7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
Size

184KB
MD5

35947297685de02bd15ca7a0e690c3e5
SHA1

4e0e8b1b33931214701c36d95c9687d4828a8742
SHA256

7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c
SHA512

f7b415383eafb1e3bc0e14ac202fceae66709b78c6dc9916354fb661209142242b8977fc4307a725983dc2380558a76fcceee25420d1f9386131c73d91e97d9a
SSDEEP

3072:6ohRY8or7RhSdFaWe5wLJGsuhlnDiFFnW:6ofoL+FagLIsuhlnDiFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-46554.exeUnicorn-54865.exeUnicorn-52405.exeUnicorn-8248.exeUnicorn-28114.exeUnicorn-53448.exeUnicorn-8331.exeUnicorn-28197.exeUnicorn-28197.exeUnicorn-29349.exeUnicorn-11066.exeUnicorn-21927.exeUnicorn-4522.exeUnicorn-24388.exeUnicorn-54683.exeUnicorn-9011.exeUnicorn-9758.exeUnicorn-15233.exeUnicorn-19894.exeUnicorn-30754.exeUnicorn-50620.exeUnicorn-12280.exeUnicorn-62872.exeUnicorn-16027.exeUnicorn-35893.exeUnicorn-35893.exeUnicorn-9250.exeUnicorn-13334.exeUnicorn-41107.exeUnicorn-19941.exeUnicorn-19941.exeUnicorn-50667.exeUnicorn-30801.exeUnicorn-26717.exeUnicorn-28301.exeUnicorn-39161.exeUnicorn-13095.exeUnicorn-10402.exeUnicorn-62125.exeUnicorn-38175.exeUnicorn-15617.exeUnicorn-35483.exeUnicorn-672.exeUnicorn-31399.exeUnicorn-11533.exeUnicorn-40313.exeUnicorn-10978.exeUnicorn-21839.exeUnicorn-6894.exeUnicorn-60734.exeUnicorn-61933.exeUnicorn-61933.exeUnicorn-27123.exeUnicorn-57849.exeUnicorn-37983.exeUnicorn-3173.exeUnicorn-4564.exeUnicorn-28960.exeUnicorn-37128.exeUnicorn-47989.exeUnicorn-54040.exeUnicorn-30090.exeUnicorn-25452.exeUnicorn-2893.exe

pid	process
2316	Unicorn-46554.exe
2988	Unicorn-54865.exe
3036	Unicorn-52405.exe
2544	Unicorn-8248.exe
2724	Unicorn-28114.exe
2716	Unicorn-53448.exe
2452	Unicorn-8331.exe
2560	Unicorn-28197.exe
2488	Unicorn-28197.exe
1972	Unicorn-29349.exe
2024	Unicorn-11066.exe
2784	Unicorn-21927.exe
1932	Unicorn-4522.exe
1608	Unicorn-24388.exe
2304	Unicorn-54683.exe
936	Unicorn-9011.exe
748	Unicorn-9758.exe
2272	Unicorn-15233.exe
832	Unicorn-19894.exe
1496	Unicorn-30754.exe
1316	Unicorn-50620.exe
2404	Unicorn-12280.exe
1868	Unicorn-62872.exe
2064	Unicorn-16027.exe
1132	Unicorn-35893.exe
1928	Unicorn-35893.exe
2060	Unicorn-9250.exe
2116	Unicorn-13334.exe
2104	Unicorn-41107.exe
2096	Unicorn-19941.exe
1620	Unicorn-19941.exe
2212	Unicorn-50667.exe
2236	Unicorn-30801.exe
1236	Unicorn-26717.exe
2036	Unicorn-28301.exe
2152	Unicorn-39161.exe
2668	Unicorn-13095.exe
2540	Unicorn-10402.exe
2576	Unicorn-62125.exe
2496	Unicorn-38175.exe
2944	Unicorn-15617.exe
932	Unicorn-35483.exe
1936	Unicorn-672.exe
1680	Unicorn-31399.exe
1944	Unicorn-11533.exe
2792	Unicorn-40313.exe
2808	Unicorn-10978.exe
1740	Unicorn-21839.exe
1748	Unicorn-6894.exe
536	Unicorn-60734.exe
556	Unicorn-61933.exe
1332	Unicorn-61933.exe
584	Unicorn-27123.exe
2312	Unicorn-57849.exe
1904	Unicorn-37983.exe
836	Unicorn-3173.exe
972	Unicorn-4564.exe
1756	Unicorn-28960.exe
2068	Unicorn-37128.exe
1572	Unicorn-47989.exe
2376	Unicorn-54040.exe
2396	Unicorn-30090.exe
2516	Unicorn-25452.exe
1224	Unicorn-2893.exe

