52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812

Analysis

max time kernel
132s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
Size

184KB
MD5

c4b732e883e4a3d3dfe5a15d7a5f8d71
SHA1

f03d98ef806a7e686bf3ea63f9212ca7efac69ab
SHA256

52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812
SHA512

506da1b17ecf2badd571c77702d392118043344862d380c2fb66cf7404b6edfd3d708cf903aea2ba87bb408b603ee72f688e977f09284ef79a69f37e56df0bb5
SSDEEP

1536:XRZY6jZ5uXE8o5x1QROAlOwMFl9yvZc8lmdHwwLR2bQrt6hl5hj5nWzpve:BZeXE8ofuRO7dFPWe+wLRDB6hlnVWFm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-55802.exeUnicorn-48786.exeUnicorn-28920.exeUnicorn-42647.exeUnicorn-11920.exeUnicorn-26865.exeUnicorn-26394.exeUnicorn-25002.exeUnicorn-820.exeUnicorn-63897.exeUnicorn-18226.exeUnicorn-19378.exeUnicorn-52797.exeUnicorn-11209.exeUnicorn-17240.exeUnicorn-52050.exeUnicorn-4987.exeUnicorn-50659.exeUnicorn-19932.exeUnicorn-950.exeUnicorn-46622.exeUnicorn-5034.exeUnicorn-58319.exeUnicorn-38453.exeUnicorn-38475.exeUnicorn-53420.exeUnicorn-26223.exeUnicorn-26223.exeUnicorn-61033.exeUnicorn-10441.exeUnicorn-10441.exeUnicorn-32829.exeUnicorn-51303.exeUnicorn-711.exeUnicorn-55387.exeUnicorn-4795.exeUnicorn-12408.exeUnicorn-47219.exeUnicorn-62164.exeUnicorn-24914.exeUnicorn-732.exeUnicorn-34151.exeUnicorn-15122.exeUnicorn-12662.exeUnicorn-1801.exeUnicorn-37489.exeUnicorn-54894.exeUnicorn-21707.exeUnicorn-21707.exeUnicorn-41573.exeUnicorn-61692.exeUnicorn-30966.exeUnicorn-34234.exeUnicorn-34234.exeUnicorn-21236.exeUnicorn-36180.exeUnicorn-40264.exeUnicorn-4899.exeUnicorn-31542.exeUnicorn-53908.exeUnicorn-53908.exeUnicorn-38126.exeUnicorn-38126.exeUnicorn-27266.exe

pid	process
1284	Unicorn-55802.exe
2552	Unicorn-48786.exe
2884	Unicorn-28920.exe
2528	Unicorn-42647.exe
2600	Unicorn-11920.exe
2648	Unicorn-26865.exe
2300	Unicorn-26394.exe
1592	Unicorn-25002.exe
1864	Unicorn-820.exe
2004	Unicorn-63897.exe
768	Unicorn-18226.exe
1716	Unicorn-19378.exe
2796	Unicorn-52797.exe
2040	Unicorn-11209.exe
1176	Unicorn-17240.exe
336	Unicorn-52050.exe
1168	Unicorn-4987.exe
596	Unicorn-50659.exe
1772	Unicorn-19932.exe
2764	Unicorn-950.exe
860	Unicorn-46622.exe
1820	Unicorn-5034.exe
320	Unicorn-58319.exe
1012	Unicorn-38453.exe
2104	Unicorn-38475.exe
2780	Unicorn-53420.exe
3044	Unicorn-26223.exe
1944	Unicorn-26223.exe
828	Unicorn-61033.exe
2012	Unicorn-10441.exe
1468	Unicorn-10441.exe
2224	Unicorn-32829.exe
2220	Unicorn-51303.exe
2520	Unicorn-711.exe
2616	Unicorn-55387.exe
2536	Unicorn-4795.exe
2576	Unicorn-12408.exe
2460	Unicorn-47219.exe
2404	Unicorn-62164.exe
776	Unicorn-24914.exe
1900	Unicorn-732.exe
2480	Unicorn-34151.exe
296	Unicorn-15122.exe
644	Unicorn-12662.exe
1544	Unicorn-1801.exe
1276	Unicorn-37489.exe
3048	Unicorn-54894.exe
2128	Unicorn-21707.exe
1912	Unicorn-21707.exe
1616	Unicorn-41573.exe
328	Unicorn-61692.exe
1088	Unicorn-30966.exe
1700	Unicorn-34234.exe
1628	Unicorn-34234.exe
2784	Unicorn-21236.exe
332	Unicorn-36180.exe
1996	Unicorn-40264.exe
1408	Unicorn-4899.exe
2344	Unicorn-31542.exe
1960	Unicorn-53908.exe
2724	Unicorn-53908.exe
2904	Unicorn-38126.exe
2624	Unicorn-38126.exe
2092	Unicorn-27266.exe

