6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
Size

184KB
MD5

1ccc52c449dc08e9486895c103a431f4
SHA1

396f8900eedbcdf92b873e12e339672ef0ce6141
SHA256

6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e
SHA512

4d1f350bb87543ae27321906d2246729588e14c23f8fad0bd219d251aba96f45fcea98b11e406a3b5023561f72acc004d23f4c8350b693cf6ccb2a88399e5fe2
SSDEEP

3072:HBcSrgolNpEsdCwYeCZLpxOPX2Y6lPfFH+qyO5GZU41hlnVOFknT:HBioKYCwaLPOPXMej9hlnVOFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-33617.exeUnicorn-32499.exeUnicorn-16717.exeUnicorn-49987.exeUnicorn-19261.exeUnicorn-64932.exeUnicorn-23620.exeUnicorn-7838.exeUnicorn-16006.exeUnicorn-31788.exeUnicorn-1061.exeUnicorn-15534.exeUnicorn-34563.exeUnicorn-58513.exeUnicorn-42731.exeUnicorn-40615.exeUnicorn-9888.exeUnicorn-55560.exeUnicorn-63749.exeUnicorn-13733.exeUnicorn-23293.exeUnicorn-7511.exeUnicorn-926.exeUnicorn-15871.exeUnicorn-35737.exeUnicorn-50682.exeUnicorn-5010.exeUnicorn-17310.exeUnicorn-32254.exeUnicorn-52120.exeUnicorn-44507.exeUnicorn-37730.exeUnicorn-52867.exeUnicorn-15363.exeUnicorn-50174.exeUnicorn-42560.exeUnicorn-8949.exeUnicorn-8949.exeUnicorn-58705.exeUnicorn-13033.exeUnicorn-47844.exeUnicorn-62789.exeUnicorn-29837.exeUnicorn-64647.exeUnicorn-52950.exeUnicorn-11362.exeUnicorn-61118.exeUnicorn-54341.exeUnicorn-27507.exeUnicorn-39759.exeUnicorn-39759.exeUnicorn-1419.exeUnicorn-25561.exeUnicorn-9779.exeUnicorn-3002.exeUnicorn-37813.exeUnicorn-22031.exeUnicorn-11170.exeUnicorn-45981.exeUnicorn-15254.exeUnicorn-50065.exeUnicorn-65010.exeUnicorn-54149.exeUnicorn-34283.exe

pid	process
2024	Unicorn-33617.exe
2968	Unicorn-32499.exe
3028	Unicorn-16717.exe
2620	Unicorn-49987.exe
2676	Unicorn-19261.exe
2524	Unicorn-64932.exe
2548	Unicorn-23620.exe
1392	Unicorn-7838.exe
2728	Unicorn-16006.exe
1652	Unicorn-31788.exe
1736	Unicorn-1061.exe
1168	Unicorn-15534.exe
1104	Unicorn-34563.exe
1332	Unicorn-58513.exe
2344	Unicorn-42731.exe
2324	Unicorn-40615.exe
2824	Unicorn-9888.exe
1976	Unicorn-55560.exe
404	Unicorn-63749.exe
1444	Unicorn-13733.exe
1556	Unicorn-23293.exe
768	Unicorn-7511.exe
2408	Unicorn-926.exe
940	Unicorn-15871.exe
1780	Unicorn-35737.exe
2172	Unicorn-50682.exe
1876	Unicorn-5010.exe
1608	Unicorn-17310.exe
2960	Unicorn-32254.exe
1884	Unicorn-52120.exe
2924	Unicorn-44507.exe
1996	Unicorn-37730.exe
2760	Unicorn-52867.exe
2780	Unicorn-15363.exe
2556	Unicorn-50174.exe
2504	Unicorn-42560.exe
2940	Unicorn-8949.exe
2980	Unicorn-8949.exe
1148	Unicorn-58705.exe
1680	Unicorn-13033.exe
848	Unicorn-47844.exe
2712	Unicorn-62789.exe
2160	Unicorn-29837.exe
2396	Unicorn-64647.exe
1280	Unicorn-52950.exe
2296	Unicorn-11362.exe
3040	Unicorn-61118.exe
2876	Unicorn-54341.exe
2464	Unicorn-27507.exe
3048	Unicorn-39759.exe
3044	Unicorn-39759.exe
1548	Unicorn-1419.exe
372	Unicorn-25561.exe
804	Unicorn-9779.exe
1576	Unicorn-3002.exe
352	Unicorn-37813.exe
1972	Unicorn-22031.exe
2364	Unicorn-11170.exe
2892	Unicorn-45981.exe
1660	Unicorn-15254.exe
2072	Unicorn-50065.exe
2644	Unicorn-65010.exe
2508	Unicorn-54149.exe
2752	Unicorn-34283.exe

Loads dropped DLL 64 IoCs

Processes:

6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exeUnicorn-33617.exeUnicorn-32499.exeUnicorn-16717.exeWerFault.exeUnicorn-49987.exeUnicorn-19261.exeUnicorn-64932.exeWerFault.exeWerFault.exeUnicorn-23620.exeUnicorn-7838.exeUnicorn-31788.exeUnicorn-16006.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
2024	Unicorn-33617.exe
2024	Unicorn-33617.exe
2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
2968	Unicorn-32499.exe
2968	Unicorn-32499.exe
2024	Unicorn-33617.exe
2024	Unicorn-33617.exe
3028	Unicorn-16717.exe
3028	Unicorn-16717.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2620	Unicorn-49987.exe
2620	Unicorn-49987.exe
2968	Unicorn-32499.exe
2968	Unicorn-32499.exe
3028	Unicorn-16717.exe
3028	Unicorn-16717.exe
2676	Unicorn-19261.exe
2676	Unicorn-19261.exe
2524	Unicorn-64932.exe
2524	Unicorn-64932.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
2224	WerFault.exe
1816	WerFault.exe
2548	Unicorn-23620.exe
2548	Unicorn-23620.exe
2620	Unicorn-49987.exe
2620	Unicorn-49987.exe
1392	Unicorn-7838.exe
1392	Unicorn-7838.exe
2676	Unicorn-19261.exe
2676	Unicorn-19261.exe
1652	Unicorn-31788.exe
1652	Unicorn-31788.exe
2524	Unicorn-64932.exe
2728	Unicorn-16006.exe
2524	Unicorn-64932.exe
2728	Unicorn-16006.exe
524	WerFault.exe
524	WerFault.exe
524	WerFault.exe
524	WerFault.exe
524	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1920	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2764	2060	WerFault.exe	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
2624	2024	WerFault.exe	Unicorn-33617.exe
2224	2968	WerFault.exe	Unicorn-32499.exe
1816	3028	WerFault.exe	Unicorn-16717.exe
524	2620	WerFault.exe	Unicorn-49987.exe
1636	2524	WerFault.exe	Unicorn-64932.exe
1920	2676	WerFault.exe	Unicorn-19261.exe
828	1104	WerFault.exe	Unicorn-34563.exe
1716	2548	WerFault.exe	Unicorn-23620.exe
2332	1392	WerFault.exe	Unicorn-7838.exe
2412	1652	WerFault.exe	Unicorn-31788.exe
1604	2728	WerFault.exe	Unicorn-16006.exe
2736	1168	WerFault.exe	Unicorn-15534.exe
1880	2344	WerFault.exe	Unicorn-42731.exe
1772	1332	WerFault.exe	Unicorn-58513.exe
2200	2324	WerFault.exe	Unicorn-40615.exe
480	2824	WerFault.exe	Unicorn-9888.exe
2392	1976	WerFault.exe	Unicorn-55560.exe
1988	404	WerFault.exe	Unicorn-63749.exe
1808	1444	WerFault.exe	Unicorn-13733.exe
2724	1556	WerFault.exe	Unicorn-23293.exe
1372	768	WerFault.exe	Unicorn-7511.exe
1868	2408	WerFault.exe	Unicorn-926.exe
296	940	WerFault.exe	Unicorn-15871.exe
896	1876	WerFault.exe	Unicorn-5010.exe
264	2172	WerFault.exe	Unicorn-50682.exe
1320	1780	WerFault.exe	Unicorn-35737.exe
1756	2752	WerFault.exe	Unicorn-34283.exe
2460	1884	WerFault.exe	Unicorn-52120.exe
1308	2960	WerFault.exe	Unicorn-32254.exe
2352	1608	WerFault.exe	Unicorn-17310.exe
2372	2760	WerFault.exe	Unicorn-52867.exe
3064	1996	WerFault.exe	Unicorn-37730.exe
2904	2556	WerFault.exe	Unicorn-50174.exe
2388	2780	WerFault.exe	Unicorn-15363.exe
2604	2504	WerFault.exe	Unicorn-42560.exe
2544	2924	WerFault.exe	Unicorn-44507.exe
2616	2940	WerFault.exe	Unicorn-8949.exe
2832	1148	WerFault.exe	Unicorn-58705.exe
316	848	WerFault.exe	Unicorn-47844.exe
860	2980	WerFault.exe	Unicorn-8949.exe
2300	1680	WerFault.exe	Unicorn-13033.exe
1328	2712	WerFault.exe	Unicorn-62789.exe
3644	1280	WerFault.exe	Unicorn-52950.exe
3724	2464	WerFault.exe	Unicorn-27507.exe
4036	372	WerFault.exe	Unicorn-25561.exe
4056	2364	WerFault.exe	Unicorn-11170.exe
3092	2508	WerFault.exe	Unicorn-54149.exe
3128	2160	WerFault.exe	Unicorn-29837.exe
3192	2396	WerFault.exe	Unicorn-64647.exe
3968	2296	WerFault.exe	Unicorn-11362.exe
4012	1548	WerFault.exe	Unicorn-1419.exe
3716	1084	WerFault.exe	Unicorn-29213.exe
3220	2380	WerFault.exe	Unicorn-40911.exe
3312	1620	WerFault.exe	Unicorn-51217.exe
3356	832	WerFault.exe	Unicorn-29235.exe
3512	352	WerFault.exe	Unicorn-37813.exe
3612	1972	WerFault.exe	Unicorn-22031.exe
3660	3048	WerFault.exe	Unicorn-39759.exe
3892	1660	WerFault.exe	Unicorn-15254.exe
3476	3044	WerFault.exe	Unicorn-39759.exe
3508	3040	WerFault.exe	Unicorn-61118.exe
3744	2080	WerFault.exe	Unicorn-7423.exe
3772	2756	WerFault.exe	Unicorn-49333.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exeUnicorn-33617.exeUnicorn-32499.exeUnicorn-16717.exeUnicorn-49987.exeUnicorn-64932.exeUnicorn-19261.exeUnicorn-23620.exeUnicorn-7838.exeUnicorn-31788.exeUnicorn-16006.exeUnicorn-15534.exeUnicorn-34563.exeUnicorn-58513.exeUnicorn-42731.exeUnicorn-40615.exeUnicorn-9888.exeUnicorn-55560.exeUnicorn-63749.exeUnicorn-13733.exeUnicorn-23293.exeUnicorn-7511.exeUnicorn-926.exeUnicorn-15871.exeUnicorn-35737.exeUnicorn-50682.exeUnicorn-5010.exeUnicorn-17310.exeUnicorn-32254.exeUnicorn-52120.exeUnicorn-44507.exeUnicorn-37730.exeUnicorn-52867.exeUnicorn-15363.exeUnicorn-50174.exeUnicorn-42560.exeUnicorn-8949.exeUnicorn-8949.exeUnicorn-58705.exeUnicorn-13033.exeUnicorn-47844.exeUnicorn-62789.exeUnicorn-29837.exeUnicorn-64647.exeUnicorn-52950.exeUnicorn-11362.exeUnicorn-61118.exeUnicorn-54341.exeUnicorn-27507.exeUnicorn-39759.exeUnicorn-39759.exeUnicorn-1419.exeUnicorn-25561.exeUnicorn-9779.exeUnicorn-3002.exeUnicorn-37813.exeUnicorn-22031.exeUnicorn-11170.exeUnicorn-45981.exeUnicorn-15254.exeUnicorn-50065.exeUnicorn-34283.exeUnicorn-65010.exeUnicorn-54149.exe