Loads dropped DLL 64 IoCs

Processes:

7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exeUnicorn-46554.exeUnicorn-52405.exeUnicorn-54865.exeUnicorn-8248.exeUnicorn-28114.exeWerFault.exeWerFault.exeUnicorn-53448.exeUnicorn-28197.exeUnicorn-28197.exeWerFault.exeWerFault.exeUnicorn-29349.exeUnicorn-8331.exeUnicorn-21927.exeUnicorn-24388.exeUnicorn-11066.exe

pid	process
3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
2316	Unicorn-46554.exe
2316	Unicorn-46554.exe
3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
2316	Unicorn-46554.exe
2316	Unicorn-46554.exe
3036	Unicorn-52405.exe
3036	Unicorn-52405.exe
2988	Unicorn-54865.exe
2988	Unicorn-54865.exe
3036	Unicorn-52405.exe
3036	Unicorn-52405.exe
2544	Unicorn-8248.exe
2724	Unicorn-28114.exe
2544	Unicorn-8248.exe
2724	Unicorn-28114.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
1716	WerFault.exe
2004	WerFault.exe
2716	Unicorn-53448.exe
2716	Unicorn-53448.exe
2560	Unicorn-28197.exe
2560	Unicorn-28197.exe
2544	Unicorn-8248.exe
2544	Unicorn-8248.exe
2724	Unicorn-28114.exe
2724	Unicorn-28114.exe
2488	Unicorn-28197.exe
2488	Unicorn-28197.exe
2260	WerFault.exe
2260	WerFault.exe
2260	WerFault.exe
2260	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2260	WerFault.exe
2616	WerFault.exe
2716	Unicorn-53448.exe
1972	Unicorn-29349.exe
2716	Unicorn-53448.exe
1972	Unicorn-29349.exe
2452	Unicorn-8331.exe
2452	Unicorn-8331.exe
2784	Unicorn-21927.exe
2784	Unicorn-21927.exe
1608	Unicorn-24388.exe
1608	Unicorn-24388.exe
2024	Unicorn-11066.exe
2488	Unicorn-28197.exe
2024	Unicorn-11066.exe
2488	Unicorn-28197.exe
2560	Unicorn-28197.exe
2560	Unicorn-28197.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3012	3060	WerFault.exe	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
2004	3036	WerFault.exe	Unicorn-52405.exe
1716	2988	WerFault.exe	Unicorn-54865.exe
2260	2724	WerFault.exe	Unicorn-28114.exe
2616	2544	WerFault.exe	Unicorn-8248.exe
976	2716	WerFault.exe	Unicorn-53448.exe
276	2560	WerFault.exe	Unicorn-28197.exe
1820	2452	WerFault.exe	Unicorn-8331.exe
2900	2488	WerFault.exe	Unicorn-28197.exe
2672	1972	WerFault.exe	Unicorn-29349.exe
2812	2784	WerFault.exe	Unicorn-21927.exe
2604	1608	WerFault.exe	Unicorn-24388.exe
1676	2024	WerFault.exe	Unicorn-11066.exe
2964	1932	WerFault.exe	Unicorn-4522.exe
1928	2304	WerFault.exe	Unicorn-54683.exe
848	936	WerFault.exe	Unicorn-9011.exe
2076	748	WerFault.exe	Unicorn-9758.exe
1600	2272	WerFault.exe	Unicorn-15233.exe
2164	1316	WerFault.exe	Unicorn-50620.exe
3052	1496	WerFault.exe	Unicorn-30754.exe
2868	832	WerFault.exe	Unicorn-19894.exe
2796	1868	WerFault.exe	Unicorn-62872.exe
2712	2404	WerFault.exe	Unicorn-12280.exe
2700	2064	WerFault.exe	Unicorn-16027.exe
1004	1132	WerFault.exe	Unicorn-35893.exe
1076	2060	WerFault.exe	Unicorn-9250.exe
1736	2116	WerFault.exe	Unicorn-13334.exe
1172	2104	WerFault.exe	Unicorn-41107.exe
1576	1620	WerFault.exe	Unicorn-19941.exe
2704	2096	WerFault.exe	Unicorn-19941.exe
2780	2036	WerFault.exe	Unicorn-28301.exe
2772	2236	WerFault.exe	Unicorn-30801.exe
2832	1236	WerFault.exe	Unicorn-26717.exe
2828	2212	WerFault.exe	Unicorn-50667.exe
1112	2152	WerFault.exe	Unicorn-39161.exe
3800	2668	WerFault.exe	Unicorn-13095.exe
3816	2540	WerFault.exe	Unicorn-10402.exe
3904	2576	WerFault.exe	Unicorn-62125.exe
3984	2496	WerFault.exe	Unicorn-38175.exe
3992	1936	WerFault.exe	Unicorn-672.exe
4032	1944	WerFault.exe	Unicorn-11533.exe
4040	932	WerFault.exe	Unicorn-35483.exe
4064	2944	WerFault.exe	Unicorn-15617.exe
4088	1680	WerFault.exe	Unicorn-31399.exe
3108	1904	WerFault.exe	Unicorn-37983.exe
3120	556	WerFault.exe	Unicorn-61933.exe
3140	1740	WerFault.exe	Unicorn-21839.exe
3136	2312	WerFault.exe	Unicorn-57849.exe
3196	972	WerFault.exe	Unicorn-4564.exe
3216	2808	WerFault.exe	Unicorn-10978.exe
3296	584	WerFault.exe	Unicorn-27123.exe
3532	536	WerFault.exe	Unicorn-60734.exe
3748	1332	WerFault.exe	Unicorn-61933.exe
3772	836	WerFault.exe	Unicorn-3173.exe
3876	2792	WerFault.exe	Unicorn-40313.exe
3932	1748	WerFault.exe	Unicorn-6894.exe
3792	2396	WerFault.exe	Unicorn-30090.exe
4388	484	WerFault.exe	Unicorn-58679.exe
4536	2248	WerFault.exe	Unicorn-47818.exe
4580	2524	WerFault.exe	Unicorn-11445.exe
4600	904	WerFault.exe	Unicorn-33428.exe
4608	2188	WerFault.exe	Unicorn-57117.exe
4616	356	WerFault.exe	Unicorn-60070.exe
4640	3028	WerFault.exe	Unicorn-34558.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exeUnicorn-46554.exeUnicorn-54865.exeUnicorn-52405.exeUnicorn-28114.exeUnicorn-8248.exeUnicorn-53448.exeUnicorn-8331.exeUnicorn-28197.exeUnicorn-28197.exeUnicorn-29349.exeUnicorn-11066.exeUnicorn-21927.exeUnicorn-4522.exeUnicorn-24388.exeUnicorn-9011.exeUnicorn-54683.exeUnicorn-9758.exeUnicorn-15233.exeUnicorn-19894.exeUnicorn-50620.exeUnicorn-30754.exeUnicorn-12280.exeUnicorn-62872.exeUnicorn-16027.exeUnicorn-35893.exeUnicorn-9250.exeUnicorn-13334.exeUnicorn-41107.exeUnicorn-19941.exeUnicorn-19941.exeUnicorn-50667.exeUnicorn-26717.exeUnicorn-30801.exeUnicorn-28301.exeUnicorn-39161.exeUnicorn-13095.exeUnicorn-10402.exeUnicorn-62125.exeUnicorn-38175.exeUnicorn-15617.exeUnicorn-31399.exeUnicorn-672.exeUnicorn-35483.exeUnicorn-11533.exeUnicorn-40313.exeUnicorn-10978.exeUnicorn-21839.exeUnicorn-6894.exeUnicorn-60734.exeUnicorn-61933.exeUnicorn-61933.exeUnicorn-27123.exeUnicorn-57849.exeUnicorn-37983.exeUnicorn-3173.exeUnicorn-4564.exeUnicorn-28960.exeUnicorn-37128.exeUnicorn-47989.exeUnicorn-54040.exeUnicorn-30090.exeUnicorn-25452.exeUnicorn-2893.exe