Loads dropped DLL 64 IoCs

Processes:

52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exeUnicorn-55802.exeUnicorn-28920.exeUnicorn-48786.exeWerFault.exeUnicorn-42647.exeUnicorn-11920.exeUnicorn-26865.exeWerFault.exeWerFault.exeUnicorn-26394.exeUnicorn-25002.exeUnicorn-63897.exeUnicorn-18226.exeUnicorn-820.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
1284	Unicorn-55802.exe
1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
1284	Unicorn-55802.exe
2884	Unicorn-28920.exe
2552	Unicorn-48786.exe
2884	Unicorn-28920.exe
2552	Unicorn-48786.exe
1284	Unicorn-55802.exe
1284	Unicorn-55802.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2528	Unicorn-42647.exe
2528	Unicorn-42647.exe
2884	Unicorn-28920.exe
2884	Unicorn-28920.exe
2600	Unicorn-11920.exe
2600	Unicorn-11920.exe
2648	Unicorn-26865.exe
2552	Unicorn-48786.exe
2648	Unicorn-26865.exe
2552	Unicorn-48786.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2700	WerFault.exe
2700	WerFault.exe
2700	WerFault.exe
2700	WerFault.exe
2244	WerFault.exe
2700	WerFault.exe
2300	Unicorn-26394.exe
2300	Unicorn-26394.exe
2528	Unicorn-42647.exe
2528	Unicorn-42647.exe
1592	Unicorn-25002.exe
1592	Unicorn-25002.exe
2004	Unicorn-63897.exe
2004	Unicorn-63897.exe
768	Unicorn-18226.exe
768	Unicorn-18226.exe
1864	Unicorn-820.exe
1864	Unicorn-820.exe
2648	Unicorn-26865.exe
2648	Unicorn-26865.exe
2600	Unicorn-11920.exe
2600	Unicorn-11920.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
452	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2740	1964	WerFault.exe	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
2864	1284	WerFault.exe	Unicorn-55802.exe
2244	2884	WerFault.exe	Unicorn-28920.exe
2700	2552	WerFault.exe	Unicorn-48786.exe
1968	2528	WerFault.exe	Unicorn-42647.exe
3020	2600	WerFault.exe	Unicorn-11920.exe
452	2648	WerFault.exe	Unicorn-26865.exe
1556	2300	WerFault.exe	Unicorn-26394.exe
1672	1592	WerFault.exe	Unicorn-25002.exe
2640	2004	WerFault.exe	Unicorn-63897.exe
2332	1864	WerFault.exe	Unicorn-820.exe
2628	768	WerFault.exe	Unicorn-18226.exe
1140	1716	WerFault.exe	Unicorn-19378.exe
984	2796	WerFault.exe	Unicorn-52797.exe
2260	2040	WerFault.exe	Unicorn-11209.exe
1980	1176	WerFault.exe	Unicorn-17240.exe
1676	336	WerFault.exe	Unicorn-52050.exe
1748	596	WerFault.exe	Unicorn-50659.exe
1352	1168	WerFault.exe	Unicorn-4987.exe
968	1772	WerFault.exe	Unicorn-19932.exe
888	860	WerFault.exe	Unicorn-46622.exe
2380	1820	WerFault.exe	Unicorn-5034.exe
1280	2764	WerFault.exe	Unicorn-950.exe
2792	1012	WerFault.exe	Unicorn-38453.exe
1060	320	WerFault.exe	Unicorn-58319.exe
2664	2104	WerFault.exe	Unicorn-38475.exe
2484	1628	WerFault.exe	Unicorn-34234.exe
2408	1700	WerFault.exe	Unicorn-34234.exe
1496	3044	WerFault.exe	Unicorn-26223.exe
1488	2780	WerFault.exe	Unicorn-53420.exe
912	1944	WerFault.exe	Unicorn-26223.exe
2164	2012	WerFault.exe	Unicorn-10441.exe
1048	828	WerFault.exe	Unicorn-61033.exe
1572	1468	WerFault.exe	Unicorn-10441.exe
3396	2224	WerFault.exe	Unicorn-32829.exe
3404	2220	WerFault.exe	Unicorn-51303.exe
3472	2368	WerFault.exe	Unicorn-7120.exe
3656	2128	WerFault.exe	Unicorn-21707.exe
3680	2460	WerFault.exe	Unicorn-47219.exe
3704	2520	WerFault.exe	Unicorn-711.exe
3732	1912	WerFault.exe	Unicorn-21707.exe
3740	2576	WerFault.exe	Unicorn-12408.exe
3748	2536	WerFault.exe	Unicorn-4795.exe
3804	1544	WerFault.exe	Unicorn-1801.exe
3836	1276	WerFault.exe	Unicorn-37489.exe
3844	1616	WerFault.exe	Unicorn-41573.exe
3860	2480	WerFault.exe	Unicorn-34151.exe
3884	1900	WerFault.exe	Unicorn-732.exe
3916	2404	WerFault.exe	Unicorn-62164.exe
3940	644	WerFault.exe	Unicorn-12662.exe
3968	296	WerFault.exe	Unicorn-15122.exe
4004	3048	WerFault.exe	Unicorn-54894.exe
4024	2616	WerFault.exe	Unicorn-55387.exe
4048	776	WerFault.exe	Unicorn-24914.exe
3188	1088	WerFault.exe	Unicorn-30966.exe
3200	328	WerFault.exe	Unicorn-61692.exe
3224	332	WerFault.exe	Unicorn-36180.exe
3248	2784	WerFault.exe	Unicorn-21236.exe
3260	1996	WerFault.exe	Unicorn-40264.exe
3308	1408	WerFault.exe	Unicorn-4899.exe
3332	2344	WerFault.exe	Unicorn-31542.exe
3388	1960	WerFault.exe	Unicorn-53908.exe
3496	2724	WerFault.exe	Unicorn-53908.exe
3576	2092	WerFault.exe	Unicorn-27266.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exeUnicorn-55802.exeUnicorn-28920.exeUnicorn-48786.exeUnicorn-42647.exeUnicorn-26865.exeUnicorn-11920.exeUnicorn-26394.exeUnicorn-25002.exeUnicorn-820.exeUnicorn-63897.exeUnicorn-18226.exeUnicorn-19378.exeUnicorn-52797.exeUnicorn-11209.exeUnicorn-17240.exeUnicorn-52050.exeUnicorn-4987.exeUnicorn-50659.exeUnicorn-19932.exeUnicorn-950.exeUnicorn-46622.exeUnicorn-5034.exeUnicorn-58319.exeUnicorn-38453.exeUnicorn-38475.exeUnicorn-53420.exeUnicorn-26223.exeUnicorn-26223.exeUnicorn-61033.exeUnicorn-10441.exeUnicorn-10441.exeUnicorn-32829.exeUnicorn-51303.exeUnicorn-711.exeUnicorn-55387.exeUnicorn-4795.exeUnicorn-12408.exeUnicorn-47219.exeUnicorn-62164.exeUnicorn-24914.exeUnicorn-732.exeUnicorn-34151.exeUnicorn-1801.exeUnicorn-15122.exeUnicorn-12662.exeUnicorn-21707.exeUnicorn-37489.exeUnicorn-21707.exeUnicorn-54894.exeUnicorn-41573.exeUnicorn-61692.exeUnicorn-30966.exeUnicorn-34234.exeUnicorn-34234.exeUnicorn-21236.exeUnicorn-36180.exeUnicorn-40264.exeUnicorn-4899.exeUnicorn-31542.exeUnicorn-53908.exeUnicorn-53908.exeUnicorn-38126.exeUnicorn-38126.exe

pid	process
1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
1284	Unicorn-55802.exe
2884	Unicorn-28920.exe
2552	Unicorn-48786.exe
2528	Unicorn-42647.exe
2648	Unicorn-26865.exe
2600	Unicorn-11920.exe
2300	Unicorn-26394.exe
1592	Unicorn-25002.exe
1864	Unicorn-820.exe
2004	Unicorn-63897.exe
768	Unicorn-18226.exe
1716	Unicorn-19378.exe
2796	Unicorn-52797.exe
2040	Unicorn-11209.exe
1176	Unicorn-17240.exe
336	Unicorn-52050.exe
1168	Unicorn-4987.exe
596	Unicorn-50659.exe
1772	Unicorn-19932.exe
2764	Unicorn-950.exe
860	Unicorn-46622.exe
1820	Unicorn-5034.exe
320	Unicorn-58319.exe
1012	Unicorn-38453.exe
2104	Unicorn-38475.exe
2780	Unicorn-53420.exe
3044	Unicorn-26223.exe
1944	Unicorn-26223.exe
828	Unicorn-61033.exe
1468	Unicorn-10441.exe
2012	Unicorn-10441.exe
2224	Unicorn-32829.exe
2220	Unicorn-51303.exe
2520	Unicorn-711.exe
2616	Unicorn-55387.exe
2536	Unicorn-4795.exe
2576	Unicorn-12408.exe
2460	Unicorn-47219.exe
2404	Unicorn-62164.exe
776	Unicorn-24914.exe
1900	Unicorn-732.exe
2480	Unicorn-34151.exe
1544	Unicorn-1801.exe
296	Unicorn-15122.exe
644	Unicorn-12662.exe
2128	Unicorn-21707.exe
1276	Unicorn-37489.exe
1912	Unicorn-21707.exe
3048	Unicorn-54894.exe
1616	Unicorn-41573.exe
328	Unicorn-61692.exe
1088	Unicorn-30966.exe
1700	Unicorn-34234.exe
1628	Unicorn-34234.exe
2784	Unicorn-21236.exe
332	Unicorn-36180.exe
1996	Unicorn-40264.exe
1408	Unicorn-4899.exe
2344	Unicorn-31542.exe
1960	Unicorn-53908.exe
2724	Unicorn-53908.exe
2624	Unicorn-38126.exe
2904	Unicorn-38126.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exeUnicorn-55802.exeUnicorn-28920.exeUnicorn-48786.exeUnicorn-42647.exeUnicorn-11920.exeUnicorn-26865.exeUnicorn-26394.exe

description	pid	process	target process
PID 1964 wrote to memory of 1284	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-55802.exe
PID 1964 wrote to memory of 1284	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-55802.exe
PID 1964 wrote to memory of 1284	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-55802.exe
PID 1964 wrote to memory of 1284	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-55802.exe
PID 1964 wrote to memory of 2884	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-28920.exe
PID 1964 wrote to memory of 2884	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-28920.exe
PID 1964 wrote to memory of 2884	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-28920.exe
PID 1964 wrote to memory of 2884	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	Unicorn-28920.exe
PID 1284 wrote to memory of 2552	1284	Unicorn-55802.exe	Unicorn-48786.exe
PID 1284 wrote to memory of 2552	1284	Unicorn-55802.exe	Unicorn-48786.exe
PID 1284 wrote to memory of 2552	1284	Unicorn-55802.exe	Unicorn-48786.exe
PID 1284 wrote to memory of 2552	1284	Unicorn-55802.exe	Unicorn-48786.exe
PID 1964 wrote to memory of 2740	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	WerFault.exe
PID 1964 wrote to memory of 2740	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	WerFault.exe
PID 1964 wrote to memory of 2740	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	WerFault.exe
PID 1964 wrote to memory of 2740	1964	52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe	WerFault.exe
PID 2884 wrote to memory of 2528	2884	Unicorn-28920.exe	Unicorn-42647.exe
PID 2884 wrote to memory of 2528	2884	Unicorn-28920.exe	Unicorn-42647.exe
PID 2884 wrote to memory of 2528	2884	Unicorn-28920.exe	Unicorn-42647.exe
PID 2884 wrote to memory of 2528	2884	Unicorn-28920.exe	Unicorn-42647.exe
PID 2552 wrote to memory of 2600	2552	Unicorn-48786.exe	Unicorn-11920.exe
PID 2552 wrote to memory of 2600	2552	Unicorn-48786.exe	Unicorn-11920.exe
PID 2552 wrote to memory of 2600	2552	Unicorn-48786.exe	Unicorn-11920.exe
PID 2552 wrote to memory of 2600	2552	Unicorn-48786.exe	Unicorn-11920.exe
PID 1284 wrote to memory of 2648	1284	Unicorn-55802.exe	Unicorn-26865.exe
PID 1284 wrote to memory of 2648	1284	Unicorn-55802.exe	Unicorn-26865.exe
PID 1284 wrote to memory of 2648	1284	Unicorn-55802.exe	Unicorn-26865.exe
PID 1284 wrote to memory of 2648	1284	Unicorn-55802.exe	Unicorn-26865.exe
PID 1284 wrote to memory of 2864	1284	Unicorn-55802.exe	WerFault.exe
PID 1284 wrote to memory of 2864	1284	Unicorn-55802.exe	WerFault.exe
PID 1284 wrote to memory of 2864	1284	Unicorn-55802.exe	WerFault.exe
PID 1284 wrote to memory of 2864	1284	Unicorn-55802.exe	WerFault.exe
PID 2528 wrote to memory of 2300	2528	Unicorn-42647.exe	Unicorn-26394.exe
PID 2528 wrote to memory of 2300	2528	Unicorn-42647.exe	Unicorn-26394.exe
PID 2528 wrote to memory of 2300	2528	Unicorn-42647.exe	Unicorn-26394.exe
PID 2528 wrote to memory of 2300	2528	Unicorn-42647.exe	Unicorn-26394.exe
PID 2884 wrote to memory of 1592	2884	Unicorn-28920.exe	Unicorn-25002.exe
PID 2884 wrote to memory of 1592	2884	Unicorn-28920.exe	Unicorn-25002.exe
PID 2884 wrote to memory of 1592	2884	Unicorn-28920.exe	Unicorn-25002.exe
PID 2884 wrote to memory of 1592	2884	Unicorn-28920.exe	Unicorn-25002.exe
PID 2600 wrote to memory of 1864	2600	Unicorn-11920.exe	Unicorn-820.exe
PID 2600 wrote to memory of 1864	2600	Unicorn-11920.exe	Unicorn-820.exe
PID 2600 wrote to memory of 1864	2600	Unicorn-11920.exe	Unicorn-820.exe
PID 2600 wrote to memory of 1864	2600	Unicorn-11920.exe	Unicorn-820.exe
PID 2648 wrote to memory of 768	2648	Unicorn-26865.exe	Unicorn-18226.exe
PID 2648 wrote to memory of 768	2648	Unicorn-26865.exe	Unicorn-18226.exe
PID 2648 wrote to memory of 768	2648	Unicorn-26865.exe	Unicorn-18226.exe
PID 2648 wrote to memory of 768	2648	Unicorn-26865.exe	Unicorn-18226.exe
PID 2552 wrote to memory of 2004	2552	Unicorn-48786.exe	Unicorn-63897.exe
PID 2552 wrote to memory of 2004	2552	Unicorn-48786.exe	Unicorn-63897.exe
PID 2552 wrote to memory of 2004	2552	Unicorn-48786.exe	Unicorn-63897.exe
PID 2552 wrote to memory of 2004	2552	Unicorn-48786.exe	Unicorn-63897.exe
PID 2884 wrote to memory of 2244	2884	Unicorn-28920.exe	WerFault.exe
PID 2884 wrote to memory of 2244	2884	Unicorn-28920.exe	WerFault.exe
PID 2884 wrote to memory of 2244	2884	Unicorn-28920.exe	WerFault.exe
PID 2884 wrote to memory of 2244	2884	Unicorn-28920.exe	WerFault.exe
PID 2552 wrote to memory of 2700	2552	Unicorn-48786.exe	WerFault.exe
PID 2552 wrote to memory of 2700	2552	Unicorn-48786.exe	WerFault.exe
PID 2552 wrote to memory of 2700	2552	Unicorn-48786.exe	WerFault.exe
PID 2552 wrote to memory of 2700	2552	Unicorn-48786.exe	WerFault.exe
PID 2300 wrote to memory of 1716	2300	Unicorn-26394.exe	Unicorn-19378.exe
PID 2300 wrote to memory of 1716	2300	Unicorn-26394.exe	Unicorn-19378.exe
PID 2300 wrote to memory of 1716	2300	Unicorn-26394.exe	Unicorn-19378.exe
PID 2300 wrote to memory of 1716	2300	Unicorn-26394.exe	Unicorn-19378.exe

C:\Users\Admin\AppData\Local\Temp\52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe
"C:\Users\Admin\AppData\Local\Temp\52cdf2de23a4929e14be7705cc99df5f923b4fea8bef923d2ec3ee14c0fbb812.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
9⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
10⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
11⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
12⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
13⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\UnicornÑ24506.exe
C:\Users\Admin\AppData\Local\Temp\UnicornÑ24506.exe
14⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\UnicornÑ42791.exe
C:\Users\Admin\AppData\Local\Temp\UnicornÑ42791.exe
15⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
15⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 236
14⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
13⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
12⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
11⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
9⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-60426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60426.exe
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
11⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
12⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
13⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
14⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
14⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
13⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
12⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
11⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
10⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 220
9⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
8⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
10⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 220
11⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
11⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
12⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
13⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
13⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
12⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
9⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
8⤵
- Program crash
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
8⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
9⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
11⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
12⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
13⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
14⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
14⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
13⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
12⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
11⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
8⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
12⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 220
13⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 216
9⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
8⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
7⤵
- Program crash
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
8⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
11⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
12⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
13⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
14⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
14⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
8⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
12⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
13⤵
PID:12044

C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
14⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
13⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
11⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
10⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
11⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
12⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 236
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
11⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 220
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
7⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
8⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
11⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
12⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 236
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
12⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
9⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
8⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
7⤵
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
6⤵
- Program crash
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
8⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
11⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
12⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
13⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 220
14⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
13⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
12⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
11⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
11⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
12⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
13⤵
PID:11832

C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
14⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
13⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
12⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
9⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 220
8⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
7⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
11⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
12⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
13⤵
PID:12612

C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
14⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
9⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
8⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
7⤵
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
7⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
11⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
12⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
13⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
13⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
12⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
9⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
7⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
8⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
11⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 220
11⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
8⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 220
7⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 220
6⤵
- Program crash
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
8⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
10⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
11⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
12⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
12⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
8⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
11⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
12⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
13⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
12⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 236
11⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
10⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
11⤵
PID:9468

C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
12⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
12⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
10⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
9⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
8⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
7⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
11⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
13⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
13⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 220
12⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
11⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
10⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
9⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 216
8⤵
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
7⤵
- Program crash
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
8⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
11⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
12⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
13⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
12⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
10⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
9⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
8⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
7⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
11⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 220
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 236
9⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
8⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
9⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
10⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
11⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
11⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
10⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
9⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 220
8⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
7⤵
- Program crash
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
6⤵
- Program crash
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
7⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
10⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
11⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
9⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
9⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
10⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
11⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
10⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
9⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 220
8⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
7⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
6⤵
- Program crash
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
5⤵
- Program crash
PID:2640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
11⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
12⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
13⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
14⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
14⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
13⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
12⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
10⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
8⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
11⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
12⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
13⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 220
13⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
12⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
11⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
8⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
7⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
12⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
13⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
11⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
10⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-4448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4448.exe
11⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
12⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
11⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 240
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
8⤵
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
7⤵
- Program crash
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
7⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
10⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
12⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
13⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 236
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 216
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
7⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
10⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
11⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
12⤵
PID:11924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
13⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
11⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 236
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
9⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
8⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
7⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
6⤵
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
7⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
8⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 220
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
7⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
6⤵
- Program crash
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
5⤵
- Program crash
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
6⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
10⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
11⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
12⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
11⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
10⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 236
9⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
8⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
7⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
6⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
7⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
8⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
9⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
10⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
11⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
11⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
10⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
9⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 236
8⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
7⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
6⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
5⤵
- Program crash
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
9⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
11⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-49622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49622.exe
12⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
13⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
14⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
14⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
13⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
12⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
11⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
12⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 236
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
10⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
9⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
11⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
12⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
13⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
12⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
11⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
10⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
9⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
8⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
10⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
11⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
12⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
13⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
13⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
12⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
11⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
9⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
8⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
7⤵
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
7⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
10⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
11⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
12⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
12⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
11⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
7⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
6⤵
- Program crash
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
8⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 244
9⤵
- Program crash
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
10⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
11⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
12⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
13⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 216
13⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
12⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
8⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
7⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
8⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 240
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
10⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
11⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
8⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
7⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
7⤵
- Program crash
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
6⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
5⤵
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
8⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
10⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
11⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
12⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
13⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
14⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 220
14⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
13⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
11⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
11⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
12⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
13⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
13⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
12⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 220
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-64250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64250.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
10⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-50691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50691.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
12⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
13⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
13⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
12⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
11⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
10⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
10⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
11⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
12⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 236
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 220
9⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
8⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
7⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
10⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
11⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
12⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 220
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
11⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 236
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 220
11⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 220
9⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
8⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
7⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
7⤵
- Program crash
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
6⤵
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
7⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
10⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
11⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
11⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
7⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
6⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
8⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
9⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
10⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
11⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
10⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
9⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
8⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
7⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
6⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
5⤵
- Program crash
PID:984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
8⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
11⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
13⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
14⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 236
12⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
9⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
8⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
7⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 220
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
8⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
7⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
7⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 228
9⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
8⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
7⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
6⤵
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
6⤵
- Executes dropped EXE
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
7⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
8⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
11⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
12⤵
PID:11624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
13⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
11⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
10⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
8⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
7⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
6⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
7⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
9⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
10⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
11⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
10⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
9⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
8⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
7⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
6⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
5⤵
- Program crash
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
9⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
12⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
12⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
11⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 236
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 216
8⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
7⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
6⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
7⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
8⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
9⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
10⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 236
10⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
9⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
8⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 216
7⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
6⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27349.exe
6⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
7⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
8⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
9⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
10⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
9⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
8⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
7⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
6⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
5⤵
- Program crash
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
4⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
2⤵
- Program crash
PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe

Filesize
184KB

MD5
a4180de2bffae6c35d26fff27529e248

SHA1
bbb3adb2e504396ebb654059f97ad8a3a4f4bc7d

SHA256
1fd627b5d6aa505c00c73abd9b2f53cd7f66c202e5af58b72f528d7924ee5190

SHA512
d48bf0e1d747af983739d4a3c21f2ddd393138a86a41f188be3f36749d0f66ebae091b444221a0b9db16c717b0d0da499987e69bbfa1c339a7c1461d63c89771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe

Filesize
184KB

MD5
de8c62d38269810b573e881595c1dd29

SHA1
71553b6801cd66276bd27385baa245be89a8fe7d

SHA256
ee1e193e089548adf592b3393db1898fab9a818f8c34e8228b31fe5ee2b1db34

SHA512
6602e0c0c1ed2b1d980055bb8b7460c918723bf699241e1cd459d2aac861e5348c871aab8fc92f2f148c3d3737a343063d06371f824e5f05bd62abf06cee0185

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe

Filesize
184KB

MD5
0a497c5229f300d4007f8d8e1ae03b28

SHA1
45e1096bd9249483f95e97bc94627ea0efb4a4d0

SHA256
dac7a75a62a5c7c425d3f78da1361d1eac4349b7b0544c6676c30f90bc4b9f34

SHA512
08e9a9334fee69a5d88db3fa3d2af8cc8969c9535811f56d7d08982e5eac1e1a4d2b1113d3e52169e4f213bc28c0791be5b41b546e56d5e258a00fe9db5180ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe

Filesize
184KB

MD5
b9e044ec7feca3cfa418fcfb54200bdb

SHA1
a5140c3c076c4c422901f0c4b60948e77689204a

SHA256
a570c1e6b425f817d8b2c0163b63504f26e69d991707a990dcdd2000700c8d1f

SHA512
f100db9e7e1a5de1e8de301cfb3d31bf79b63ad0a2226f479c432c6736291bb410a05b4d157706390034b18c129f296fdf4d718cc9eb538916bba8405c419b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe

Filesize
184KB

MD5
24553f61e959999c25c811bbb16c08a7

SHA1
c465b811f3c354caff38d2ed0e240eb85b191e69

SHA256
6d720697de1dc4597ad685a71adeebe267bbcfd76902e9336e5c3f70c62191f5

SHA512
059ef58fcf764fb14e8f99b14271421f7bbe92a97ad74fe21060fc0b550acef0fbbd3f4f7583e069e0f9e26922dda61f2d95f9230acb8b767156dffe24a3419d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe

Filesize
184KB

MD5
33a06edec20ca0ca868275b0ad923cc9

SHA1
cb366c2056670f54ec2e2ffdf3a0cceb07ef2e88

SHA256
b6f1206a95f62163189737b808fb33a29043356bd7b4586c28f157b0cb266ac7

SHA512
1081b90fe93ec15184b448d09580fb069b4e072c6536d54786fbc48dbb8871c33fff24fe6edd53a22b1ae97327cffebdfd4881691c18bd5cd880900dfc22c30f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe

Filesize
184KB

MD5
9c6cf2271feef4b701fe7519ce82ff21

SHA1
9194122a9c6629724aaa800c893cc15ce89e66b0

SHA256
e17d28d03a0fc0d359797c81f9dda27edaf7514d1197b71a00a6748480fe0be3

SHA512
20180e1bd071f3aaee7752aa912aae59d94692770183ef72731c560392e8ddb1ee1632bb6d53feb749ffbd38536877b49db281d6458c013fe591a06a9ba76906

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe

Filesize
184KB

MD5
ea4a438ab02ce06f7a140fb4d70fa47e

SHA1
a237d6f31b5813ebd60047e5d29eca12cfde11ae

SHA256
fd4932126aec2f1b1e9c31e40d55f66542c458eea6f3f8d14d02dfe9c2fbf471

SHA512
6053dabdf55bde584abfdad81451c37c1001eaa53efaa193486b4f6d868a0545e4fa2b0be9a765365b26b3997143bda53d0bff3d02af19505d08bd84a7c6c40e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe

Filesize
184KB

MD5
92cc68f7c932f842751deb6c1ea19aa1

SHA1
851450841d2a58ca46b6b6b99e15508b909c191f

SHA256
c546747b48c3fd48021cb4d08cf8d85755932dd246eae90b7f58adff82263134

SHA512
d6c915c758325220c96b4110a176547e7558b6a76f56d2d21e8bccd750f0301980a9b20adfd457b19cbcc18d14c3b2a23745a69b355f9d656f7a98944beae1f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe

Filesize
184KB

MD5
7f97b73fdb55efe50f40a4b042945f4b

SHA1
ebcea2fc5725c760341f6d67c7d9ae21cf89506b

SHA256
5558e3437dcecfb6860e73d47910c187156c085a17970d09b894b8fc1203f0b4

SHA512
6f798568ba1581fba6f67d87ba49df08ec861cad5aad5ad6bdf6ebae10b99e464de5c0acb97f4807ea88c5406b5e06a140c83bbfe03da0a519acdf6d00c790fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe

Filesize
184KB

MD5
89eb26da84fdb5ce51a8ea63b84d972a

SHA1
ac053aa6b3e7eb4a7fe529919452a48499c1426e

SHA256
a2ad08647f64700d589a454748b1c7cf033d5f9e757090599a3fa1d8bbb67e36

SHA512
4238adeaf9533eed629b5752a7ae816bcea478d32e280d6be8f1a810388e0113af7ab3675e8ab42f6eac42c7bbc14f5e684d00f6ba973376e5cf0b58f5aefe78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe

Filesize
184KB

MD5
d0eabf8046b2664caf6f1de13315af9e

SHA1
6f983ff3e75f833965156932ddfdc6d123a55fb0

SHA256
3f9e4914ed2a4f07cf07d561e4a76fae5291ef0b2e93d802ef500b27f4889f32

SHA512
a5e9560e30db337b398b188886853246159fbe1fc12aea0e1880a25cb3441e224f7804b478ab113e6be71250a2cacc29eb9a04a877bc6a7b8292d3dab29f7914

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe

Filesize
184KB

MD5
97eeddb763432bf2af39e019c71fb451

SHA1
185d4617a5115f77874440b3b305a276214599c3

SHA256
2bddc805cbd9f0d6892ded13ff54237d7d308e6f50add759df226ed99eca399c

SHA512
1d014b99ec67ffa259af71a8bfd0bbb5d11672e1f5815efe2ba1b8cc2a2c4ab6074354d5bdff5ac89f3c241855b3b69fb6c759171a1d73d58bc953e112eb86ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe

Filesize
184KB

MD5
9230382206db903eaa3919edaa9cbe5f

SHA1
4ab5b0ea0b3c1d9e3ce2fe31b4aece004b7464b1

SHA256
5c5c375d4ab089f95380493f38b2d779bee2b67c05670c380383076a4004397f

SHA512
8ce3dd838a9ddddd275005fa738301d8e13e1d57c299d8d868334d5d1754592eb7c539d72b551b4f8aebea1445c2fcf499d399fc3545fd07423d9773da9dcdff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe

Filesize
184KB

MD5
19f897ab60bbef86e851976cbbb949b4

SHA1
4eb52c102cd5fb44a5c6a2c321be1b4a66da1f3a

SHA256
0e74c5cae41fb05da2defdd42363a844606dd7703050823b06bac7ce294f2f1b

SHA512
106f2d9cb52b75993662ba0bbbd346275c67ab0f2c1898a68f1d6915d182c14c9e1de6dbe807933c2943d0697e97626cfc98c5ae9f76a0caed7b2301e046c44e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe

Filesize
184KB

MD5
d4f28188beb155c18cb98784d7e4c6c3

SHA1
92f892a8ebd4b3dbc7336cf320e7242d96a846fd

SHA256
02ec195f11c37177f7d1cfb4c349a27c4760844d72d25e1ed6449409c8562d06

SHA512
78e4bf6429e50699d3d86046d5d7e4184b1435d6f3a3e578af51234becc85e7b726c35ef9de547c9475cdf422b575e7338335e51e43ddb84ef135f9b129309bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe

Filesize
184KB

MD5
f6805399285a89a8696fd1ee048e4704

SHA1
e7fe3d1c4aed5b217381acbd412e2a606dec4f0c

SHA256
2539260fe04def8e5ad5c1f0b75b891900ac00344d8f4e2abcde7bb3a4f0b353

SHA512
5e6346d9b44fba5ee063bc222ba69d3add293954e82838ff58c8eea16e5850b89813ece5740bae058347c0b6e3ceedf7afd2624eae804d612a56cc2a4d493ee1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe

Filesize
184KB

MD5
3a35f2b89cd3dcedcea4663abfeebbbb

SHA1
b657ad9e46e1903cb54827bc756bd51bb889e378

SHA256
e5caff58d865656e3337e409e39d3738f738ab9f6468c3ed11a6179df0548ba7

SHA512
4780f395921697cf32dc17ef4d0e3d196cd76b502c6d8d4bf4acc6ee5c1e85d2b6bf3c6f96d6107c44501ae3a0792fdb38c88e2b0fae877b41f9ea4e93eac083

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-820.exe

Filesize
184KB

MD5
f73736abcf3cf5d8d590d354402a90ac

SHA1
33b4ada82fa7cd25b6ff54a9cb913b57023185af

SHA256
72507b2d36d6116e33f26138acaf11f54ba41bff4f16e388f1e4b17faa74413e

SHA512
2a1e0fb3436aa2151cb79545913fa883f40bf87020a784b33ff99cd7b523ce59cf018eb3b961d6106fa4ecb05693d857b469c2143ade6793bd22c9239ff32025

Download Submit