
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
7⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-14003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14003.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
12⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
13⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
12⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 236
11⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 236
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
9⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 216
8⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
7⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
6⤵
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
5⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
7⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
10⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
11⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
12⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 236
13⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
8⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
6⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exe
11⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 216
12⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
11⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
9⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
7⤵
- Program crash
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
6⤵
- Program crash
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
6⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
7⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
8⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
9⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
10⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
11⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 236
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
10⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
9⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
8⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
7⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
6⤵
- Program crash
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
5⤵
- Program crash
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
4⤵
- Program crash
PID:816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
3⤵
- Loads dropped DLL
- Program crash
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
2⤵
- Program crash
PID:1736

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
Filesize
184KB

MD5
c0ca873f5a130dc037b1582ebd1d1683

SHA1
0859eba5ac32ce5c03e787ebeec1511aeef77367

SHA256
86c6951bf7880ca4baf6955d466d977cafea1538fc93ee8c74bfd58a887782f2

SHA512
6174a800a3743760fa49f7475f49a2dcd6db80eb9af7ccb6c13149a5c29db655fdd3edd7fbb5cda9a79115a247211a7ef2deca3ffbd52e3cf2d52de660b47e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
Filesize
184KB

MD5
c6315d527c1526dfd1950fb704efc6f1

SHA1
1e15a935453ba019c96e005c110d69903ac4d48a

SHA256
b7dfd34a1eea5f21ad70331719ce5fbef10794ff76fd0f12706d39ace3d5d92f

SHA512
70164ba8cc78ddd70686c10c612e8f3c0d5deb0a344f7aad4d11eaaf946542e7c15e24e2a8ad06d81f9bf6de2ae7e04c2fbd66f54938673e4a9d1307be432447

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
Filesize
184KB

MD5
a45bed4eef6bbbf08fe231470253a3d8

SHA1
cdcd83e6bea4be4d01cf5aa87fde3cd5a98161bd

SHA256
507ccb284ff06edd2362a5fb88ddd7e31b834c46cd4e94e0331d9feebc1770f4

SHA512
590b4d82812cebf9d03c2f4b3b4b6bb785603c7ee472079e3cfa56a3223f9059acb976b023acafd7c6fe4e56733793a3cb20513ce152d9007e0e1cbf0e765cd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
Filesize
184KB

MD5
1b08bbb8009f1d048e0613bb2583e2a2

SHA1
3dec35c97d4ce74c39083043161bcde0f32ee20b

SHA256
73298ed3c32dcf14e0fe0a19d5320c641a3d6e25a1c3f89e1b00610903f29ad8

SHA512
cc60882ede0127abbdf906368114cf36d0d8a3966792479172a03f4eb8385052935b870774fd9c182c37d04d656d35e480e1697c0c6c0c53ccb05802e2aa605c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
Filesize
184KB

MD5
ff878d224429d0c05824991fc5999e65

SHA1
425924b2e244b848df66fdce5733d0bab497ab8d

SHA256
1cb830aeab4b58c261b27c96ab8d3884fb474344536e3a8906d0c2ac6c86716c

SHA512
c806c5b7172bf5f264f6a8657ca7fe53e849210536056010a82e0b8e504feb8c539433a41733416aeafd1e7bd509c16bd0d93bd16e2ad5f230ee899bd1198bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
Filesize
184KB

MD5
f8fe4502fe45597f339b4c45afbf7543

SHA1
ab15efb6145794cf691c7d05b2f02812ddc4cc22

SHA256
99db7833f73e2e18e996b6c6bef93c7252625f3a9aef0a9a3681051a92a20488

SHA512
ca3741e5fb59e102d9bca343fab2a7017a6215697de663e2f9db3ea07a8d7e74445e6102e43f12e90c4eb79f22b09fffe66cc13a1b6c82e8fa3e0127ca1af1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
Filesize
184KB

MD5
2893437eb5d6c28935da506e70adf3c3

SHA1
6aca86fc9b238ff72e28fce493d6fe9e3cc89a13

SHA256
922bcbd34fc205405034da7834a03e5b11b2e9236a8378e8052572d5f7e24a03

SHA512
83f2a0acfa72a5fcfaad7069ca59040a2bfa371523a610d3ca8c0d00a91195e9433522f0b26e013ab49c38d86929939bcdf8b8ce510eeea5b07dfda279c553c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
Filesize
184KB

MD5
c446126f360bbe924854ea800d20a196

SHA1
6737f1ab4ba0c1f063f443a8c029824a6008ba87

SHA256
0ae92f966a943e63ad073ce22198fa938dd8c4d8283d311be3b155d8720ee598

SHA512
126d617e18771b8ab6b0efede5b7ee6d14fc6f27272f4a18657c759d538a9565c8facbd96ef28da6c0f4ef55295c33c84cdb3d6506fa0bd1822686eb456b644a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
Filesize
184KB

MD5
f68b85c24bd94a3ce3764926a4487a83

SHA1
d44296b7931212a95cbcc829faa70df0a820f1e9

SHA256
947193fb89c023fe9409bdc199be3b247c045ad1600b12a5f5b13d025bfabfd4

SHA512
590c8b715b94c3ae3426e61e9f665080038147e2d53fd6a5f8c11329dd97b340f0d26431c6288efb8203eb70e029e20b80696c3178419c5405450720554b492c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
Filesize
184KB