pid	process
3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
2316	Unicorn-46554.exe
2988	Unicorn-54865.exe
3036	Unicorn-52405.exe
2724	Unicorn-28114.exe
2544	Unicorn-8248.exe
2716	Unicorn-53448.exe
2452	Unicorn-8331.exe
2560	Unicorn-28197.exe
2488	Unicorn-28197.exe
1972	Unicorn-29349.exe
2024	Unicorn-11066.exe
2784	Unicorn-21927.exe
1932	Unicorn-4522.exe
1608	Unicorn-24388.exe
936	Unicorn-9011.exe
2304	Unicorn-54683.exe
748	Unicorn-9758.exe
2272	Unicorn-15233.exe
832	Unicorn-19894.exe
1316	Unicorn-50620.exe
1496	Unicorn-30754.exe
2404	Unicorn-12280.exe
1868	Unicorn-62872.exe
2064	Unicorn-16027.exe
1132	Unicorn-35893.exe
2060	Unicorn-9250.exe
2116	Unicorn-13334.exe
2104	Unicorn-41107.exe
2096	Unicorn-19941.exe
1620	Unicorn-19941.exe
2212	Unicorn-50667.exe
1236	Unicorn-26717.exe
2236	Unicorn-30801.exe
2036	Unicorn-28301.exe
2152	Unicorn-39161.exe
2668	Unicorn-13095.exe
2540	Unicorn-10402.exe
2576	Unicorn-62125.exe
2496	Unicorn-38175.exe
2944	Unicorn-15617.exe
1680	Unicorn-31399.exe
1936	Unicorn-672.exe
932	Unicorn-35483.exe
1944	Unicorn-11533.exe
2792	Unicorn-40313.exe
2808	Unicorn-10978.exe
1740	Unicorn-21839.exe
1748	Unicorn-6894.exe
536	Unicorn-60734.exe
1332	Unicorn-61933.exe
556	Unicorn-61933.exe
584	Unicorn-27123.exe
2312	Unicorn-57849.exe
1904	Unicorn-37983.exe
836	Unicorn-3173.exe
972	Unicorn-4564.exe
1756	Unicorn-28960.exe
2068	Unicorn-37128.exe
1572	Unicorn-47989.exe
2376	Unicorn-54040.exe
2396	Unicorn-30090.exe
2516	Unicorn-25452.exe
1224	Unicorn-2893.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exeUnicorn-46554.exeUnicorn-52405.exeUnicorn-54865.exeUnicorn-8248.exeUnicorn-28114.exeUnicorn-53448.exeUnicorn-28197.exe