pid	process
2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
2024	Unicorn-33617.exe
2968	Unicorn-32499.exe
3028	Unicorn-16717.exe
2620	Unicorn-49987.exe
2524	Unicorn-64932.exe
2676	Unicorn-19261.exe
2548	Unicorn-23620.exe
1392	Unicorn-7838.exe
1652	Unicorn-31788.exe
2728	Unicorn-16006.exe
1168	Unicorn-15534.exe
1104	Unicorn-34563.exe
1332	Unicorn-58513.exe
2344	Unicorn-42731.exe
2324	Unicorn-40615.exe
2824	Unicorn-9888.exe
1976	Unicorn-55560.exe
404	Unicorn-63749.exe
1444	Unicorn-13733.exe
1556	Unicorn-23293.exe
768	Unicorn-7511.exe
2408	Unicorn-926.exe
940	Unicorn-15871.exe
1780	Unicorn-35737.exe
2172	Unicorn-50682.exe
1876	Unicorn-5010.exe
1608	Unicorn-17310.exe
2960	Unicorn-32254.exe
1884	Unicorn-52120.exe
2924	Unicorn-44507.exe
1996	Unicorn-37730.exe
2760	Unicorn-52867.exe
2780	Unicorn-15363.exe
2556	Unicorn-50174.exe
2504	Unicorn-42560.exe
2940	Unicorn-8949.exe
2980	Unicorn-8949.exe
1148	Unicorn-58705.exe
1680	Unicorn-13033.exe
848	Unicorn-47844.exe
2712	Unicorn-62789.exe
2160	Unicorn-29837.exe
2396	Unicorn-64647.exe
1280	Unicorn-52950.exe
2296	Unicorn-11362.exe
3040	Unicorn-61118.exe
2876	Unicorn-54341.exe
2464	Unicorn-27507.exe
3048	Unicorn-39759.exe
3044	Unicorn-39759.exe
1548	Unicorn-1419.exe
372	Unicorn-25561.exe
804	Unicorn-9779.exe
1576	Unicorn-3002.exe
352	Unicorn-37813.exe
1972	Unicorn-22031.exe
2364	Unicorn-11170.exe
2892	Unicorn-45981.exe
1660	Unicorn-15254.exe
2072	Unicorn-50065.exe
2752	Unicorn-34283.exe
2644	Unicorn-65010.exe
2508	Unicorn-54149.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exeUnicorn-33617.exeUnicorn-32499.exeUnicorn-16717.exeUnicorn-49987.exeUnicorn-19261.exeUnicorn-64932.exeUnicorn-23620.exe

description	pid	process	target process
PID 2060 wrote to memory of 2024	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-33617.exe
PID 2060 wrote to memory of 2024	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-33617.exe
PID 2060 wrote to memory of 2024	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-33617.exe
PID 2060 wrote to memory of 2024	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-33617.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-33617.exe	Unicorn-32499.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-33617.exe	Unicorn-32499.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-33617.exe	Unicorn-32499.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-33617.exe	Unicorn-32499.exe
PID 2060 wrote to memory of 3028	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-16717.exe
PID 2060 wrote to memory of 3028	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-16717.exe
PID 2060 wrote to memory of 3028	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-16717.exe
PID 2060 wrote to memory of 3028	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	Unicorn-16717.exe
PID 2060 wrote to memory of 2764	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	WerFault.exe
PID 2060 wrote to memory of 2764	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	WerFault.exe
PID 2060 wrote to memory of 2764	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	WerFault.exe
PID 2060 wrote to memory of 2764	2060	6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe	WerFault.exe
PID 2968 wrote to memory of 2620	2968	Unicorn-32499.exe	Unicorn-49987.exe
PID 2968 wrote to memory of 2620	2968	Unicorn-32499.exe	Unicorn-49987.exe
PID 2968 wrote to memory of 2620	2968	Unicorn-32499.exe	Unicorn-49987.exe
PID 2968 wrote to memory of 2620	2968	Unicorn-32499.exe	Unicorn-49987.exe
PID 2024 wrote to memory of 2524	2024	Unicorn-33617.exe	Unicorn-64932.exe
PID 2024 wrote to memory of 2524	2024	Unicorn-33617.exe	Unicorn-64932.exe
PID 2024 wrote to memory of 2524	2024	Unicorn-33617.exe	Unicorn-64932.exe
PID 2024 wrote to memory of 2524	2024	Unicorn-33617.exe	Unicorn-64932.exe
PID 3028 wrote to memory of 2676	3028	Unicorn-16717.exe	Unicorn-19261.exe
PID 3028 wrote to memory of 2676	3028	Unicorn-16717.exe	Unicorn-19261.exe
PID 3028 wrote to memory of 2676	3028	Unicorn-16717.exe	Unicorn-19261.exe
PID 3028 wrote to memory of 2676	3028	Unicorn-16717.exe	Unicorn-19261.exe
PID 2024 wrote to memory of 2624	2024	Unicorn-33617.exe	WerFault.exe
PID 2024 wrote to memory of 2624	2024	Unicorn-33617.exe	WerFault.exe
PID 2024 wrote to memory of 2624	2024	Unicorn-33617.exe	WerFault.exe
PID 2024 wrote to memory of 2624	2024	Unicorn-33617.exe	WerFault.exe
PID 2620 wrote to memory of 2548	2620	Unicorn-49987.exe	Unicorn-23620.exe
PID 2620 wrote to memory of 2548	2620	Unicorn-49987.exe	Unicorn-23620.exe
PID 2620 wrote to memory of 2548	2620	Unicorn-49987.exe	Unicorn-23620.exe
PID 2620 wrote to memory of 2548	2620	Unicorn-49987.exe	Unicorn-23620.exe
PID 2968 wrote to memory of 1392	2968	Unicorn-32499.exe	Unicorn-7838.exe
PID 2968 wrote to memory of 1392	2968	Unicorn-32499.exe	Unicorn-7838.exe
PID 2968 wrote to memory of 1392	2968	Unicorn-32499.exe	Unicorn-7838.exe
PID 2968 wrote to memory of 1392	2968	Unicorn-32499.exe	Unicorn-7838.exe
PID 3028 wrote to memory of 2728	3028	Unicorn-16717.exe	Unicorn-16006.exe
PID 3028 wrote to memory of 2728	3028	Unicorn-16717.exe	Unicorn-16006.exe
PID 3028 wrote to memory of 2728	3028	Unicorn-16717.exe	Unicorn-16006.exe
PID 3028 wrote to memory of 2728	3028	Unicorn-16717.exe	Unicorn-16006.exe
PID 2676 wrote to memory of 1736	2676	Unicorn-19261.exe	Unicorn-1061.exe
PID 2676 wrote to memory of 1736	2676	Unicorn-19261.exe	Unicorn-1061.exe
PID 2676 wrote to memory of 1736	2676	Unicorn-19261.exe	Unicorn-1061.exe
PID 2676 wrote to memory of 1736	2676	Unicorn-19261.exe	Unicorn-1061.exe
PID 2524 wrote to memory of 1652	2524	Unicorn-64932.exe	Unicorn-31788.exe
PID 2524 wrote to memory of 1652	2524	Unicorn-64932.exe	Unicorn-31788.exe
PID 2524 wrote to memory of 1652	2524	Unicorn-64932.exe	Unicorn-31788.exe
PID 2524 wrote to memory of 1652	2524	Unicorn-64932.exe	Unicorn-31788.exe
PID 2968 wrote to memory of 2224	2968	Unicorn-32499.exe	WerFault.exe
PID 2968 wrote to memory of 2224	2968	Unicorn-32499.exe	WerFault.exe
PID 2968 wrote to memory of 2224	2968	Unicorn-32499.exe	WerFault.exe
PID 2968 wrote to memory of 2224	2968	Unicorn-32499.exe	WerFault.exe
PID 3028 wrote to memory of 1816	3028	Unicorn-16717.exe	WerFault.exe
PID 3028 wrote to memory of 1816	3028	Unicorn-16717.exe	WerFault.exe
PID 3028 wrote to memory of 1816	3028	Unicorn-16717.exe	WerFault.exe
PID 3028 wrote to memory of 1816	3028	Unicorn-16717.exe	WerFault.exe
PID 2548 wrote to memory of 1168	2548	Unicorn-23620.exe	Unicorn-15534.exe
PID 2548 wrote to memory of 1168	2548	Unicorn-23620.exe	Unicorn-15534.exe
PID 2548 wrote to memory of 1168	2548	Unicorn-23620.exe	Unicorn-15534.exe
PID 2548 wrote to memory of 1168	2548	Unicorn-23620.exe	Unicorn-15534.exe

