3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
Size

184KB
MD5

8d8e44c02521b24403ee484a266cf0ae
SHA1

f1cddb40d7b0d79ab6ad7f68f32698921fd12a6f
SHA256

3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee
SHA512

f71a636a0c744b231403faa7f3cc176e293901d5bf92b51ea54fad698aff60109e18397de66ffacc3413463bbfaa6c186371869024858091cc2c8a7de243d53e
SSDEEP

3072:o1m3RxoN8Qv/dUifeBkLaWqmhlowiFrn3:o1mo9lUifLlqmhlowiFr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-16018.exeUnicorn-9878.exeUnicorn-28907.exeUnicorn-33589.exeUnicorn-35535.exeUnicorn-15669.exeUnicorn-15197.exeUnicorn-30142.exeUnicorn-19282.exeUnicorn-64953.exeUnicorn-21996.exeUnicorn-14943.exeUnicorn-47294.exeUnicorn-12805.exeUnicorn-27750.exeUnicorn-3568.exeUnicorn-34295.exeUnicorn-14429.exeUnicorn-38379.exeUnicorn-25333.exeUnicorn-62089.exeUnicorn-46308.exeUnicorn-56614.exeUnicorn-10942.exeUnicorn-29225.exeUnicorn-12888.exeUnicorn-43615.exeUnicorn-1191.exeUnicorn-1191.exeUnicorn-21057.exeUnicorn-49920.exeUnicorn-3412.exeUnicorn-58088.exeUnicorn-64310.exeUnicorn-44445.exeUnicorn-41752.exeUnicorn-58643.exeUnicorn-12971.exeUnicorn-21140.exeUnicorn-5358.exeUnicorn-42306.exeUnicorn-4803.exeUnicorn-60589.exeUnicorn-27170.exeUnicorn-44253.exeUnicorn-29308.exeUnicorn-6749.exeUnicorn-21694.exeUnicorn-41560.exeUnicorn-42219.exeUnicorn-48441.exeUnicorn-1933.exeUnicorn-62639.exeUnicorn-35997.exeUnicorn-1186.exeUnicorn-1186.exeUnicorn-61248.exeUnicorn-26437.exeUnicorn-50387.exeUnicorn-38689.exeUnicorn-58555.exeUnicorn-48804.exeUnicorn-33859.exeUnicorn-37943.exe

pid	process
2196	Unicorn-16018.exe
1764	Unicorn-9878.exe
2004	Unicorn-28907.exe
2552	Unicorn-33589.exe
2480	Unicorn-35535.exe
2456	Unicorn-15669.exe
2448	Unicorn-15197.exe
2948	Unicorn-30142.exe
2820	Unicorn-19282.exe
2936	Unicorn-64953.exe
832	Unicorn-21996.exe
1592	Unicorn-14943.exe
1628	Unicorn-47294.exe
1276	Unicorn-12805.exe
2240	Unicorn-27750.exe
2864	Unicorn-3568.exe
1292	Unicorn-34295.exe
2100	Unicorn-14429.exe
592	Unicorn-38379.exe
2080	Unicorn-25333.exe
1384	Unicorn-62089.exe
1940	Unicorn-46308.exe
1936	Unicorn-56614.exe
1880	Unicorn-10942.exe
1992	Unicorn-29225.exe
1960	Unicorn-12888.exe
2120	Unicorn-43615.exe
1380	Unicorn-1191.exe
1756	Unicorn-1191.exe
912	Unicorn-21057.exe
2176	Unicorn-49920.exe
2248	Unicorn-3412.exe
2644	Unicorn-58088.exe
1312	Unicorn-64310.exe
2104	Unicorn-44445.exe
2476	Unicorn-41752.exe
2556	Unicorn-58643.exe
380	Unicorn-12971.exe
2800	Unicorn-21140.exe
2988	Unicorn-5358.exe
2940	Unicorn-42306.exe
2692	Unicorn-4803.exe
2980	Unicorn-60589.exe
2992	Unicorn-27170.exe
1820	Unicorn-44253.exe
1588	Unicorn-29308.exe
1680	Unicorn-6749.exe
648	Unicorn-21694.exe
1144	Unicorn-41560.exe
1120	Unicorn-42219.exe
1948	Unicorn-48441.exe
2160	Unicorn-1933.exe
1100	Unicorn-62639.exe
1400	Unicorn-35997.exe
2896	Unicorn-1186.exe
2408	Unicorn-1186.exe
2908	Unicorn-61248.exe
2748	Unicorn-26437.exe
1812	Unicorn-50387.exe
2716	Unicorn-38689.exe
2632	Unicorn-58555.exe
2432	Unicorn-48804.exe
2464	Unicorn-33859.exe
1596	Unicorn-37943.exe

Loads dropped DLL 64 IoCs

Processes:

3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exeUnicorn-16018.exeUnicorn-9878.exeUnicorn-28907.exeWerFault.exeUnicorn-35535.exeUnicorn-33589.exeUnicorn-15669.exeWerFault.exeWerFault.exeUnicorn-15197.exeUnicorn-19282.exeUnicorn-21996.exeUnicorn-30142.exeUnicorn-64953.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
2196	Unicorn-16018.exe
2196	Unicorn-16018.exe
2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
1764	Unicorn-9878.exe
1764	Unicorn-9878.exe
2196	Unicorn-16018.exe
2196	Unicorn-16018.exe
2004	Unicorn-28907.exe
2004	Unicorn-28907.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2480	Unicorn-35535.exe
2480	Unicorn-35535.exe
2552	Unicorn-33589.exe
1764	Unicorn-9878.exe
2552	Unicorn-33589.exe
2004	Unicorn-28907.exe
1764	Unicorn-9878.exe
2004	Unicorn-28907.exe
2456	Unicorn-15669.exe
2456	Unicorn-15669.exe
1092	WerFault.exe
1092	WerFault.exe
1092	WerFault.exe
1092	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
1092	WerFault.exe
2040	WerFault.exe
2448	Unicorn-15197.exe
2448	Unicorn-15197.exe
2480	Unicorn-35535.exe
2480	Unicorn-35535.exe
2820	Unicorn-19282.exe
2820	Unicorn-19282.exe
2552	Unicorn-33589.exe
2552	Unicorn-33589.exe
832	Unicorn-21996.exe
832	Unicorn-21996.exe
2948	Unicorn-30142.exe
2456	Unicorn-15669.exe
2948	Unicorn-30142.exe
2456	Unicorn-15669.exe
2936	Unicorn-64953.exe
2936	Unicorn-64953.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
2472	WerFault.exe
1696	WerFault.exe
1152	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2588	2016	WerFault.exe	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
2964	2196	WerFault.exe	Unicorn-16018.exe
1092	1764	WerFault.exe	Unicorn-9878.exe
2040	2004	WerFault.exe	Unicorn-28907.exe
2472	2480	WerFault.exe	Unicorn-35535.exe
1696	2552	WerFault.exe	Unicorn-33589.exe
1152	2456	WerFault.exe	Unicorn-15669.exe
1604	2448	WerFault.exe	Unicorn-15197.exe
1724	2820	WerFault.exe	Unicorn-19282.exe
2360	832	WerFault.exe	Unicorn-21996.exe
1816	2948	WerFault.exe	Unicorn-30142.exe
2256	2936	WerFault.exe	Unicorn-64953.exe
1260	1628	WerFault.exe	Unicorn-47294.exe
452	1592	WerFault.exe	Unicorn-14943.exe
1076	1276	WerFault.exe	Unicorn-12805.exe
1504	2240	WerFault.exe	Unicorn-27750.exe
1700	2864	WerFault.exe	Unicorn-3568.exe
1652	1292	WerFault.exe	Unicorn-34295.exe
1180	592	WerFault.exe	Unicorn-38379.exe
1564	2100	WerFault.exe	Unicorn-14429.exe
2428	2080	WerFault.exe	Unicorn-25333.exe
1032	1384	WerFault.exe	Unicorn-62089.exe
684	1940	WerFault.exe	Unicorn-46308.exe
284	1880	WerFault.exe	Unicorn-10942.exe
2108	1936	WerFault.exe	Unicorn-56614.exe
3032	1992	WerFault.exe	Unicorn-29225.exe
2336	1960	WerFault.exe	Unicorn-12888.exe
2288	2120	WerFault.exe	Unicorn-43615.exe
2900	1380	WerFault.exe	Unicorn-1191.exe
2224	1756	WerFault.exe	Unicorn-1191.exe
2356	912	WerFault.exe	Unicorn-21057.exe
2872	2248	WerFault.exe	Unicorn-3412.exe
1776	1312	WerFault.exe	Unicorn-64310.exe
2584	2992	WerFault.exe	Unicorn-27170.exe
2268	2644	WerFault.exe	Unicorn-58088.exe
2676	2104	WerFault.exe	Unicorn-44445.exe
2952	380	WerFault.exe	Unicorn-12971.exe
3124	2940	WerFault.exe	Unicorn-42306.exe
3212	1144	WerFault.exe	Unicorn-41560.exe
3236	2800	WerFault.exe	Unicorn-21140.exe
3284	648	WerFault.exe	Unicorn-21694.exe
3324	1820	WerFault.exe	Unicorn-44253.exe
3944	1680	WerFault.exe	Unicorn-6749.exe
3292	2988	WerFault.exe	Unicorn-5358.exe
3376	1948	WerFault.exe	Unicorn-48441.exe
3400	2556	WerFault.exe	Unicorn-58643.exe
3432	2980	WerFault.exe	Unicorn-60589.exe
3556	1568	WerFault.exe	Unicorn-32489.exe
3572	1400	WerFault.exe	Unicorn-35997.exe
3616	2748	WerFault.exe	Unicorn-26437.exe
3652	2908	WerFault.exe	Unicorn-61248.exe
3676	2296	WerFault.exe	Unicorn-37943.exe
3728	1768	WerFault.exe	Unicorn-11300.exe
3768	2464	WerFault.exe	Unicorn-33859.exe
3784	1596	WerFault.exe	Unicorn-37943.exe
3788	2632	WerFault.exe	Unicorn-58555.exe
3828	1812	WerFault.exe	Unicorn-50387.exe
3860	2780	WerFault.exe	Unicorn-40635.exe
3900	336	WerFault.exe	Unicorn-36551.exe
3224	344	WerFault.exe	Unicorn-48249.exe
3264	2680	WerFault.exe	Unicorn-60501.exe
3532	2476	WerFault.exe	Unicorn-41752.exe
3680	2716	WerFault.exe	Unicorn-38689.exe
3752	2648	WerFault.exe	Unicorn-33065.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exeUnicorn-16018.exeUnicorn-9878.exeUnicorn-28907.exeUnicorn-33589.exeUnicorn-35535.exeUnicorn-15669.exeUnicorn-15197.exeUnicorn-19282.exeUnicorn-64953.exeUnicorn-30142.exeUnicorn-21996.exeUnicorn-47294.exeUnicorn-14943.exeUnicorn-12805.exeUnicorn-27750.exeUnicorn-14429.exeUnicorn-3568.exeUnicorn-34295.exeUnicorn-38379.exeUnicorn-25333.exeUnicorn-62089.exeUnicorn-46308.exeUnicorn-56614.exeUnicorn-10942.exeUnicorn-29225.exeUnicorn-12888.exeUnicorn-43615.exeUnicorn-1191.exeUnicorn-1191.exeUnicorn-21057.exeUnicorn-49920.exeUnicorn-3412.exeUnicorn-64310.exeUnicorn-58088.exeUnicorn-44445.exeUnicorn-41752.exeUnicorn-58643.exeUnicorn-12971.exeUnicorn-21140.exeUnicorn-5358.exeUnicorn-42306.exeUnicorn-4803.exeUnicorn-60589.exeUnicorn-27170.exeUnicorn-44253.exeUnicorn-29308.exeUnicorn-6749.exeUnicorn-41560.exeUnicorn-21694.exeUnicorn-42219.exeUnicorn-48441.exeUnicorn-1933.exeUnicorn-62639.exeUnicorn-35997.exeUnicorn-61248.exeUnicorn-26437.exeUnicorn-50387.exeUnicorn-38689.exeUnicorn-58555.exeUnicorn-37943.exeUnicorn-48804.exeUnicorn-33859.exeUnicorn-37943.exe