description	pid	process	target process
PID 3060 wrote to memory of 2316	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-46554.exe
PID 3060 wrote to memory of 2316	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-46554.exe
PID 3060 wrote to memory of 2316	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-46554.exe
PID 3060 wrote to memory of 2316	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-46554.exe
PID 2316 wrote to memory of 2988	2316	Unicorn-46554.exe	Unicorn-54865.exe
PID 2316 wrote to memory of 2988	2316	Unicorn-46554.exe	Unicorn-54865.exe
PID 2316 wrote to memory of 2988	2316	Unicorn-46554.exe	Unicorn-54865.exe
PID 2316 wrote to memory of 2988	2316	Unicorn-46554.exe	Unicorn-54865.exe
PID 3060 wrote to memory of 3036	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-52405.exe
PID 3060 wrote to memory of 3036	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-52405.exe
PID 3060 wrote to memory of 3036	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-52405.exe
PID 3060 wrote to memory of 3036	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	Unicorn-52405.exe
PID 3060 wrote to memory of 3012	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	WerFault.exe
PID 3060 wrote to memory of 3012	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	WerFault.exe
PID 3060 wrote to memory of 3012	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	WerFault.exe
PID 3060 wrote to memory of 3012	3060	7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe	WerFault.exe
PID 2316 wrote to memory of 2544	2316	Unicorn-46554.exe	Unicorn-8248.exe
PID 2316 wrote to memory of 2544	2316	Unicorn-46554.exe	Unicorn-8248.exe
PID 2316 wrote to memory of 2544	2316	Unicorn-46554.exe	Unicorn-8248.exe
PID 2316 wrote to memory of 2544	2316	Unicorn-46554.exe	Unicorn-8248.exe
PID 3036 wrote to memory of 2724	3036	Unicorn-52405.exe	Unicorn-28114.exe
PID 3036 wrote to memory of 2724	3036	Unicorn-52405.exe	Unicorn-28114.exe
PID 3036 wrote to memory of 2724	3036	Unicorn-52405.exe	Unicorn-28114.exe
PID 3036 wrote to memory of 2724	3036	Unicorn-52405.exe	Unicorn-28114.exe
PID 2988 wrote to memory of 2716	2988	Unicorn-54865.exe	Unicorn-53448.exe
PID 2988 wrote to memory of 2716	2988	Unicorn-54865.exe	Unicorn-53448.exe
PID 2988 wrote to memory of 2716	2988	Unicorn-54865.exe	Unicorn-53448.exe
PID 2988 wrote to memory of 2716	2988	Unicorn-54865.exe	Unicorn-53448.exe
PID 3036 wrote to memory of 2452	3036	Unicorn-52405.exe	Unicorn-8331.exe
PID 3036 wrote to memory of 2452	3036	Unicorn-52405.exe	Unicorn-8331.exe
PID 3036 wrote to memory of 2452	3036	Unicorn-52405.exe	Unicorn-8331.exe
PID 3036 wrote to memory of 2452	3036	Unicorn-52405.exe	Unicorn-8331.exe
PID 2544 wrote to memory of 2560	2544	Unicorn-8248.exe	Unicorn-28197.exe
PID 2544 wrote to memory of 2560	2544	Unicorn-8248.exe	Unicorn-28197.exe
PID 2544 wrote to memory of 2560	2544	Unicorn-8248.exe	Unicorn-28197.exe
PID 2544 wrote to memory of 2560	2544	Unicorn-8248.exe	Unicorn-28197.exe
PID 2724 wrote to memory of 2488	2724	Unicorn-28114.exe	Unicorn-28197.exe
PID 2724 wrote to memory of 2488	2724	Unicorn-28114.exe	Unicorn-28197.exe
PID 2724 wrote to memory of 2488	2724	Unicorn-28114.exe	Unicorn-28197.exe
PID 2724 wrote to memory of 2488	2724	Unicorn-28114.exe	Unicorn-28197.exe
PID 3036 wrote to memory of 2004	3036	Unicorn-52405.exe	WerFault.exe
PID 3036 wrote to memory of 2004	3036	Unicorn-52405.exe	WerFault.exe
PID 3036 wrote to memory of 2004	3036	Unicorn-52405.exe	WerFault.exe
PID 3036 wrote to memory of 2004	3036	Unicorn-52405.exe	WerFault.exe
PID 2988 wrote to memory of 1716	2988	Unicorn-54865.exe	WerFault.exe
PID 2988 wrote to memory of 1716	2988	Unicorn-54865.exe	WerFault.exe
PID 2988 wrote to memory of 1716	2988	Unicorn-54865.exe	WerFault.exe
PID 2988 wrote to memory of 1716	2988	Unicorn-54865.exe	WerFault.exe
PID 2716 wrote to memory of 1972	2716	Unicorn-53448.exe	Unicorn-29349.exe
PID 2716 wrote to memory of 1972	2716	Unicorn-53448.exe	Unicorn-29349.exe
PID 2716 wrote to memory of 1972	2716	Unicorn-53448.exe	Unicorn-29349.exe
PID 2716 wrote to memory of 1972	2716	Unicorn-53448.exe	Unicorn-29349.exe
PID 2560 wrote to memory of 2024	2560	Unicorn-28197.exe	Unicorn-11066.exe
PID 2560 wrote to memory of 2024	2560	Unicorn-28197.exe	Unicorn-11066.exe
PID 2560 wrote to memory of 2024	2560	Unicorn-28197.exe	Unicorn-11066.exe
PID 2560 wrote to memory of 2024	2560	Unicorn-28197.exe	Unicorn-11066.exe
PID 2544 wrote to memory of 2784	2544	Unicorn-8248.exe	Unicorn-21927.exe
PID 2544 wrote to memory of 2784	2544	Unicorn-8248.exe	Unicorn-21927.exe
PID 2544 wrote to memory of 2784	2544	Unicorn-8248.exe	Unicorn-21927.exe
PID 2544 wrote to memory of 2784	2544	Unicorn-8248.exe	Unicorn-21927.exe
PID 2724 wrote to memory of 1932	2724	Unicorn-28114.exe	Unicorn-4522.exe
PID 2724 wrote to memory of 1932	2724	Unicorn-28114.exe	Unicorn-4522.exe
PID 2724 wrote to memory of 1932	2724	Unicorn-28114.exe	Unicorn-4522.exe
PID 2724 wrote to memory of 1932	2724	Unicorn-28114.exe	Unicorn-4522.exe