C:\Users\Admin\AppData\Local\Temp\6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe
"C:\Users\Admin\AppData\Local\Temp\6d055a49e8c496a1abc2ec108f07d179a9f90110695fc5a49eef2316ee5a736e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
10⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
11⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
12⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
13⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
14⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
15⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
16⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 236
15⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 236
14⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
13⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
12⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
11⤵
- Program crash
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
10⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
11⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
12⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
13⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
14⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
15⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
14⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
13⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
12⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
11⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
10⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
9⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
11⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
12⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
13⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 188
14⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
13⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
12⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
11⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
10⤵
- Program crash
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
9⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
9⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
11⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
12⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
13⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
14⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
14⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 220
14⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
13⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
12⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
11⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
12⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
13⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
13⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
9⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 240
8⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
9⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
10⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
11⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
12⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
13⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
14⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
15⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 236
14⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
13⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
12⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
11⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
10⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
9⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
12⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
13⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
12⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
11⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
9⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
8⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
9⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
11⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
12⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
13⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 220
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 236
12⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
11⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
10⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
9⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
8⤵
- Program crash
PID:1308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
7⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
9⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
10⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
11⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
12⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
13⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
14⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
15⤵
PID:13148

C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
15⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
14⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
13⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
12⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
11⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
12⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
13⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
14⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
13⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
12⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
11⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
9⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
10⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
11⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
12⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
13⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
14⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
13⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 236
12⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
11⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
9⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
10⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
11⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
12⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
13⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
14⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
12⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
11⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
11⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-18686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18686.exe
12⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 236
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 220
8⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
8⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
10⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
11⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
12⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
13⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
14⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
13⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 236
12⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
11⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
10⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
11⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
12⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
13⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
12⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
13⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
11⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
8⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
7⤵
- Program crash
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
6⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
6⤵
- Program crash
PID:828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
9⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
10⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
11⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
12⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
13⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
14⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
15⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
14⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
13⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 236
12⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
11⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
11⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
12⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
13⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
14⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 236
13⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
12⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
9⤵
- Program crash
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
8⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
12⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
13⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 220
12⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
10⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
9⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 220
8⤵
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
8⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
11⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
12⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
13⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 220
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
11⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
10⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
11⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
12⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
12⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
8⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
7⤵
- Program crash
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
8⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
10⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
11⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
12⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18686.exe
13⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
14⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
13⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
9⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
12⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
13⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 236
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
8⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
11⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
12⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
12⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 220
11⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
8⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
7⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 220
6⤵
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
11⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
12⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
13⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
12⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 216
8⤵
- Program crash
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
7⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
10⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
12⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
13⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 236
11⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
8⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
- Program crash
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
11⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
12⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
13⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 236
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 220
11⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
10⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
7⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
9⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
10⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 236
11⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
10⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
9⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
8⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
7⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
6⤵
- Program crash
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
5⤵
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
9⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
10⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
11⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
12⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
13⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
14⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
15⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
14⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
13⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
12⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
11⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
11⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
12⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
13⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
14⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
13⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
12⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
11⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
10⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
9⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
11⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
12⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
14⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
13⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
12⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
10⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
9⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
7⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
8⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
11⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
12⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
13⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
13⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 220
13⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
12⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
11⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
10⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
11⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
12⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 236
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
10⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
8⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
7⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
11⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
12⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
13⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 236
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
11⤵
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
6⤵
- Program crash
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-21944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21944.exe
8⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
11⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
12⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
13⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
14⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 220
12⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
11⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
9⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
11⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
13⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 236
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
9⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
8⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
9⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
10⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
11⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 236
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
8⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
- Program crash
PID:860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 216
6⤵
- Program crash
PID:296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
5⤵
- Program crash
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
8⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
10⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
11⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
12⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
12⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
11⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
13⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
13⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 236
12⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 220
8⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
7⤵
- Program crash
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
7⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-19381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19381.exe
11⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
12⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
13⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
12⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
9⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
10⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
12⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 236
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
10⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 240
9⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
8⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
7⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
6⤵
- Program crash
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
7⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-46277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46277.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
10⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
11⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
11⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
8⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
7⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
6⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
7⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
9⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
10⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
11⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
11⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
10⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
9⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
8⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
7⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
6⤵
- Program crash
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
5⤵
- Program crash
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
4⤵
- Executes dropped EXE
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
7⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
10⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
11⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
9⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
8⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
7⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
9⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
10⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
11⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
11⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
10⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
9⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
8⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
7⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
6⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
9⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
10⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
11⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
8⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
7⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
6⤵
- Program crash
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
5⤵
- Program crash
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
8⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
11⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 188
13⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
11⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
10⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
12⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
11⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
10⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
8⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
7⤵
- Program crash
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
7⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-812.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
10⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
11⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
12⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
11⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 220
10⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
7⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
9⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
10⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
11⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
12⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 236
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
10⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
9⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
8⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 220
7⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
6⤵
- Program crash
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
7⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
11⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
10⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
9⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
8⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
7⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
6⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
8⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
10⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
11⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
12⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 236
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
8⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
7⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
6⤵
- Program crash
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
10⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
11⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 220
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
11⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
9⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-28649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28649.exe
9⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
10⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
11⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
9⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
8⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 220
7⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
6⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
9⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
10⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 236
11⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
10⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
9⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
8⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
7⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
6⤵
- Program crash
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
6⤵
- Program crash
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
5⤵
- Program crash
PID:264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
4⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
2⤵
- Program crash
PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe

Filesize
184KB

MD5
6caf71ad03ae0160389bfde50a71eb33

SHA1
d5077b750b14bb8b7ec2c611c0cf4390ebeebb7c

SHA256
0b3de37f4a1a33c11289a19f99c3be1e5950258080c5e0e7ce5451603bed9435

SHA512
6967eef433eb8263f14d6e1659d7e94a932934f418e0659b57714ce2ec730e5e91d480f09198ee5ec35e515c762b327a50c8303b60d047c1d4a2a7a4c2707583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe

Filesize
184KB

MD5
224830051ad602cc56137f71525043be

SHA1
f79f2d18d2f5b12a9edc46be809de063960090e2

SHA256
33e060a528185e5eccd2053834a4928642fc5c738fb1f3734f5842aa6f2baab5

SHA512
90d4ce7b7cf6047f01d1634a1cebe7747194c971c4bc8a872ebcf3e26d2f14085fbc416eab8969bf0934d92e1edc7726cbf37699e712b0b6eca12579cd384695

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe

Filesize
184KB

MD5
b535768c5e9e46537f6ae56430a079d1

SHA1
76b3689cd529ee9737ab7128819a7c1a871c174d

SHA256
88c410f2f4f5f19814616c312e50df6278c8c09615b87c1d5fef128cfb55c953

SHA512
e8753e52bced2c9f01a0bbd0c4f73ffbe896bde9a254774fdfce7cb23a04ab4c01ef62c486bae14890c508675c62345ab736e8427d1b8f1fcb97e54b609cd2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe

Filesize
184KB

MD5
52f7a6c195476d6c730b947a19e855f1

SHA1
b2be13bbe18848edfbe485d92b75016b306fb32b

SHA256
a8a4467535f1eb7f66ace45e0a6e10ba8bcb4ff2f169b6b30fade5f735bf8338

SHA512
a85da527f7e6f2f75a31cb437989e8a0d49c1b8b1a835aa11d315cc797923209e5270af4bc1bee211d2151077ab88ebaa7533f94d8bed1cbdcb294d0faf143e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe

Filesize
184KB

MD5
aeb882f5d7211979fc1c2c9a0618fdce

SHA1
fd56af5ed3fc46a07e2bc3a303e936c961c43202

SHA256
b8b76e742591e50e84efec2ecde827efb2dc7977c06081896d6019fde64b7e0a

SHA512
2a0525683fcfa01ca41a6c5e9ca9d9f5b7c576be0f7123f14889f1bca3f1a06e71746c7b132608387b3f7868551f58c65fa147fe993d4e34f4bd9ce482d69ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe

Filesize
184KB

MD5
076c361180081c8e4993494ddb5b337e

SHA1
237f57bc0d5b485b3f2d865b6386860bd7bb48ca

SHA256
614e0da58696584e30a0beeb86eb40d6a4ea2ece0dcb255d759506a8fac82dd6

SHA512
a92a7c08e9c3d16edba21fc1bbeedd66f9699dd3fa7f7748266f1f950435c32143abf7d01b90691da6f0a62c1d9081c9ca156f040b5924cfe562a98d51f4736f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe

Filesize
184KB

MD5
c9e2656d3a252d61cb7a2bd9658002f4

SHA1
7874c92ca2fb6a093e8bac826e0ed6df23423f84

SHA256
a87c1869755c16e397350fc0166e8f3bb74d55afedf86948f9536742fde4b382

SHA512
c1f9fcbd142105c30d5734d5036ee7c6f9cb72a2db50e5be620bd69eeeb29f2121dd82d6bf62659df7e8f290d834a9b69bfdb1bc7292252c08bcfa49805b7c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe

Filesize
184KB

MD5
34a5a8f94d0b14c3960c828293f42681

SHA1
e9c777e2d79ba912c8df076bcc14f419e8bfa1c0

SHA256
d305b402319683f46f93c70b150fe565e5aa1e6840fae6efd62cca93146ab450

SHA512
0e3adbf7d8b4ac4704bc0da85c6077638f3d56234822881bc832d3ae663882f5c23e13e3c027fd4a959936ba23539ec64114605b6fc52a4f86a1e4d4ef0ba9cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe

Filesize
184KB

MD5
6e1569fa0efdabde47216388a2e607fd

SHA1
454b6c1809d7616a0b02915d9a6d9d1cb4bfdba5

SHA256
710c3bccd35e2266a085fb39c9884930b0b16e3f2178b53c9b5b14ccfe266d6e

SHA512
7ff0227ca0a3e1d179d19963d012334edeeb9950599f88b7bda20b4b6c57b6c6df1c26d3b5f3520234454ad79eac2a425372718706cde4b98a21cf99eda5b345

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe

Filesize
184KB

MD5
1aeef86e90370dc8ec62b7cf5c126c18

SHA1
db386ba6ef746644c610c71abca6134cd1c1330c

SHA256
5764fbb29f89ebb62f3d133c8cd8c65309757e3de7437fede8fc00224bc39d1d

SHA512
e7701dae29cb17e84f4c1efd29527eb881ae602f78a8c20f37edd850b992d9ea95f846b4df2651e129f721ef4a91d6fcad81fc80c9499b75bd78b9361ebe7b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe

Filesize
184KB

MD5
a2907974634a702a947a1d28fde44785

SHA1
d0a60ebd02be359ccd19797d88b7ba5ba682acf1

SHA256
3686e500c7cb03afbabd94de9158d4b02d84e03890c4d9ae35a4402c545228a9

SHA512
d45f409d6ede6619293f5cb9adba205f0273ccec778ab63cd273f398b58fc7bf25634b2300f24f78697c1d75ac0e3110a321b6f9c55c0e8b253660fb61aed4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe

Filesize
184KB

MD5
5aeef967861f11a4f0e5d3c0cf2e990f

SHA1
c2e65282c45f274e387f6adfd1f6c364b586a4d6

SHA256
e07df1ef951bb86d280e79fe510871010cb58d915514101cc2aa9315f6925105

SHA512
b9a87c8f1977e7f9efd4e66164f3715a7cae882bf1160a0f4e96fea7a52627a3d7b3da9336578487bd224cef47e96f170ce511a40b87efa2270684044bc2c146

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe

Filesize
184KB

MD5
c0dc416e833c6ae0513ec76b12b9d90c

SHA1
de086b88d3b3538474aa50e9caed4a2cda6b8b1f

SHA256
40eba1fd8803503087c808a9e29d19ffa7071ee8664fe0c464d384d87e9921fd

SHA512
dcb3aa1cecab3d9b6bf2a59dfe38ab34f7089baf40fe4d980f4fb141d64cce55de5a8de987741324baa9e754d97cc39a9e2a66b5a2deb38f3376481fb35f4010

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe

Filesize
184KB

MD5
89c014283893c025ae2628da92609e40

SHA1
18033f15701044ed2907935de69648644c005d30

SHA256
a1462836cd6c7d0179935ca3be3e77c9487d725294631f73dc6b46b473639fed

SHA512
5f5e011414be6dab13d5b6156b4c8298b1b91700cf01aacfa8dd21cfead0a52171f4bf71a199459d5a0a4940078eb8f23ee022f61e569deb3f9ff40f775a234d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe

Filesize
184KB

MD5
823e0337b6fc1abd9d656c6a81df82d4

SHA1
0a9feff713950fd860e5d9cfe287697c7d835b31

SHA256
3def20b869b5c90ed1be16807a5c9edf7c0f70e6d42f7372b8c87af9654f91a7

SHA512
17dfbf94b9dd98889c7c1289e172ff41a2fb548ac06e984dd3d1dfb5bcfc93f94232722ec71af2f731971579266cc08dcb07081a29e3ce6884c4bc31ddb27f27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe

Filesize
184KB

MD5
a49702a21e6c7bb172beefe7ab637873

SHA1
0476f928b94a8465200b1e3b4d25972be0f9d46b

SHA256
43ff894dbac4353360b7e0f2b1b185feec6a9c6c71191fab93c4ec39372a4c58

SHA512
9c5a1ea017a18affb3f4872c35f84793a3d77a1cf5d097603cfe1a93b04f646b09a58e906db4244dacae1a02c44415e7c1072ef69fbc6cc63a177dafcefc6b87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe

Filesize
184KB

MD5
8d719f20db6b6f822c1e4a9975ee4aa7

SHA1
d8ffa41d9b42f92488f839113f6a3b58225f5ab2

SHA256
87177df4a3bb87b0afa8e7209ec0e53f2302872992918801280fdb414bc1cb32

SHA512
fd0f47eea71a8caa4e733477eb41c4d56562f30d4092febe9e941321eff7c9e1270b80b95b97165fdc070ec320e23c77271f58e673b4984eb4dde6843415be75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe

Filesize
184KB

MD5
78e03e806c479edad7b4b3c1bd605f07

SHA1
815b7689fd66441f39e6890f722c772842b8445f

SHA256
49c3409775161d94f999be988488da2dcc6825f0071682208c3b7988cb75e89d

SHA512
9d486ac32d4819db4c2f0a4522cba9d8d87c0b76567a900742adb7797d89966ab771611aa39b5d5cd58c0a0f544b58af12807a90d005575bf6b74e9c4eb6d0ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe

Filesize
184KB

MD5
a4597d96eca854794f9f5242f830c38c

SHA1
4b496599580e30ee8a70b0149e72c1b1b34545c2

SHA256
315bc20964d80399e80eba90e50d7748817d7abd327ede3beea949add6c865ef

SHA512
d43150bc0a84d7f8d5f1f462de16ada8b447415cdb0838e9f61945da4c202f7f5f70fceea2095939379c679af89f9b1c013ee563c784e7cde4b7fbb179cf26bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe

Filesize
184KB

MD5
141f23dc165ec0998b96be7b997dd0cd

SHA1
1a2482b3f3e8a7b154025a30c4cb8236e67d2fbf

SHA256
c05e1b798d712644348fd3335dffb5438d41ad3c8d923607426c0f586c30b833

SHA512
872b00cde133cfe348c1ea3e60c350381116ddf3a4fd930c0afe012782fc1920aca27b23755c17ad52c53e97fb4acc7b6917af2ebef05dca74f93d2c60497524

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe

Filesize
184KB

MD5
8bb5f3a5e38f7770001dbbbea6786928

SHA1
8e102ea073214c8393199f165c7e67c410451361

SHA256
3bece0b4a81f89279d9269f369c40491c9a8dd292ae85667bf96b7a3ab8dd169

SHA512
b1e12aff4398cf416feece37ecf59d8992e9f500ed642f1c91f09ad6bb3a4ba004423be991d1373946cd4d79833a532828c1c18f63b86d9d068f8a00011b3d60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe

Filesize
184KB

MD5
03cfeddf05f9a0ec2fb2af25c6cdfecf

SHA1
edc753f825c3a2e61c703d67318e0de2de60dc70

SHA256
13146ccb8791dd2a85da7f48221d35a0b21a45c29447e42caf9c8254e6931fda

SHA512
b5984cea3620321145c5257b86f95d84818ac48d2232cb60dafd3e7fbcdf667139443e819eade8b99ec0b3b9e64a0009c2602c745f04a81eb4c77dab37a6f429

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe

Filesize
184KB

MD5
2d165c19bb38c65fda6cc8fb056c1afa

SHA1
842df71f1fbea632e8d38301ffbe98547f1c60e9

SHA256
8530158b892e09a787424d85bc651cfc74c07e337a1af29c770b726dfe16fc8a

SHA512
e08b7e41199b96b19fba977907ad952ca902d012448102ce6ca95cd219e9a0f71fdca961d11eef3ca875c90b59ea5cabedf7a23d13230d2b0f191a7c905d6a0e

Download Submit