MD5
f36c85d6a7efa79e24fbedfc54053f3f

SHA1
75e6039695b1ce7c10678fea588ec108875d82cf

SHA256
eb64f22a1ca83d1635b1ad006592d2757caf917f66aa6c44ff1892ec7287436e

SHA512
76e8b197d4f424856e145b8985fb8a3f58ad1ee001cb789b6da09411dd55ea7152e40eb63bc6f2848cedcd62eb1431b1c1b3f2e97474b99c83d1a25a472fac42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
Filesize
184KB

MD5
17d0b9c89e780c90982be532cfd90e1d

SHA1
ada3d8ffe44ba7fda392e98ee4f84595e258e83d

SHA256
2f904d0835e920ec40143ccc07c34d1017194a61588df4b248e97b402c190eb7

SHA512
eccf8b00acb528a55f44d0dac33817eadb28655b191952eb2b65460bb05375da77d3a0efca2f1d9afeca5ec6e0f8ff4cadc18cc35ccea2756d18c4814ace3b12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe
Filesize
184KB

MD5
bc9160592debb4b52c4315d8e1c61e90

SHA1
94f893b074997e10d151d5ef22d6871c9dfc1921

SHA256
8e6fa40f666acf11bea853ec6898d8a70c5e1afbf0d0b846d2fb5821afd325ab

SHA512
387e65efe9bbf0266abc8e2ccb8cafbc20d4acf4ae0424299d3739d1734facbf7e459021667c2592304a855a0e56d93be09b6b5cd13eeb5c3627c8bbd4d71a27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
Filesize
184KB

MD5
9881ab775b143ca50b42711df19a1036

SHA1
c7c69bfe122feefd5b50f81de9942793218e1d23

SHA256
9863cf7ebdedcb5161dd3f8fd2e0813328c4c909d75d96ed0f08a654c3e31918

SHA512
a3888875c74a76168fdf8e568661daac21c1b15432531f18604b7fab11cecfebf465f49a7a313ccaa20b91a5763bf8ee97da99e81ac86393d3a6e93fb31932ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
Filesize
184KB

MD5
a172d06d0a340843c37f938d51bff83f

SHA1
85b3084613f96426be882ff1a909a0289dddd130

SHA256
474d225641e7cd535fc8c8dee09606f2f7296eb75faf476d316ab498c85f266f

SHA512
c662b4d551a044c9a198a5d846f6b08142181a8260dae73099f512c7ea517230a004f1194f014c12099c9c4a721780fb5ada90d3bd681205ae4c81f6c8187c9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
Filesize
184KB

MD5
812fe8c1629319e6d65314ab14f1ecb6

SHA1
bad7c06b5c9342116bf6a276e3375b9a0b2d9716

SHA256
f9ae7b297d54cda1f1d84692ba8fccbbc4979fd92b8013d46ff04df14cf465e4

SHA512
9c80d8cfb78094c60a2caa8682e3b7289905ab5c6999af9dac2480aadfa10d055838f7bce53fb2385d253e227aee902942e771f9f5e0e3f46f216833e06df3cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
Filesize
184KB

MD5
98f030a5f1920c8d472ebb1421a5047a

SHA1
af86ba730a9b743bbcb90e34ef54fe81d2cb90b1

SHA256
7589483c778c3c0b630c0ae6877b4a4b8dcf1f3f84262f1d4d79c7d8360c024b

SHA512
478b549fa264413c9aca6895dc99d39e0f3ab0d464288d40f1aabd277b50c51648a75af6ddd678565ba01f1f87604ffb02cde7d1a8f00372e7e659a8d0967e30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
Filesize
184KB

MD5
82beb4fb111af5961d4582439c6d072a

SHA1
a906804088ffaac886298ba20af1e4dfb32bcd10

SHA256
dc21c6ba36e2417708f0d4db593734eea0516a2d34170fbc260bb84dd92f6e9c

SHA512
c7575ea49f795e1816f58a02513dc35f275dc42e7603bee72d656fda4d5b893bada5e5aaa32f8c250c7ca9be216be8e14a266c9c990afca97fe864612255f921

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
Filesize
184KB

MD5
c6815d1a435b31c40ef6ddaedf5cf131

SHA1
eceff28b35781ae59c616b78e544b15bfe1a99ce

SHA256
cb6786a2f55850d45b02427193ea79f6438f5bf20803cac27d098724f0459719

SHA512
df546d97bcb7ba14d07802f8c499665fc7d0da5ba9aac6e1ab8823afd07d00a56e40678b8cdb1703d47f1fac5cc9051e44b9276fa9de79825106499da15038fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
Filesize
184KB

MD5
27ba7ee74139afa4786aa4745e207c1d

SHA1
e1f3f3485971a180bf5cdb7559e766e0d7334071

SHA256
eed3b512ebb5c5509d91912bb6dbdb3f2b67988def99dfd84313050450bb413f

SHA512
54d96e9b15aef810a33454c10e20b7ec409e0fb323241c49f411515607d47492eaec5ad3dd8629ef41134e3144a35a40168e1653b0b69fec7ef1a1df35ce63fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
Filesize
184KB

MD5
f05c25ffade326ecee05a94ca429ec5b

SHA1
5ae8a52aead6446e7e808792850fff4322753c86

SHA256
d6614b0e7f7a67edcc8d35d83e83b9da6b37a5ad6579e53c130853dc84b10dbc

SHA512
2ca526f9e75670a362231ad1951868bdc85f1f915530849197c35e684697167d4bc797aaf45a009f5e1dc98c5f17ced8fd8dc22902a4b5705b67aca1c4b786f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads