64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
Size

184KB
MD5

356ac72349e5190db126fbcd58aee528
SHA1

951b00ce7463bd8d5c83271b0246eaa8f48387fd
SHA256

64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935
SHA512

e7381589ea7402dc99bdefd21ccac2f6a771436bf201c6d0e7ca2160e50a0d50320457cee3d2313ca6b37568c924d428700819b1feb29e3a5df9168bce2896ad
SSDEEP

3072:l+Inl8ofgRS9djnW27wDtg4hlnPiFFn3:l+hoHLjnyxg4hlnPiFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-9897.exeUnicorn-13550.exeUnicorn-33416.exeUnicorn-35637.exeUnicorn-46498.exeUnicorn-31553.exeUnicorn-2855.exeUnicorn-64308.exeUnicorn-44443.exeUnicorn-60224.exeUnicorn-40358.exeUnicorn-23118.exeUnicorn-33978.exeUnicorn-19034.exeUnicorn-49760.exeUnicorn-29894.exeUnicorn-10865.exeUnicorn-41592.exeUnicorn-21726.exeUnicorn-25339.exeUnicorn-32115.exeUnicorn-23201.exeUnicorn-23201.exeUnicorn-53927.exeUnicorn-29977.exeUnicorn-29977.exeUnicorn-49843.exeUnicorn-60704.exeUnicorn-10756.exeUnicorn-6672.exeUnicorn-52344.exeUnicorn-49049.exeUnicorn-46589.exeUnicorn-27368.exeUnicorn-27176.exeUnicorn-33952.exeUnicorn-10839.exeUnicorn-33398.exeUnicorn-64124.exeUnicorn-29890.exeUnicorn-10024.exeUnicorn-40750.exeUnicorn-56532.exeUnicorn-5940.exeUnicorn-56532.exeUnicorn-32582.exeUnicorn-17638.exeUnicorn-17638.exeUnicorn-59225.exeUnicorn-51078.exeUnicorn-61939.exeUnicorn-46994.exeUnicorn-42910.exeUnicorn-53771.exeUnicorn-20160.exeUnicorn-61747.exeUnicorn-11991.exeUnicorn-34550.exeUnicorn-14684.exeUnicorn-57684.exeUnicorn-3008.exeUnicorn-30850.exeUnicorn-61576.exeUnicorn-61576.exe

pid	process
2312	Unicorn-9897.exe
3044	Unicorn-13550.exe
2592	Unicorn-33416.exe
2784	Unicorn-35637.exe
2488	Unicorn-46498.exe
2472	Unicorn-31553.exe
1020	Unicorn-2855.exe
2520	Unicorn-64308.exe
1536	Unicorn-44443.exe
2384	Unicorn-60224.exe
804	Unicorn-40358.exe
1528	Unicorn-23118.exe
2900	Unicorn-33978.exe
2640	Unicorn-19034.exe
2184	Unicorn-49760.exe
2232	Unicorn-29894.exe
2228	Unicorn-10865.exe
1648	Unicorn-41592.exe
1660	Unicorn-21726.exe
2084	Unicorn-25339.exe
1688	Unicorn-32115.exe
956	Unicorn-23201.exe
1292	Unicorn-23201.exe
812	Unicorn-53927.exe
900	Unicorn-29977.exe
748	Unicorn-29977.exe
928	Unicorn-49843.exe
2860	Unicorn-60704.exe
1708	Unicorn-10756.exe
992	Unicorn-6672.exe
780	Unicorn-52344.exe
2664	Unicorn-49049.exe
2616	Unicorn-46589.exe
2772	Unicorn-27368.exe
2500	Unicorn-27176.exe
2512	Unicorn-33952.exe
2460	Unicorn-10839.exe
2192	Unicorn-33398.exe
108	Unicorn-64124.exe
2380	Unicorn-29890.exe
2436	Unicorn-10024.exe
2692	Unicorn-40750.exe
348	Unicorn-56532.exe
1544	Unicorn-5940.exe
2360	Unicorn-56532.exe
1868	Unicorn-32582.exe
2268	Unicorn-17638.exe
1892	Unicorn-17638.exe
1860	Unicorn-59225.exe
2280	Unicorn-51078.exe
2216	Unicorn-61939.exe
912	Unicorn-46994.exe
300	Unicorn-42910.exe
608	Unicorn-53771.exe
2008	Unicorn-20160.exe
2260	Unicorn-61747.exe
2796	Unicorn-11991.exe
2892	Unicorn-34550.exe
2128	Unicorn-14684.exe
3032	Unicorn-57684.exe
2612	Unicorn-3008.exe
2764	Unicorn-30850.exe
2492	Unicorn-61576.exe
1984	Unicorn-61576.exe