pid	process
2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
2196	Unicorn-16018.exe
1764	Unicorn-9878.exe
2004	Unicorn-28907.exe
2552	Unicorn-33589.exe
2480	Unicorn-35535.exe
2456	Unicorn-15669.exe
2448	Unicorn-15197.exe
2820	Unicorn-19282.exe
2936	Unicorn-64953.exe
2948	Unicorn-30142.exe
832	Unicorn-21996.exe
1628	Unicorn-47294.exe
1592	Unicorn-14943.exe
1276	Unicorn-12805.exe
2240	Unicorn-27750.exe
2100	Unicorn-14429.exe
2864	Unicorn-3568.exe
1292	Unicorn-34295.exe
592	Unicorn-38379.exe
2080	Unicorn-25333.exe
1384	Unicorn-62089.exe
1940	Unicorn-46308.exe
1936	Unicorn-56614.exe
1880	Unicorn-10942.exe
1992	Unicorn-29225.exe
1960	Unicorn-12888.exe
2120	Unicorn-43615.exe
1380	Unicorn-1191.exe
1756	Unicorn-1191.exe
912	Unicorn-21057.exe
2176	Unicorn-49920.exe
2248	Unicorn-3412.exe
1312	Unicorn-64310.exe
2644	Unicorn-58088.exe
2104	Unicorn-44445.exe
2476	Unicorn-41752.exe
2556	Unicorn-58643.exe
380	Unicorn-12971.exe
2800	Unicorn-21140.exe
2988	Unicorn-5358.exe
2940	Unicorn-42306.exe
2692	Unicorn-4803.exe
2980	Unicorn-60589.exe
2992	Unicorn-27170.exe
1820	Unicorn-44253.exe
1588	Unicorn-29308.exe
1680	Unicorn-6749.exe
1144	Unicorn-41560.exe
648	Unicorn-21694.exe
1120	Unicorn-42219.exe
1948	Unicorn-48441.exe
2160	Unicorn-1933.exe
1100	Unicorn-62639.exe
1400	Unicorn-35997.exe
2908	Unicorn-61248.exe
2748	Unicorn-26437.exe
1812	Unicorn-50387.exe
2716	Unicorn-38689.exe
2632	Unicorn-58555.exe
1596	Unicorn-37943.exe
2432	Unicorn-48804.exe
2464	Unicorn-33859.exe
2296	Unicorn-37943.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exeUnicorn-16018.exeUnicorn-9878.exeUnicorn-28907.exeUnicorn-35535.exeUnicorn-33589.exeUnicorn-15669.exeUnicorn-15197.exe