C:\Users\Admin\AppData\Local\Temp\7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe
"C:\Users\Admin\AppData\Local\Temp\7ebb26a68416b80b344eebd24d7711b9ae2080d50c1eb02306446f1df25eed3c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
10⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
11⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
12⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
13⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
14⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 236
14⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
13⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
12⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
11⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
10⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
11⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
12⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
13⤵
PID:11892

C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
14⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11892 -s 216
14⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 204
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
12⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
11⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
10⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
9⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
10⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
11⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
12⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
13⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
13⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
12⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
11⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
10⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
9⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
9⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
10⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
11⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
12⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
13⤵
PID:11848

C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
14⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
11⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
10⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
9⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
8⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
9⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
11⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
12⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
13⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 220
13⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 220
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
10⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
11⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
12⤵
PID:12252

C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
13⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
12⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
9⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
8⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
9⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 220
10⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 220
8⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
7⤵
- Program crash
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
9⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
10⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
11⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
12⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
13⤵
PID:11476

C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
14⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
12⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
11⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
10⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-25162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25162.exe
12⤵
PID:11608

C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
13⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
8⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
12⤵
PID:11564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
13⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
10⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
9⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
8⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
10⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
11⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
12⤵
PID:12164

C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
13⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
12⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
10⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
11⤵
PID:11764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
12⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
10⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 220
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
7⤵
- Program crash
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
6⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
6⤵
- Executes dropped EXE
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
8⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
11⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
12⤵
PID:11400

C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
13⤵
PID:14196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11400 -s 216
13⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
10⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
11⤵
PID:11372

C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
12⤵
PID:14160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11372 -s 216
12⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 236
11⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
8⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-6640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6640.exe
10⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
11⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
12⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 216
12⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
9⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
6⤵
- Program crash
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
5⤵
- Program crash
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11066.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
9⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
10⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
11⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
12⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
13⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
14⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
14⤵
PID:14008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
13⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
12⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
11⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
10⤵
- Program crash
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-27689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27689.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
12⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 236
13⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
9⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
11⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
12⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
13⤵
PID:12172

C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
14⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
13⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
9⤵
- Program crash
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
8⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
8⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
11⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
12⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
13⤵
PID:13900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
10⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 216
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
10⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 220
12⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 220
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
8⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 220
7⤵
- Program crash
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
8⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
10⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
11⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
12⤵
PID:11636

C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
13⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
11⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
10⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
11⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
12⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
11⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 220
8⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
7⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
11⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
12⤵
PID:11544

C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
13⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 220
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
11⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
9⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
10⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
11⤵
PID:11968

C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
12⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
11⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
8⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
6⤵
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
7⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
8⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
11⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
12⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
13⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
11⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
9⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
10⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
11⤵
PID:12124

C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
12⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 220
11⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
10⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
8⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
7⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
9⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
10⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
11⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
11⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
10⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
8⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
6⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
5⤵
- Program crash
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
8⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
9⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
10⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
11⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
12⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
13⤵
PID:12084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
14⤵
PID:14280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12084 -s 216
14⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
12⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
11⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 216
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
11⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
12⤵
PID:11748

C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
13⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
11⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
11⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
12⤵
PID:11816

C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
13⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
9⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
10⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
11⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
12⤵
PID:11932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
13⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
11⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 220
10⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
10⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
11⤵
PID:12116

C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
12⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
8⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
7⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
8⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
11⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
12⤵
PID:11980

C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
13⤵
PID:14116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11980 -s 216
13⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
12⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
11⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 220
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
9⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
10⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
11⤵
PID:11692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 220
11⤵
PID:13364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 220
10⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
8⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
7⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
9⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
10⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
11⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
12⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
11⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
9⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
7⤵
- Program crash
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
6⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
10⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
11⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
12⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 236
11⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
10⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
8⤵
- Program crash
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
10⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
11⤵
PID:11772

C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
12⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
11⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
8⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
7⤵
- Program crash
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
6⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46817.exe
10⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
11⤵
PID:12036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
12⤵
PID:14276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 204
11⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 220
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
8⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
7⤵
- Program crash
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
6⤵
- Program crash
PID:1172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
5⤵
- Program crash
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
9⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
8⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
11⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
12⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-53942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53942.exe
13⤵
PID:11504

C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
14⤵
PID:13416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11504 -s 216
14⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 236
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
12⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
11⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
10⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
11⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
12⤵
PID:11940

C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
13⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
12⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
11⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
9⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
8⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
8⤵
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
12⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
13⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
12⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
10⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
9⤵
- Program crash
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
12⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 220
8⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
7⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
8⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
11⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
12⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
13⤵
PID:11368

C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
14⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11368 -s 216
14⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
13⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
12⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
11⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
12⤵
PID:12024

C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
13⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 204
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
10⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
11⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
12⤵
PID:11740

C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
13⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
8⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-3127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3127.exe
11⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 236
12⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
8⤵
- Program crash
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
7⤵
- Program crash
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
6⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
8⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
10⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
12⤵
PID:11308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
13⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11308 -s 216
13⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 240
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
9⤵
- Program crash
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
10⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
11⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
12⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 220
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 220
10⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
8⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
7⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
9⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
11⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
12⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
12⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
11⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
10⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
8⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
7⤵
- Program crash
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
7⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
9⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
11⤵
PID:12228

C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
12⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12228 -s 216
12⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 204
11⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
10⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 220
9⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
8⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
7⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
6⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
5⤵
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
8⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
11⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
12⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
13⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 236
13⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 236
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
11⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
11⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
12⤵
PID:11704

C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
13⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 220
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
11⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 220
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
7⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
11⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
12⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28891.exe
13⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
12⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 220
11⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
10⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 220
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
10⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 220
7⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
7⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
10⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
11⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
12⤵
PID:11876

C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
13⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
12⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
10⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
11⤵
PID:11996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
11⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
10⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
8⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
9⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
10⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
11⤵
PID:11796

C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
12⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
11⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
10⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 220
7⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 220
6⤵
- Program crash
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
7⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
11⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
12⤵
PID:12192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
13⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
11⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22664.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
10⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
11⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
12⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
11⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
10⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
8⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
7⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
10⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-41388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41388.exe
11⤵
PID:11328

C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
12⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
11⤵
PID:13492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
10⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
9⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
8⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
7⤵
- Program crash
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
6⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
9⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
10⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
11⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
10⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
8⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
7⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
8⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
9⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
10⤵
PID:12020

C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 204
10⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
9⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
8⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
7⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
6⤵
- Program crash
PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
5⤵
- Program crash
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
11⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
12⤵
PID:12044

C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
13⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 204
12⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
11⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
10⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
11⤵
PID:11672

C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
12⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 220
11⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
10⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
7⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
10⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
10⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
11⤵
PID:11732

C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
12⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 236
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 220
10⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
7⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
6⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
7⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
9⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 212
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
8⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
7⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
8⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
9⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
10⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 220
10⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 220
9⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
8⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
7⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
6⤵
- Program crash
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
6⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
7⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
10⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 240
11⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 220
10⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
8⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
8⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
9⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 212
10⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
9⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
8⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
7⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
6⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
7⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
9⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
10⤵
PID:11756

C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
11⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11756 -s 216
11⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
10⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
9⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
8⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
7⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
6⤵
- Program crash
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
5⤵
- Program crash
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
4⤵
- Program crash
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
2⤵
- Program crash
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11066.exe

Filesize
184KB

MD5
4b3ce92c9e0fb2ded93dee8b7cd9c19e

SHA1
3d807368deb8fff00463458af2b4df8814d719ee

SHA256
609e969d4edbc9c4de0f0a04a43b034ee92282ad2032ac0195e44824e79da763

SHA512
1170681e9ff2c49b1427165f4f41495a2c65e3eb944230f2cca35a048bd0088459373e895f56b290ed87e9e36ee5969c8f29d87c5061ea6ef9d9ff4a635ef848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe

Filesize
184KB

MD5
f1740f0e546bb6d67d704fac2f575e76

SHA1
faac6d586046ce79573a6c906f1095df4846d48a

SHA256
8634828b4e413c8e9c02bb7328a94fba9322a8601d33777b8006ac84842fc602

SHA512
e60c78fd390a991abcb0a6d6df5f98309f3b592171a3c63fc49bc00fa52d38189bb0ff8eedd8e710d14da592cb5fcef6338df5c4587f9e58efa3fa4feccab15a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe

Filesize
184KB

MD5
b670bed2406df7c2ddaeba1e0600fc79

SHA1
c412351a9fa95dfed858b19b2ce852ae5aaab1be

SHA256
61b7c7baf25c82decc69f2bde42895666aafccd491f6b2eacd975a9a5b4def26

SHA512
83d510a6aec8dc59588dde8e99c442b0b4e6e46db35c8c29e4cf82c4efb93cc7d35ee85e01d8940b7d32f143b93348cc6563f2cf956725ed94c88cf0c06e1beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe

Filesize
184KB

MD5
b852aaab06a51edb6fd4396d68f06fb6

SHA1
6a67c628f732e07345776748409a9181caa0c3b2

SHA256
696357cfe2b19c80fe7141a424215a934bf8d6410dd418e89d620115f817d86c

SHA512
117faabfc80806472cfd1ead3a68e62109ef8b1fb0367c4e4429b180ddce3ed8f281293ea77c5e08fe67352993ef36d251d53519246409eeef96ddde75fe2fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe

Filesize
184KB

MD5
8ad5207353e156c34ca80b565fa06b3f

SHA1
d0e7c3acda2ec6701c55ba811e05a4d7cc6e3dff

SHA256
a3b106dbba1eb269bfd89b3efb38719cfbb20338a21e5108b486e2b5fd2a9f3c

SHA512
123cf9b55ce14e472767102b02418b80149c597168a79a94a653f8abc90f65d0aaa853e2ca1b579fd91f5bb9a0e8b6f075a2b1efac562704452b1f3e5a869794

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe

Filesize
184KB

MD5
4434f5ad95a1119103cae34782a23759

SHA1
3cb71180a953c90c45b80d28a0ae68ad12195cea

SHA256
a729121a08bff4639ad927d3073c2e64644bb04739cb36c0d88a379e3780b15c

SHA512
f57f297cd407c2b40c60adf0329d79e98d5b0c7f92932aef1cdf555325354f2559bea0912a0379cee8daba072009c792fac2fe79887fa7ac98f5d8fdfc542157

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe

Filesize
184KB

MD5
979bb18685858021f4af1e38ac0ceba8

SHA1
3afff069490a3570e763ad0ee7190a650f1c5bb1

SHA256
2447cdbba3fec7b9705bd54b506df4d5a7c7220ceeb597ef2b95848c1265cafc

SHA512
f8c93df2655dac34b70883cdf85181467aeacc3742f483c5d1fb19ce29f151c70d2a27068f8d10b4db3f88b0b54aa77814eb1ef6ceee246ed3753d32d944d27b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe

Filesize
184KB

MD5
28aa119226db824f8f8b2439971590ea

SHA1
005527af87197f290565ae2c45a8c2d26509fea7

SHA256
a40ff935190aada2453aebc07a48798e773bf4cda4e74b19bcd6610f1b5e3750

SHA512
2f3122142cb1581f12d1d732b2de05200804b4a70586def7d89b331fce27c505717adefdd539f7eb1e00e554bf36eb8cddd0214dc632bdf82a975f60a8f6f7a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe

Filesize
184KB

MD5
50c3691b1e89b015730e4b06b1e04b1b

SHA1
ca47a063c9e99cbb62513ba3dc1046c8e5e3a6ed

SHA256
b5d114bd2c124236b16eba216cc5141f3f4121337f3688e988aba4ccc0120686

SHA512
f7c80157c587c777e5b9ccf31eeb756c9c58f01b4207b522186d3df587d849520cc807a58f62011a2d22b7a3851fc2c9b2bc8b8ef1d7aba1a095bf1182bfe067

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe

Filesize
184KB

MD5
06d79f882cb5beb4865cb38e98b93084

SHA1
a0a6334ff048f0fa5a90890dbb667c2c7e16cae4

SHA256
735fa030eeb1c03097910abb7d0dd75248680ec744e987b179354128508b5b9f

SHA512
c42113234f441de68d8884f9c303cce06c544a5a46c052b31e68d54e69bd704848724efb71e352b3d09194359b73994bcc17a8a0e1087f551a24871529b7a8cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe

Filesize
184KB

MD5
f239c758c1366324a9d39805f3add4a6

SHA1
bb5c41d8cacc313aaa390e593839103946417c25

SHA256
acf992df33846f1c71b6f492d7050a2acfa1eae8c9d2e8c716e4daccaf1daf88

SHA512
bbf491c9f4ea45233424769ac517ffd2368a515a19af40bfcc4b303549ef3fef49ad96bba8dfb17ff8b79eceb8e0ab8606893791bd7e3a70d7bf2a25552983fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe

Filesize
184KB

MD5
a720c28dcfb3aee411dab5cb832f9fba

SHA1
532a0e103392c16dac2240534edfb7dcd7200955

SHA256
ec8287098437bd3e6567e6e6cda05bcc6b259d119e3efa0423357ee1ac900e6c

SHA512
cb3f7960d80b6c78b188182b8647a1d3f3283d6e219e8673bd696691fcb3e2556b365a443e1b096191719de8098ffc8c5f77524996bb4f8d4d6e3320ec689c79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe

Filesize
184KB

MD5
bd899116dba59fed3ea58578ff4f7c93

SHA1
529acbb2654ea8140dfef7948a2c7a0b0ef89110

SHA256
ff8e98dc01948e2e5d32c6b46e5c16a76239c4a646e2ae5c5fcddb943bc73dea

SHA512
b403e20195e2d02965fecfb27ed12dae11a4056b89fd21209571d005aca725e6326b9a182fc3167f50ffe7c81a6ff0874c6184d3a014aee26db6cf71f6da287f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe

Filesize
184KB

MD5
8e814c57479b7657469cac4f94e99de0

SHA1
4e91a0b5591580467133e66cf08cc93c56832440

SHA256
fd4182ef0400093a511a3ce8abeabf37592738f1feaaf8763a348ddecb40734f

SHA512
88396cc950a65a77743126d95b8547d65f964696072197acaa291fe949d8640cb86d6fd4d4d31c9c959c917f98ce19d4c6abc8714da879bc25434c91b25c79cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe

Filesize
184KB

MD5
969f4a3abab94458c7427f35f2d4757f

SHA1
db6c3e740a93d0e3929a14b3f43b8a06a642f899

SHA256
6e5f4309cbe652b3cf92fe655e95391d9d0cf6dd2fc7391a1433190d5b5fd6e3

SHA512
82d630f4324914c46b5ce80d13f114f143ad7b95d27f0e9bcf5d3e74a381434907f91e2bd21507847cc3958838c54f60e66ca061e4273ac12171572f6b2754be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe

Filesize
184KB

MD5
d214bc6ec9a7f3fd96121395f0577dec

SHA1
7c36adae0aea95cdbd01607241fdd59eeb7c1c8b

SHA256
c9a09d0c6c6fa85c338dae3a519244aa60ce9a61f74da212c1e732e9b42a9c3b

SHA512
513558f638117708935e83ce0a01b613dcea355c3ed5cbd6b1a0acc73f90a558a9afedb973ca1680ada2542d648ecb29730c7059802b95029ecf62886b9ed34f

Download Submit