Loads dropped DLL 64 IoCs

Processes:

64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exeUnicorn-9897.exeUnicorn-33416.exeUnicorn-13550.exeWerFault.exeUnicorn-35637.exeUnicorn-46498.exeUnicorn-31553.exeWerFault.exeWerFault.exeUnicorn-2855.exeUnicorn-64308.exeUnicorn-44443.exeUnicorn-40358.exeUnicorn-60224.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
2312	Unicorn-9897.exe
3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
2312	Unicorn-9897.exe
2592	Unicorn-33416.exe
2592	Unicorn-33416.exe
2312	Unicorn-9897.exe
2312	Unicorn-9897.exe
3044	Unicorn-13550.exe
3044	Unicorn-13550.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2784	Unicorn-35637.exe
2784	Unicorn-35637.exe
2592	Unicorn-33416.exe
2488	Unicorn-46498.exe
2488	Unicorn-46498.exe
2592	Unicorn-33416.exe
2472	Unicorn-31553.exe
2472	Unicorn-31553.exe
3044	Unicorn-13550.exe
3044	Unicorn-13550.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
1664	WerFault.exe
1600	WerFault.exe
1020	Unicorn-2855.exe
1020	Unicorn-2855.exe
2784	Unicorn-35637.exe
2520	Unicorn-64308.exe
2784	Unicorn-35637.exe
2520	Unicorn-64308.exe
1536	Unicorn-44443.exe
2488	Unicorn-46498.exe
1536	Unicorn-44443.exe
2488	Unicorn-46498.exe
804	Unicorn-40358.exe
804	Unicorn-40358.exe
2472	Unicorn-31553.exe
2384	Unicorn-60224.exe
2472	Unicorn-31553.exe
2384	Unicorn-60224.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
1640	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2468	3012	WerFault.exe	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
2908	2312	WerFault.exe	Unicorn-9897.exe
1664	2592	WerFault.exe	Unicorn-33416.exe
1600	3044	WerFault.exe	Unicorn-13550.exe
2136	2784	WerFault.exe	Unicorn-35637.exe
2276	2488	WerFault.exe	Unicorn-46498.exe
1640	2472	WerFault.exe	Unicorn-31553.exe
2864	2900	WerFault.exe	Unicorn-33978.exe
1504	1020	WerFault.exe	Unicorn-2855.exe
1912	2520	WerFault.exe	Unicorn-64308.exe
3028	1536	WerFault.exe	Unicorn-44443.exe
2108	804	WerFault.exe	Unicorn-40358.exe
2172	2384	WerFault.exe	Unicorn-60224.exe
1200	1528	WerFault.exe	Unicorn-23118.exe
476	2640	WerFault.exe	Unicorn-19034.exe
980	2228	WerFault.exe	Unicorn-10865.exe
1720	1648	WerFault.exe	Unicorn-41592.exe
1712	2232	WerFault.exe	Unicorn-29894.exe
2144	1660	WerFault.exe	Unicorn-21726.exe
1016	2184	WerFault.exe	Unicorn-49760.exe
576	2084	WerFault.exe	Unicorn-25339.exe
2440	1688	WerFault.exe	Unicorn-32115.exe
3040	956	WerFault.exe	Unicorn-23201.exe
1480	900	WerFault.exe	Unicorn-29977.exe
2740	992	WerFault.exe	Unicorn-6672.exe
2396	812	WerFault.exe	Unicorn-53927.exe
1772	1292	WerFault.exe	Unicorn-23201.exe
1836	748	WerFault.exe	Unicorn-29977.exe
752	1708	WerFault.exe	Unicorn-10756.exe
2160	2860	WerFault.exe	Unicorn-60704.exe
1672	780	WerFault.exe	Unicorn-52344.exe
2808	928	WerFault.exe	Unicorn-49843.exe
2364	2664	WerFault.exe	Unicorn-49049.exe
3244	2772	WerFault.exe	Unicorn-27368.exe
3252	2460	WerFault.exe	Unicorn-10839.exe
3336	2500	WerFault.exe	Unicorn-27176.exe
3364	1892	WerFault.exe	Unicorn-17638.exe
3372	2268	WerFault.exe	Unicorn-17638.exe
3380	2512	WerFault.exe	Unicorn-33952.exe
3412	2692	WerFault.exe	Unicorn-40750.exe
3460	1868	WerFault.exe	Unicorn-32582.exe
3476	108	WerFault.exe	Unicorn-64124.exe
3492	348	WerFault.exe	Unicorn-56532.exe
3604	2436	WerFault.exe	Unicorn-10024.exe
3640	1544	WerFault.exe	Unicorn-5940.exe
3648	2360	WerFault.exe	Unicorn-56532.exe
3708	2616	WerFault.exe	Unicorn-46589.exe
3720	2192	WerFault.exe	Unicorn-33398.exe
3748	1860	WerFault.exe	Unicorn-59225.exe
3860	300	WerFault.exe	Unicorn-42910.exe
3880	912	WerFault.exe	Unicorn-46994.exe
3920	2872	WerFault.exe	Unicorn-65359.exe
4000	2008	WerFault.exe	Unicorn-20160.exe
4008	2796	WerFault.exe	Unicorn-11991.exe
4024	2260	WerFault.exe	Unicorn-61747.exe
3128	2128	WerFault.exe	Unicorn-14684.exe
3156	3032	WerFault.exe	Unicorn-57684.exe
3260	2892	WerFault.exe	Unicorn-34550.exe
3280	2612	WerFault.exe	Unicorn-3008.exe
3396	2380	WerFault.exe	Unicorn-29890.exe
3840	2280	WerFault.exe	Unicorn-51078.exe
3956	1548	WerFault.exe	Unicorn-13122.exe
3988	2724	WerFault.exe	Unicorn-64269.exe
3996	2252	WerFault.exe	Unicorn-33542.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exeUnicorn-9897.exeUnicorn-13550.exeUnicorn-33416.exeUnicorn-35637.exeUnicorn-46498.exeUnicorn-31553.exeUnicorn-2855.exeUnicorn-64308.exeUnicorn-44443.exeUnicorn-40358.exeUnicorn-60224.exeUnicorn-23118.exeUnicorn-19034.exeUnicorn-33978.exeUnicorn-29894.exeUnicorn-49760.exeUnicorn-10865.exeUnicorn-41592.exeUnicorn-21726.exeUnicorn-25339.exeUnicorn-32115.exeUnicorn-23201.exeUnicorn-53927.exeUnicorn-23201.exeUnicorn-29977.exeUnicorn-29977.exeUnicorn-49843.exeUnicorn-10756.exeUnicorn-60704.exeUnicorn-52344.exeUnicorn-6672.exeUnicorn-49049.exeUnicorn-46589.exeUnicorn-27368.exeUnicorn-27176.exeUnicorn-33952.exeUnicorn-10839.exeUnicorn-33398.exeUnicorn-64124.exeUnicorn-29890.exeUnicorn-40750.exeUnicorn-10024.exeUnicorn-32582.exeUnicorn-56532.exeUnicorn-5940.exeUnicorn-17638.exeUnicorn-56532.exeUnicorn-17638.exeUnicorn-59225.exeUnicorn-51078.exeUnicorn-61939.exeUnicorn-46994.exeUnicorn-42910.exeUnicorn-53771.exeUnicorn-20160.exeUnicorn-61747.exeUnicorn-11991.exeUnicorn-14684.exeUnicorn-34550.exeUnicorn-57684.exeUnicorn-3008.exeUnicorn-30850.exeUnicorn-61576.exe

pid	process
3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
2312	Unicorn-9897.exe
3044	Unicorn-13550.exe
2592	Unicorn-33416.exe
2784	Unicorn-35637.exe
2488	Unicorn-46498.exe
2472	Unicorn-31553.exe
1020	Unicorn-2855.exe
2520	Unicorn-64308.exe
1536	Unicorn-44443.exe
804	Unicorn-40358.exe
2384	Unicorn-60224.exe
1528	Unicorn-23118.exe
2640	Unicorn-19034.exe
2900	Unicorn-33978.exe
2232	Unicorn-29894.exe
2184	Unicorn-49760.exe
2228	Unicorn-10865.exe
1648	Unicorn-41592.exe
1660	Unicorn-21726.exe
2084	Unicorn-25339.exe
1688	Unicorn-32115.exe
956	Unicorn-23201.exe
812	Unicorn-53927.exe
1292	Unicorn-23201.exe
900	Unicorn-29977.exe
748	Unicorn-29977.exe
928	Unicorn-49843.exe
1708	Unicorn-10756.exe
2860	Unicorn-60704.exe
780	Unicorn-52344.exe
992	Unicorn-6672.exe
2664	Unicorn-49049.exe
2616	Unicorn-46589.exe
2772	Unicorn-27368.exe
2500	Unicorn-27176.exe
2512	Unicorn-33952.exe
2460	Unicorn-10839.exe
2192	Unicorn-33398.exe
108	Unicorn-64124.exe
2380	Unicorn-29890.exe
2692	Unicorn-40750.exe
2436	Unicorn-10024.exe
1868	Unicorn-32582.exe
348	Unicorn-56532.exe
1544	Unicorn-5940.exe
2268	Unicorn-17638.exe
2360	Unicorn-56532.exe
1892	Unicorn-17638.exe
1860	Unicorn-59225.exe
2280	Unicorn-51078.exe
2216	Unicorn-61939.exe
912	Unicorn-46994.exe
300	Unicorn-42910.exe
608	Unicorn-53771.exe
2008	Unicorn-20160.exe
2260	Unicorn-61747.exe
2796	Unicorn-11991.exe
2128	Unicorn-14684.exe
2892	Unicorn-34550.exe
3032	Unicorn-57684.exe
2612	Unicorn-3008.exe
2764	Unicorn-30850.exe
2492	Unicorn-61576.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exeUnicorn-9897.exeUnicorn-33416.exeUnicorn-13550.exeUnicorn-35637.exeUnicorn-46498.exeUnicorn-31553.exeUnicorn-2855.exe

description	pid	process	target process
PID 3012 wrote to memory of 2312	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-9897.exe
PID 3012 wrote to memory of 2312	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-9897.exe
PID 3012 wrote to memory of 2312	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-9897.exe
PID 3012 wrote to memory of 2312	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-9897.exe
PID 3012 wrote to memory of 3044	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-13550.exe
PID 3012 wrote to memory of 3044	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-13550.exe
PID 3012 wrote to memory of 3044	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-13550.exe
PID 3012 wrote to memory of 3044	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	Unicorn-13550.exe
PID 2312 wrote to memory of 2592	2312	Unicorn-9897.exe	Unicorn-33416.exe
PID 2312 wrote to memory of 2592	2312	Unicorn-9897.exe	Unicorn-33416.exe
PID 2312 wrote to memory of 2592	2312	Unicorn-9897.exe	Unicorn-33416.exe
PID 2312 wrote to memory of 2592	2312	Unicorn-9897.exe	Unicorn-33416.exe
PID 3012 wrote to memory of 2468	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	WerFault.exe
PID 3012 wrote to memory of 2468	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	WerFault.exe
PID 3012 wrote to memory of 2468	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	WerFault.exe
PID 3012 wrote to memory of 2468	3012	64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe	WerFault.exe
PID 2592 wrote to memory of 2784	2592	Unicorn-33416.exe	Unicorn-35637.exe
PID 2592 wrote to memory of 2784	2592	Unicorn-33416.exe	Unicorn-35637.exe
PID 2592 wrote to memory of 2784	2592	Unicorn-33416.exe	Unicorn-35637.exe
PID 2592 wrote to memory of 2784	2592	Unicorn-33416.exe	Unicorn-35637.exe
PID 2312 wrote to memory of 2488	2312	Unicorn-9897.exe	Unicorn-46498.exe
PID 2312 wrote to memory of 2488	2312	Unicorn-9897.exe	Unicorn-46498.exe
PID 2312 wrote to memory of 2488	2312	Unicorn-9897.exe	Unicorn-46498.exe
PID 2312 wrote to memory of 2488	2312	Unicorn-9897.exe	Unicorn-46498.exe
PID 3044 wrote to memory of 2472	3044	Unicorn-13550.exe	Unicorn-31553.exe
PID 3044 wrote to memory of 2472	3044	Unicorn-13550.exe	Unicorn-31553.exe
PID 3044 wrote to memory of 2472	3044	Unicorn-13550.exe	Unicorn-31553.exe
PID 3044 wrote to memory of 2472	3044	Unicorn-13550.exe	Unicorn-31553.exe
PID 2312 wrote to memory of 2908	2312	Unicorn-9897.exe	WerFault.exe
PID 2312 wrote to memory of 2908	2312	Unicorn-9897.exe	WerFault.exe
PID 2312 wrote to memory of 2908	2312	Unicorn-9897.exe	WerFault.exe
PID 2312 wrote to memory of 2908	2312	Unicorn-9897.exe	WerFault.exe
PID 2784 wrote to memory of 1020	2784	Unicorn-35637.exe	Unicorn-2855.exe
PID 2784 wrote to memory of 1020	2784	Unicorn-35637.exe	Unicorn-2855.exe
PID 2784 wrote to memory of 1020	2784	Unicorn-35637.exe	Unicorn-2855.exe
PID 2784 wrote to memory of 1020	2784	Unicorn-35637.exe	Unicorn-2855.exe
PID 2488 wrote to memory of 2520	2488	Unicorn-46498.exe	Unicorn-64308.exe
PID 2488 wrote to memory of 2520	2488	Unicorn-46498.exe	Unicorn-64308.exe
PID 2488 wrote to memory of 2520	2488	Unicorn-46498.exe	Unicorn-64308.exe
PID 2488 wrote to memory of 2520	2488	Unicorn-46498.exe	Unicorn-64308.exe
PID 2592 wrote to memory of 1536	2592	Unicorn-33416.exe	Unicorn-44443.exe
PID 2592 wrote to memory of 1536	2592	Unicorn-33416.exe	Unicorn-44443.exe
PID 2592 wrote to memory of 1536	2592	Unicorn-33416.exe	Unicorn-44443.exe
PID 2592 wrote to memory of 1536	2592	Unicorn-33416.exe	Unicorn-44443.exe
PID 2472 wrote to memory of 2384	2472	Unicorn-31553.exe	Unicorn-60224.exe
PID 2472 wrote to memory of 2384	2472	Unicorn-31553.exe	Unicorn-60224.exe
PID 2472 wrote to memory of 2384	2472	Unicorn-31553.exe	Unicorn-60224.exe
PID 2472 wrote to memory of 2384	2472	Unicorn-31553.exe	Unicorn-60224.exe
PID 3044 wrote to memory of 804	3044	Unicorn-13550.exe	Unicorn-40358.exe
PID 3044 wrote to memory of 804	3044	Unicorn-13550.exe	Unicorn-40358.exe
PID 3044 wrote to memory of 804	3044	Unicorn-13550.exe	Unicorn-40358.exe
PID 3044 wrote to memory of 804	3044	Unicorn-13550.exe	Unicorn-40358.exe
PID 2592 wrote to memory of 1664	2592	Unicorn-33416.exe	WerFault.exe
PID 2592 wrote to memory of 1664	2592	Unicorn-33416.exe	WerFault.exe
PID 2592 wrote to memory of 1664	2592	Unicorn-33416.exe	WerFault.exe
PID 2592 wrote to memory of 1664	2592	Unicorn-33416.exe	WerFault.exe
PID 3044 wrote to memory of 1600	3044	Unicorn-13550.exe	WerFault.exe
PID 3044 wrote to memory of 1600	3044	Unicorn-13550.exe	WerFault.exe
PID 3044 wrote to memory of 1600	3044	Unicorn-13550.exe	WerFault.exe
PID 3044 wrote to memory of 1600	3044	Unicorn-13550.exe	WerFault.exe
PID 1020 wrote to memory of 1528	1020	Unicorn-2855.exe	Unicorn-23118.exe
PID 1020 wrote to memory of 1528	1020	Unicorn-2855.exe	Unicorn-23118.exe
PID 1020 wrote to memory of 1528	1020	Unicorn-2855.exe	Unicorn-23118.exe
PID 1020 wrote to memory of 1528	1020	Unicorn-2855.exe	Unicorn-23118.exe

C:\Users\Admin\AppData\Local\Temp\64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe
"C:\Users\Admin\AppData\Local\Temp\64deef26ddee8d9fdc6286747dc1db88b23fba5aba864ef5c472d6f0ce666935.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-25339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25339.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
10⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
11⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
12⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
13⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
14⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
15⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
16⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
17⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11096 -s 216
17⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
16⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 220
15⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
14⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
13⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 216
12⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
11⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
10⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
11⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
12⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
13⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
14⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
15⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
16⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
16⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
15⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
14⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
12⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
11⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
10⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
9⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
10⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
11⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
12⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
13⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
14⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
15⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
16⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
16⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 236
15⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
13⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
12⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
11⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
10⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
9⤵
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
9⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
11⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
12⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
13⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
14⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
15⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
16⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
16⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
15⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
14⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
13⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
12⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
11⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
11⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
12⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
13⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
14⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
15⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
15⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 236
14⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
13⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
14⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 236
14⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 240
13⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
12⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
9⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
8⤵
- Program crash
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
9⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
11⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
12⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
13⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
14⤵
PID:11752

C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
15⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 236
14⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
13⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
12⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
11⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
10⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
9⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
8⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
11⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
12⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
13⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
14⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
14⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
12⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
11⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
10⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
9⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
- Program crash
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
- Program crash
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
9⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 220
10⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
9⤵
- Program crash
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
8⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
11⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
12⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
13⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
14⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 236
14⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 236
13⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
12⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
11⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
9⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
8⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
8⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
10⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
11⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
12⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
13⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
14⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
14⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
13⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
11⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
10⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
11⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
12⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
13⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 216
13⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
12⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 236
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
10⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 220
8⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
6⤵
- Program crash
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 244
6⤵
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
9⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
11⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
12⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
13⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
14⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
15⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
15⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
14⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 220
13⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
12⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
11⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
10⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
11⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
12⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-41847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41847.exe
13⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
14⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
14⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
12⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 236
11⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
10⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
8⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
12⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
13⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
14⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 216
14⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
13⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
12⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 220
8⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
7⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
8⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
11⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
12⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
13⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-4094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4094.exe
14⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 220
14⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
11⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 216
9⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
8⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
7⤵
- Program crash
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
8⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-42194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42194.exe
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
11⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
12⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
13⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
14⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
14⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 236
13⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
12⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 236
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
9⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
8⤵
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
7⤵
- Program crash
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
6⤵
- Program crash
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
11⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
12⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
13⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
13⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
7⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
6⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
7⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
10⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
11⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
12⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
13⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
13⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
11⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
8⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
7⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 220
6⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
5⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
8⤵
- Executes dropped EXE
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
9⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
12⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
13⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
14⤵
PID:11692

C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
15⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
14⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
13⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
11⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
10⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1872.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
11⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
12⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
13⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
12⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 220
8⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
7⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
8⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
12⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
13⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
14⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 236
14⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
13⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 204
12⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
9⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
8⤵
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
7⤵
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
7⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
10⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
12⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-28500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28500.exe
13⤵
PID:11336

C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
14⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11336 -s 216
14⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
12⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
7⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
11⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
12⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
13⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 216
13⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
12⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
10⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
8⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
- Program crash
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
6⤵
- Program crash
PID:476

C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
8⤵
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
9⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
7⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
10⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
11⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
12⤵
PID:11524

C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
13⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
12⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
8⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
7⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
7⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-42194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42194.exe
9⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
10⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
12⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
13⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 236
13⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 236
12⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
11⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
10⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
8⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
7⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
6⤵
- Program crash
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
5⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
7⤵
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
11⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
12⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
13⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 236
13⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
12⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
10⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 236
8⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
7⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
6⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
7⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
8⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
10⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
11⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
12⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
13⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
11⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
10⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 216
8⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
7⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
6⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
6⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
7⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
9⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
10⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
12⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
13⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
13⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
12⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 236
11⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 236
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 216
8⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
7⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
6⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
7⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
8⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
9⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
11⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
12⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 216
12⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
10⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
8⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
7⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
6⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
5⤵
- Program crash
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
9⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
11⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
12⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
13⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
14⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
15⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 220
15⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
14⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
13⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 236
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
11⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 216
10⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
9⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
8⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
11⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
12⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
13⤵
PID:11928

C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
14⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
13⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 236
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
9⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
7⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
7⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
8⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
10⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
11⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
12⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
13⤵
PID:11624

C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
14⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
13⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 220
12⤵
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
11⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
9⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
7⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
10⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
11⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
12⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
13⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
8⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
7⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
7⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
10⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
11⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
12⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 300
13⤵
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 236
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
11⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
8⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
7⤵
- Program crash
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
6⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
5⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
7⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
8⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-13740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13740.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
11⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
12⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
13⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
14⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 216
14⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
13⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 220
12⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
9⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
7⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
8⤵
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 220
9⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
8⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
7⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
6⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
7⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
8⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
9⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
10⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
11⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
12⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
12⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 236
11⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
10⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
8⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
7⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 220
6⤵
- Program crash
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
6⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
9⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
10⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
11⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
12⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
12⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
11⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
10⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
9⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
7⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
6⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
8⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
9⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
10⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60980.exe
11⤵
PID:11464

C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
12⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11464 -s 216
12⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
11⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
10⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
7⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
6⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
5⤵
- Program crash
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
8⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
11⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
12⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
13⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
14⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 220
14⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
12⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
9⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
8⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
7⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
10⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
12⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
13⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
11⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
10⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 216
8⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
7⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
10⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-38863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38863.exe
11⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-50970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50970.exe
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
12⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
11⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
9⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
8⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
7⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
6⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
7⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
7⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
6⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
8⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
9⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
10⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
11⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
12⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 220
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 220
10⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
9⤵
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
8⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
7⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
6⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
5⤵
- Program crash
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
9⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
11⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
13⤵
PID:860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
11⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
8⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
9⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
10⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
12⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
11⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 220
10⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
8⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
6⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
7⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
8⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
9⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
10⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
11⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
12⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
12⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 220
10⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
9⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
8⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
7⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 220
6⤵
- Program crash
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
5⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
6⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
7⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
8⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
9⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 188
10⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
9⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
8⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
7⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
6⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 220
5⤵
- Program crash
PID:1836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
4⤵
- Program crash
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
2⤵
- Program crash
PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe

Filesize
184KB

MD5
7781c9e9ee18a70656570d28074c31a9

SHA1
eb994d310d65dfb130a44b6d5aa2a8d08c1017bb

SHA256
b2f1a9bc6979c5d5f73df6f3e10aaff4df4396f9b4eb16b1440355e7ea541958

SHA512
782d3f2f183d9544009693a44f2596e342722a6fee5d96aaea88d147a0d259ca92153e18f51cf7a2f0862c281e0db3ba8fe60794a8b5b2d99d2691e0c64adae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe

Filesize
184KB

MD5
853506e1d43a0575ec1f2fb281980e53

SHA1
a8f5c07bb5689e662f2fa6bddce79d1c53bc0c35

SHA256
cd995462f3145a5545fe8cd965e5a61dfc0e736e8c25e47d8e674054ceab5248

SHA512
cbee5f20ab7976a6b97008de6a2ef100e2ca2718b80760e1a294c9ebb1b2404f163aa28075a7d66f3bcc138ca2fb1555cc3ecdab78b7488d9dbc3355337f4f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe

Filesize
184KB

MD5
517f40ade8f665bc90c1627755fc608e

SHA1
46e7d0bdfed0ab841069e2ee46965fa27471349e

SHA256
876b0ccfcfe6a7b19c3b279b4c4d71e577aadf4dd57bb29b5729403b563a79df

SHA512
b4e3985a745e9891530d5f19bb30c0fd3b3e409c160009e2ade1aa3e223a61c356788dc1c3ea4499c90d4ed74f54263fc9e2553d2813250ad10eca451bcac816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe

Filesize
184KB

MD5
d342ddadf73989a40dc3445e122a0410

SHA1
c7e060d69f210ca7a0fcc84b20d8691e58ac4ca1

SHA256
b15afe1711cd60ab81e927a2a5ea024238d0fe31cc0397ec30871f4db75512dc

SHA512
d354ff87e3231e04f6e83e106ffe4c67bbae813d59b38c8788c96c42fcdef37b42d19bea25b74b441b92a92edc951c4cb28b93346982e17dad8d9a247a561047

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe

Filesize
184KB

MD5
a67b6592179290a6709ee3719d869819

SHA1
0a4d42527abb56243b13ab772f71a6914f3020b3

SHA256
dd1ec9516fef63894b39cd4a5284220044de487ed9e973f242256c30e9c39763

SHA512
5b8c30a717d3f0ae45da169d789fb00ee30f02b57e976139b2988d4d827ba0c29a7e38c8d2fe82a20046ac16b64061498e14473e8422e24c1c9ad56e7836e6e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe

Filesize
184KB

MD5
898f4a64db1ee8995250e83170b5b963

SHA1
204a24b675b3668a33d8219d4be93a53fb439a8d

SHA256
41b58e9991b50799d02188f02dd80bad490e59938f828d4f2ab2a57af5a9208b

SHA512
d3260eaeda717f9430a20a1c7218f4210638500408a58743fdea5f17d94c69552a556f5603a265a997c11c37a4c330b5753f9ac637d98e323646ca8229bb14bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe

Filesize
184KB

MD5
29d44d166244782cda775357a6252b34

SHA1
fb6a9006ac28e885c77da2cd87ff3bfd49ea81b2

SHA256
eaf65f376cfbb6b5519f8b865ca5b964e1762399af35824b77e53cb0919b9d50

SHA512
29354b8a3305404cca5f6b199db7dc0c7958635333ead7720b6c2c1466c86a5885f2fbf91547963f07c4e32a2fde98ec149b82b6361404b84292659c819d1495

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe

Filesize
184KB

MD5
fe3b8e59db699652b77af4f545bcb367

SHA1
c4c7d92a968c0d15670eec60a96ac096e88f876a

SHA256
effa06475c02a4324d3c688fdaf73b96fd9e6c666b49916ce2a15f75b252bd6f

SHA512
714e791ebc5db20925d7b39b44444310ad1f6ccd3d8b8f12178f91bf70c1c76299b501011d68a85290ffe4b4c2eebdbc51509c4f7d277333a23364187b479800

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe

Filesize
184KB

MD5
c5d67f646163aaf422fe7afa1593183d

SHA1
79249d6ed6193135ffd9a9e326c528263db95e4d

SHA256
272ce46d7ed177b852e977f7a96ff8269d322915b3bc0546169716e59a4766f5

SHA512
34a56aac2ed8e4db2c4cbe32345af41615255d0205cd53eec4721538f70550d8d75ba1c17fce09cf23a5d29f4dd923fc10d0e6691a827f0e41030021e1ee2fb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe

Filesize
184KB

MD5
a7dc03856f35f514c559c8f9054ef1f3

SHA1
d5dccf5eb3ac3e68eb76b915a87115e65e963152

SHA256
4528fd38a32d6c36310933473f8fcf83a12c460185d4fe3931f4954912b49ba1

SHA512
5af81cad8ce73c15dad867c11681143ce2e764fbcd8c98933f80df6ae09f1db33e443b799fce91e4ec1b55526898f85bddda1abd1e4d28fa92f37d823cff6695

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe

Filesize
184KB

MD5
360472eb5c8d0793a9df3721b8d2c566

SHA1
9142e83c60271ffa5931f1d42f84779876eac802

SHA256
806959d02db12b46260ddb9e72366e10b31c33b1fb5a2721b85adc5546747b10

SHA512
26173f356f66c9fe2656c44eca444a0e09097485d7c65cf1fdbcf0e26e5030fbe1795616e7bf154cb2aca0d094265221b9c0cde48e0cf62c10efeee10d2ef459

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe

Filesize
184KB

MD5
11cdb79fef639bc4c0f95ab97ac4e273

SHA1
9cfe2c3b22284f753a8b5de93f1f56a2b13a6065

SHA256
8cfc4923ac2a84d1d99f50a934bf941480160653747eb712079e196ef2768dae

SHA512
bc55a5e623f350ca22a7f51fa6ef0fe7fe033a908eba8892633df063615e1a077a3ff2eb6268b806e0acbe1829b709fc85c181d6d0f86b7506dfe75cff9fa1cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe

Filesize
184KB

MD5
42b39f22aedef4dbca3b83ec5522e8b9

SHA1
b87d6b10921b57dda76c8f65fb14fb4e90ada11f

SHA256
5a4807767c751d5f8d13880b9a226458728e9e9b3539c0e0716e6ad841d47dee

SHA512
12a5c34c1db17d01a1435cde5ede8d78335bd917276a00ce50680bcee0cd33a12f0a1b5e14bcaa88bc456511f65832bb0bbc179fed7faafecc0d5bf01433855a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe

Filesize
184KB

MD5
c84c285db2bbac89cd80a17a98f12651

SHA1
c31602cc1415038b95aff21c5366022804411b34

SHA256
e6391cebd0239d16221d98db6ae84633bbe515d89c0c26ebffd8cbc1d70a9382

SHA512
31749fa7f038c59706265405b9e11a4743788052372373b38415b868f705884d303b9cef5fbfb169a4bfca5a0094546c0503f4f4480b9ca91c63e1170ef88c02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe

Filesize
184KB

MD5
0ef4c6676f5556b79b81ba608ebcb6f1

SHA1
8e759ba6506e8f806f785975488eaff39b882f6a

SHA256
9703015111625eba4a07c2216e9137a4837479e4d108940d92ee853540c239cc

SHA512
082960ef425cda8ffa80ff3f7466819a1db0c305d6c3d9d0a9630a8acbbd8e16aa57952196e64356a0f208ce6fb44fe39f92f4f44ccc5c7b5492aac51466a8c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe

Filesize
184KB

MD5
0b29f1f04f77e72273fe705b06319338

SHA1
e510e892ecd2454037313fbd59dc36b606d7ad94

SHA256
b731624f74c8aedf14f82f3cbad3ca0ea866a56d5eeb8694e4f8fba0f8ff0c9a

SHA512
ce99f97325583068ea9d0db7b5199ecafe87ae6260a6c2c35a370b763c7dc1a7050f9a6210746abfcbb3736687c0478f427f996bf835108329f9421484d24ae2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe

Filesize
184KB

MD5
8e0dcdec967587db9952028c0b3e1967

SHA1
ea842bad2a11296acaeca2f0de57345b53401769

SHA256
9e7c1abecd4f7576af97dcd9c1d87f85a120a28c253c80bdc3f1fd00e856cd8d

SHA512
0816645ae74fcadfe22f8d748db33b8d5ef3ef1d80c1f0a82f6c1610d730e5ae22e619897c3304aabb2ad84d164adfc72533d8d5710965731c2c324408764553

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe

Filesize
184KB

MD5
ec1465c4eb99e3dcc22986826e7fc643

SHA1
1acfd376c3761ebed3eca6be31ad594e0c7ede2f

SHA256
e579c504db7a52ff4fdcb82b5ad68817e35995f2c15b4dcd6e5ec9bda5f5a786

SHA512
b6e750fe89d0386d876a1bd04e0954cf7c021144a167c5b096836066a6ae39662ea4269083ba8a827b016106f39e63a5b01fbfeaef9ba0618112bce998e1f706

Download Submit