description	pid	process	target process
PID 2016 wrote to memory of 2196	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-16018.exe
PID 2016 wrote to memory of 2196	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-16018.exe
PID 2016 wrote to memory of 2196	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-16018.exe
PID 2016 wrote to memory of 2196	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-16018.exe
PID 2196 wrote to memory of 1764	2196	Unicorn-16018.exe	Unicorn-9878.exe
PID 2196 wrote to memory of 1764	2196	Unicorn-16018.exe	Unicorn-9878.exe
PID 2196 wrote to memory of 1764	2196	Unicorn-16018.exe	Unicorn-9878.exe
PID 2196 wrote to memory of 1764	2196	Unicorn-16018.exe	Unicorn-9878.exe
PID 2016 wrote to memory of 2004	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-28907.exe
PID 2016 wrote to memory of 2004	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-28907.exe
PID 2016 wrote to memory of 2004	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-28907.exe
PID 2016 wrote to memory of 2004	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	Unicorn-28907.exe
PID 2016 wrote to memory of 2588	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	WerFault.exe
PID 2016 wrote to memory of 2588	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	WerFault.exe
PID 2016 wrote to memory of 2588	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	WerFault.exe
PID 2016 wrote to memory of 2588	2016	3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe	WerFault.exe
PID 1764 wrote to memory of 2552	1764	Unicorn-9878.exe	Unicorn-33589.exe
PID 1764 wrote to memory of 2552	1764	Unicorn-9878.exe	Unicorn-33589.exe
PID 1764 wrote to memory of 2552	1764	Unicorn-9878.exe	Unicorn-33589.exe
PID 1764 wrote to memory of 2552	1764	Unicorn-9878.exe	Unicorn-33589.exe
PID 2196 wrote to memory of 2456	2196	Unicorn-16018.exe	Unicorn-15669.exe
PID 2196 wrote to memory of 2456	2196	Unicorn-16018.exe	Unicorn-15669.exe
PID 2196 wrote to memory of 2456	2196	Unicorn-16018.exe	Unicorn-15669.exe
PID 2196 wrote to memory of 2456	2196	Unicorn-16018.exe	Unicorn-15669.exe
PID 2004 wrote to memory of 2480	2004	Unicorn-28907.exe	Unicorn-35535.exe
PID 2004 wrote to memory of 2480	2004	Unicorn-28907.exe	Unicorn-35535.exe
PID 2004 wrote to memory of 2480	2004	Unicorn-28907.exe	Unicorn-35535.exe
PID 2004 wrote to memory of 2480	2004	Unicorn-28907.exe	Unicorn-35535.exe
PID 2196 wrote to memory of 2964	2196	Unicorn-16018.exe	WerFault.exe
PID 2196 wrote to memory of 2964	2196	Unicorn-16018.exe	WerFault.exe
PID 2196 wrote to memory of 2964	2196	Unicorn-16018.exe	WerFault.exe
PID 2196 wrote to memory of 2964	2196	Unicorn-16018.exe	WerFault.exe
PID 2480 wrote to memory of 2448	2480	Unicorn-35535.exe	Unicorn-15197.exe
PID 2480 wrote to memory of 2448	2480	Unicorn-35535.exe	Unicorn-15197.exe
PID 2480 wrote to memory of 2448	2480	Unicorn-35535.exe	Unicorn-15197.exe
PID 2480 wrote to memory of 2448	2480	Unicorn-35535.exe	Unicorn-15197.exe
PID 2552 wrote to memory of 2820	2552	Unicorn-33589.exe	Unicorn-19282.exe
PID 2552 wrote to memory of 2820	2552	Unicorn-33589.exe	Unicorn-19282.exe
PID 2552 wrote to memory of 2820	2552	Unicorn-33589.exe	Unicorn-19282.exe
PID 2552 wrote to memory of 2820	2552	Unicorn-33589.exe	Unicorn-19282.exe
PID 1764 wrote to memory of 2948	1764	Unicorn-9878.exe	Unicorn-30142.exe
PID 1764 wrote to memory of 2948	1764	Unicorn-9878.exe	Unicorn-30142.exe
PID 1764 wrote to memory of 2948	1764	Unicorn-9878.exe	Unicorn-30142.exe
PID 1764 wrote to memory of 2948	1764	Unicorn-9878.exe	Unicorn-30142.exe
PID 2004 wrote to memory of 2936	2004	Unicorn-28907.exe	Unicorn-64953.exe
PID 2004 wrote to memory of 2936	2004	Unicorn-28907.exe	Unicorn-64953.exe
PID 2004 wrote to memory of 2936	2004	Unicorn-28907.exe	Unicorn-64953.exe
PID 2004 wrote to memory of 2936	2004	Unicorn-28907.exe	Unicorn-64953.exe
PID 2456 wrote to memory of 832	2456	Unicorn-15669.exe	Unicorn-21996.exe
PID 2456 wrote to memory of 832	2456	Unicorn-15669.exe	Unicorn-21996.exe
PID 2456 wrote to memory of 832	2456	Unicorn-15669.exe	Unicorn-21996.exe
PID 2456 wrote to memory of 832	2456	Unicorn-15669.exe	Unicorn-21996.exe
PID 1764 wrote to memory of 1092	1764	Unicorn-9878.exe	WerFault.exe
PID 1764 wrote to memory of 1092	1764	Unicorn-9878.exe	WerFault.exe
PID 1764 wrote to memory of 1092	1764	Unicorn-9878.exe	WerFault.exe
PID 1764 wrote to memory of 1092	1764	Unicorn-9878.exe	WerFault.exe
PID 2004 wrote to memory of 2040	2004	Unicorn-28907.exe	WerFault.exe
PID 2004 wrote to memory of 2040	2004	Unicorn-28907.exe	WerFault.exe
PID 2004 wrote to memory of 2040	2004	Unicorn-28907.exe	WerFault.exe
PID 2004 wrote to memory of 2040	2004	Unicorn-28907.exe	WerFault.exe
PID 2448 wrote to memory of 1592	2448	Unicorn-15197.exe	Unicorn-14943.exe
PID 2448 wrote to memory of 1592	2448	Unicorn-15197.exe	Unicorn-14943.exe
PID 2448 wrote to memory of 1592	2448	Unicorn-15197.exe	Unicorn-14943.exe
PID 2448 wrote to memory of 1592	2448	Unicorn-15197.exe	Unicorn-14943.exe

C:\Users\Admin\AppData\Local\Temp\3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe
"C:\Users\Admin\AppData\Local\Temp\3d22ecb51024b86527c69400985925b0225fdfc4e84a91eebef42beb503bf7ee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
10⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
11⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
12⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
13⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
14⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
15⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
15⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
14⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
13⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
12⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
11⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
10⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
9⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
10⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
11⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
12⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
13⤵
PID:11444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
14⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
12⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
10⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 220
9⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
9⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
11⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
12⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
13⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
14⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 236
14⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
13⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
12⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
9⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
8⤵
- Program crash
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
8⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
9⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
12⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
13⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 236
12⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
10⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
9⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
10⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
11⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
12⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
13⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 236
13⤵
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
12⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 236
11⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
7⤵
- Program crash
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
8⤵
- Executes dropped EXE
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
8⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
10⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
11⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
12⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
13⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
14⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
14⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
13⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
12⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
11⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
9⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
8⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
10⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
11⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
12⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
13⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
12⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 236
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
8⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
7⤵
- Program crash
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
6⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
8⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
8⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
12⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
13⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
14⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 236
14⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 220
13⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 220
12⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
11⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
9⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
8⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
11⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-29651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29651.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
13⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
14⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
14⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
13⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
12⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
11⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
10⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
11⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
12⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
13⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 220
13⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 236
12⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
10⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
9⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
- Program crash
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
7⤵
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
8⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-46407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46407.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
11⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
12⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
13⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 220
13⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
12⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
9⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
8⤵
- Program crash
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
9⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
10⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
11⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
12⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 236
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
11⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
10⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
8⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
7⤵
- Program crash
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
6⤵
- Program crash
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
9⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
11⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
12⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
13⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
14⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 236
14⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
13⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
12⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
10⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
9⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
8⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
11⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
12⤵
PID:11344

C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
13⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
11⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
9⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 220
8⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
7⤵
- Program crash
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
11⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20775.exe
12⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
13⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
13⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
12⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 216
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
8⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
10⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
11⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 236
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
6⤵
- Program crash
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
8⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
11⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
12⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
13⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
12⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
11⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
8⤵
- Program crash
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
7⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
9⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
10⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 220
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
10⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
8⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
7⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
6⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
7⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
11⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 220
12⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
9⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
10⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
11⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
12⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
12⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
9⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
8⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
7⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
6⤵
- Program crash
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
5⤵
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
9⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
10⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
11⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
12⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
13⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
14⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
14⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
13⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
12⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
11⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
12⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 236
13⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
12⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
11⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
11⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
12⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 236
13⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
12⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
11⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
9⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 220
8⤵
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
11⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
12⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
13⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
13⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
12⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
11⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
9⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
8⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
7⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
7⤵
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
8⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
10⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10844.exe
11⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 236
12⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
11⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
7⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
6⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
9⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
11⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
12⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
13⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
12⤵
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
9⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
8⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 224
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
10⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
8⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
7⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
6⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
7⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
11⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 236
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 236
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
8⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
7⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
9⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
10⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
11⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
11⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
10⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
8⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
7⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
6⤵
- Program crash
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
5⤵
- Program crash
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
7⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
10⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
11⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 236
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 216
7⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
6⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
7⤵
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
8⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
7⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
6⤵
- Program crash
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
6⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
7⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
11⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
11⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 236
10⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
7⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
10⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 240
11⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
10⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
9⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
8⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
7⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
6⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
7⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
9⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
10⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 236
11⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
10⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
8⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
7⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
6⤵
- Program crash
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Program crash
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
9⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
10⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
11⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
12⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
13⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
14⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
14⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 236
13⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
12⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
11⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
10⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
9⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
8⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
11⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
13⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
13⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
12⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
9⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
8⤵
- Program crash
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
7⤵
- Program crash
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
7⤵
- Executes dropped EXE
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
10⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
11⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
12⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
13⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
13⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
9⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
8⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 220
7⤵
- Program crash
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
6⤵
- Program crash
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
11⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
12⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
13⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 240
14⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
13⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
12⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
9⤵
- Program crash
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
11⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
12⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
13⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 220
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
10⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
9⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
8⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
7⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
10⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
12⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
13⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 236
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
8⤵
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
10⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
11⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
13⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 220
13⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
10⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
11⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 236
12⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
11⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
10⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
8⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
9⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
11⤵
PID:11408

C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
10⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
9⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
7⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
5⤵
- Program crash
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
8⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
11⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
12⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
13⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
13⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 220
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
9⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
8⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
9⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
11⤵
PID:11276

C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
10⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
9⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
8⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
7⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
11⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 236
12⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
11⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
10⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
7⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
9⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
10⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
11⤵
PID:11532

C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 236
11⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 236
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
8⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
7⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
6⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-57481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57481.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
11⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
12⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
13⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
12⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-50771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50771.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
10⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
11⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
12⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
10⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
8⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
7⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
6⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
8⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
9⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
12⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
12⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
10⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
8⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
7⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
6⤵
- Program crash
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
6⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
7⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
11⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 220
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
8⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
7⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
8⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
9⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
10⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 220
11⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
10⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
9⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
8⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
7⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
6⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
5⤵
- Program crash
PID:1180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
4⤵
- Program crash
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
2⤵
- Program crash
PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe

Filesize
184KB

MD5
f1b646684e1b9296a4a5f2b0f4719e67

SHA1
a3de87de7348154e8c9d680dca656cf065379059

SHA256
f6b6880975fca48d2a895017a126da6215dc0e6cc4f90bc3cf8d605ff089f2ff

SHA512
c545ea33d4708f4a8d8d32532aa27a7f01e8ee68aee3abc3072c261ab6c93783362f4d28ce3449634955a2a61a9ec4a16f3f3d0222815039c61b86f4ae911a1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe

Filesize
184KB

MD5
1b8473efe37fb4940d4140b63afd209d

SHA1
1ba7d4b52cd5d1e250fedac97c157c720bc48105

SHA256
c906c988f5861ed974f918bfb1a8b85af9a29e86ed4cd255f37e4cb6964eadbb

SHA512
454d31d565643eb7cfa1651aff2523b4e441ef26192544ebad075aa4fd2121110bc18e2bd41fa8b09ce3a1599313ee07173c372b4c18748e8bb46856b5e452b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe

Filesize
184KB

MD5
235fd205ec116880085183e6d9cc9b5e

SHA1
58bd594f7788ccfc906ab6a2b5a98c655346ce15

SHA256
15b9ed0edba94f712311e070097f2cf0d96f8a5756d741486ad6164d119b34b9

SHA512
affb78b982319162b2cd47b937a51eb7683d233fdd4f735e4d8ae9957671c02314645b6704f7974272dde25fdbc2f29995b33333c00139e31c58300d722c9860

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe

Filesize
184KB

MD5
e9c342a4de1ad98aac74aef3cb4b0e56

SHA1
38e787e878ae71fdfb08173b34a65869f17b9bfa

SHA256
30f7e2c7fac6a67b7c909bb4c7913e0b8e788c2e03199f7253ee6161656797b7

SHA512
f873e3dc5ce524b3b43bb56cc1efad26dbf24b0f8da6d3edd1b75d8015ebc6a683b1b39a96da8d833c6e4fbd8d21cd4f8e217b448a0c55e334fb366e2d53046f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe

Filesize
184KB

MD5
3f448e7b0becc83a6e3d8adc31e641c3

SHA1
2134184edd418b9b01032ef18e15c2be43cc67e9

SHA256
8025f93e9b585a11bf068fc345e21918828b92813a4e6d9d3bf6dd1f0bae2cb8

SHA512
a68da97e191eb03b1c1e45824154dc55e9900c265eb12cbb6f02de072aa4f223c02c74ee1441bb6a50ffbfe60dc45e2ec91e84228d5add99f3295a53e8f2923c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe

Filesize
184KB

MD5
2c5d11929b1a6393a221571030b61328

SHA1
3a2b317c2a49e4d38e7d191289f6bc9f9b765511

SHA256
1de632c2ea9021820a98b96010dcb8a577569a7e4ce7056996bc0869116c1ac6

SHA512
987a654df2e33e88782f90b9a532c62b5311e2ecbf2ad475b15237ff56094fadb53fababf6d7ac51e7b672039bd2232e4ab94ce37a2cf0e7af70af804f86ba15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe

Filesize
184KB

MD5
7b03f964494f6718571a27ff3d57416f

SHA1
d0abf0fcb4c433379719b8b774a94a98f93a8f95

SHA256
7c7088744e0e8213acdc7cabfa15bf963e2dd3700ecf2d9bde09599a21b9d94a

SHA512
06760818878edca8a4ec1b62c79bafdacccf2315d8367fa89bb997db10178e659bc84ef9c057d21ec68a94b3735d540dcbfd445a281ac174941c6a9ec70f3650

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe

Filesize
184KB

MD5
1ca3528d0d539fd9815a3938e3e75fe3

SHA1
c7ad44449e8b92fd5a3ceb96a078543d12ee47ca

SHA256
fc55dfae044ffa849d7152b99a4fe5da29b89f91b16e421768ce9516a2e079ef

SHA512
87d5cb107661807d12b1eaf8765cb13209710937808062932bfa4210caf52151693de2948eea21a775424c35945e5894b5228616070de8fd08823f7555094457

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe

Filesize
184KB

MD5
da6b4d479da21cf7e9d470fb09c9c713

SHA1
0a4b5a704e5e258803935731fa68e42b3e9d0733

SHA256
312596e3d8a3f2737c0753d28ac9f42a992cef8326750a8a0ef8100c114b14ca

SHA512
a6fcee115a8eba1ce5e9f40661f9bffb54ff46ec28402ad3c544fba820274cf8cad92123ee5852826c3e9b68cbb0c286d9a04d462ddf24472699522c3c576e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe

Filesize
184KB

MD5
3a198fcd737198a00f611b068b4062e4

SHA1
8e6377c9808ff5ff9b7d02a29737781e73f76a57

SHA256
b64d8452f663c0bd2574cec6824eb3a9d4641dfda31d26560bbf71ecccebf656

SHA512
8dd84ee4b5d257471171fc1cbeb094e11c9e0b670efca8b47f1a89974ebe9b23743976fe96082b26850c57ea51a0250867a2c67777e0bfe007b7c5170fc05804

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe

Filesize
184KB

MD5
227f69d9ea61f89e92c7149ef944cf0d

SHA1
901f68574aff0194dd303f6a9114195c03ee49c4

SHA256
c345bd6c0cfd230fb1ecfb05aec48ee46cab3ddcc29eb70e5ae907af800efd55

SHA512
db2c5ef535797d4a5f325e822ce40c76ea0e7f93a2c2c66ef278d5b3fab22ded95b3d1285142eb096d20b29fa979700d1836917419ed013747825723732ebd90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe

Filesize
184KB

MD5
3aceebb3287fb244b991f66c240730c8

SHA1
6d41158c204aaa3f0516a89d84ae18601557e487

SHA256
4eee1779f4c3ee91b5235847773ece8d6440a71805266d93459d5d83586c4c1b

SHA512
d830ea2ec79a5d0965e99c827a9c46e45b63f651e6e56f7bc4eb97755e629b485c43914c607d51962720f2feef585e553751e8270fdd44b7e449ace39e317231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe

Filesize
184KB

MD5
b1b7fe5f4188879d049475981a8ae6d1

SHA1
c4ed8fef06e76390e7241ef58af3781b993f62b9

SHA256
7b74dc7c31c4d6182c627992c3cec14d630e77838213b4e024181f7ac64caff1

SHA512
2c14c48503502ff24b56ab7dbc13129ee25cf6d1faf36ef7908d40e96a954b1ed752205b980979d1b59b95557ee019b3e73aeab83f73c33ebb7303edc19fd696

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe

Filesize
184KB

MD5
ede403c3548418ccc507fa45829c2a13

SHA1
2a34ec534f41ad3dc8a0a3fb4f442eb87f3fb42d

SHA256
30bfa48d2148fe30fe4be524dfe6c9af3fa67a144ea6bc40fb1aa16a57bfbd64

SHA512
3650f3cd398c7aeadcef3137c65a6fa421f561d23e57d755407525c8fedb5f0a45528f18a237c7a3f41503e805228d31a8ba076fc47d14418e6fb75c469b4ebe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe

Filesize
184KB

MD5
e83979b676e79109689b56786ce1d079

SHA1
baac5fc98425146d135798ec7bcd2fe8e738671b

SHA256
04ac0b6505e0ad25de9f6f9db1dccd853b2d209c498e2ace85a789ffbef6c989

SHA512
66e51ff8f0c9a789e3bc170627f60095919f06fd7a20dac298bf095d07b64301c3f590004ef99302fb8ed8e4e892fe19f46e37c5ce74f0dbdd60589893088ebb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe

Filesize
184KB

MD5
833028ef37a6df48e7c054821a3acba6

SHA1
da6b4aefa4ca7106bf6b92b6a8f79a920374f55e

SHA256
83ae4a061b493e1da0409dd78f6d7c79ab15056d5d2f5961b9321de0ee5b6e36

SHA512
68a9c7fbb24498926fcf1224e5d25618a8bc53fc97704fe2019ae058fc0f598ee81bc6ca21cbcd9613ae511d613097eaa5e187f2d3ff0e88ee29b0b8caab5b2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe

Filesize
184KB

MD5
8768a49707e5ce793991e86460abd52c

SHA1
070bf3d93f2c85d2c8ec42211492e01a010cf73b

SHA256
39d26307a5e2dab4ee82bbc4a9d86a627d026c2f356bd7b22914ac9fa3c7f1c5

SHA512
5af90e36601690f45ebb3eee2ec2e8fc9fc7996624a5425172abf8fcac6f95f2207efb793c3c6d427b5e46402360ba685826d98901a98d656ed308545e2b66bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe

Filesize
184KB

MD5
c2b605642f801ee60b78d0c372363910

SHA1
c836893a941fa0dfe3686f7e88f8911ea6c83f90

SHA256
891003f2a771e3cab5d28f34159de1731dc2b70160b26dd1497c0b940eb4af4f

SHA512
c678e97752977d9930bf8a92c8a61f3aec2ac9482e9d4ee39788d9ad38c47071f8a0bb3d1a873bc9c98b567965896ca77da169ca55571ecfb85176c2a3e6ea7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe

Filesize
184KB

MD5
d67b3b8c7de2c35ba8ed06fdd985af63

SHA1
32616aa54987e13a47a34fd5b584444cb70f3a2f

SHA256
903956872720d71b74f101777f87467404f3ce7bee4919ff9a070f52bd2cdaee

SHA512
8cdf834a15c01c646fb6ab385c029523f638758c5bac1cc356304313320076ae68b338f84e82d4245a781449b37ce2bcbe1fc05548dde2117c1bbd2ffa597483

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe

Filesize
184KB

MD5
276b2c07100da035d18141d67ebcd926

SHA1
ffbd65b864a53602d09a1347869d9af67624b086

SHA256
76156f537becea9e2d27009a32db7d9ecb0a0ca16bc657a57cadba505ec70c60

SHA512
5f0d88cc5cd178ddb32b21a3b6173739862ff5aaf5fa1a29b79c31f7a92e5285c69a47ae2579002652e508cf58c8dbcaca8da73dcd1f7859c19703778c38cf0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe

Filesize
184KB

MD5
a5c7de34b344241af59fe96827088374

SHA1
60c798c5710376ac3d22df8961cbf62e0bcdbee1

SHA256
1bead4263248b5024d7e9c488f0feb78d680f2e0e85575e0e0710a4127042ca1

SHA512
00894b589f304b5ecdd933ff9ff4e828eb4b58bae1c48eb1dc862efb127c84a25b09c555581cea8832f1fc7c65db5b74e8775dde6321b965bdbbcdae98cdb24a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe

Filesize
184KB

MD5
f235b09796d67fa0adebb6c7d4f09d55

SHA1
029555f9304c15c8f91f864af23756604e409ac2

SHA256
f72395eab129c1aa6df1c26e6dc377fbadaeaa35a451165b139ba016f7222f4f

SHA512
7fc9064a963d2faa5c6efcf1328ef9bc090ba56b63602cc1df8009cc7fac3f1b1c8f9059b5ca98eb25729d067e4b45864e1e28a0d6d9f91c9bcc2656599d4cff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe

Filesize
184KB

MD5
50ebc11d550632f9c2a63aa40c38b90e

SHA1
bc1efc134b458ff7affd8dbd650c4f5812e75859

SHA256
d5ba60a069f2e78f61e3f540e5bf00084fdca589e409584cdd5cfb3476388c64

SHA512
d63f31aba461e2c277e2f2cc3541ba1bdaf4eec5c38886c0ee307a36428c8e055782cbe670d841ade0294f3f624384765455bb6164aa0d73bde86486f6884193

Download Submit