94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
Size

184KB
MD5

b462a2d4060e0442b21a71e1ad640a32
SHA1

07d1ba1f6d5f8281c3f03f25e25e1f253ca12a5d
SHA256

94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f
SHA512

b07501f4071d515d8e65c2766d18246d1644e951b6b8ba43d8a4bd17e63c6e381be21d60fec6c6ed012f0de403ba29d49f0e45bce0a93723755307c3c505f2e2
SSDEEP

3072:ERkuHEolN5h5dW+pezwLkxfPIK4PIGCOXHfCO5/CUD5vlnVOFFnT:ERuob3W+PLwfPId3P9vlnVOFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-12604.exeUnicorn-41072.exeUnicorn-21206.exeUnicorn-24340.exeUnicorn-17899.exeUnicorn-20168.exeUnicorn-22281.exeUnicorn-21705.exeUnicorn-30837.exeUnicorn-50703.exeUnicorn-47859.exeUnicorn-21802.exeUnicorn-1936.exeUnicorn-38387.exeUnicorn-39347.exeUnicorn-12512.exeUnicorn-34966.exeUnicorn-57233.exeUnicorn-19770.exeUnicorn-39636.exeUnicorn-40212.exeUnicorn-20346.exeUnicorn-1213.exeUnicorn-38100.exeUnicorn-52853.exeUnicorn-21655.exeUnicorn-21655.exeUnicorn-1789.exeUnicorn-56946.exeUnicorn-4538.exeUnicorn-56370.exeUnicorn-39218.exeUnicorn-28824.exeUnicorn-47730.exeUnicorn-12213.exeUnicorn-32079.exeUnicorn-10075.exeUnicorn-18374.exeUnicorn-50444.exeUnicorn-11035.exeUnicorn-30901.exeUnicorn-32655.exeUnicorn-28319.exeUnicorn-48185.exeUnicorn-34480.exeUnicorn-45149.exeUnicorn-63898.exeUnicorn-18227.exeUnicorn-437.exeUnicorn-35056.exeUnicorn-63478.exeUnicorn-62362.exeUnicorn-13654.exeUnicorn-6057.exeUnicorn-36592.exeUnicorn-56794.exeUnicorn-11122.exeUnicorn-11122.exeUnicorn-56794.exeUnicorn-32420.exeUnicorn-57754.exeUnicorn-57754.exeUnicorn-12082.exeUnicorn-44049.exe

pid	process
2844	Unicorn-12604.exe
2508	Unicorn-41072.exe
2560	Unicorn-21206.exe
2576	Unicorn-24340.exe
2504	Unicorn-17899.exe
2412	Unicorn-20168.exe
380	Unicorn-22281.exe
1600	Unicorn-21705.exe
2400	Unicorn-30837.exe
1052	Unicorn-50703.exe
616	Unicorn-47859.exe
628	Unicorn-21802.exe
860	Unicorn-1936.exe
2760	Unicorn-38387.exe
3052	Unicorn-39347.exe
2908	Unicorn-12512.exe
576	Unicorn-34966.exe
1164	Unicorn-57233.exe
2964	Unicorn-19770.exe
2900	Unicorn-39636.exe
352	Unicorn-40212.exe
1372	Unicorn-20346.exe
1832	Unicorn-1213.exe
1092	Unicorn-38100.exe
2212	Unicorn-52853.exe
2040	Unicorn-21655.exe
1764	Unicorn-21655.exe
2032	Unicorn-1789.exe
2600	Unicorn-56946.exe
3060	Unicorn-4538.exe
2724	Unicorn-56370.exe
2612	Unicorn-39218.exe
2648	Unicorn-28824.exe
356	Unicorn-47730.exe
2632	Unicorn-12213.exe
2492	Unicorn-32079.exe
2780	Unicorn-10075.exe
1704	Unicorn-18374.exe
1680	Unicorn-50444.exe
332	Unicorn-11035.exe
1648	Unicorn-30901.exe
768	Unicorn-32655.exe
2036	Unicorn-28319.exe
2756	Unicorn-48185.exe
2516	Unicorn-34480.exe
324	Unicorn-45149.exe
1108	Unicorn-63898.exe
1496	Unicorn-18227.exe
3028	Unicorn-437.exe
3024	Unicorn-35056.exe
1796	Unicorn-63478.exe
312	Unicorn-62362.exe
3044	Unicorn-13654.exe
2252	Unicorn-6057.exe
1724	Unicorn-36592.exe
1616	Unicorn-56794.exe
2004	Unicorn-11122.exe
2336	Unicorn-11122.exe
2856	Unicorn-56794.exe
2616	Unicorn-32420.exe
2540	Unicorn-57754.exe
2520	Unicorn-57754.exe
2644	Unicorn-12082.exe
2452	Unicorn-44049.exe

Loads dropped DLL 64 IoCs

Processes:

94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exeUnicorn-12604.exeUnicorn-41072.exeUnicorn-21206.exeWerFault.exeUnicorn-17899.exeUnicorn-20168.exeUnicorn-24340.exeWerFault.exeWerFault.exeUnicorn-22281.exeUnicorn-30837.exeUnicorn-47859.exeUnicorn-50703.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
2844	Unicorn-12604.exe
2844	Unicorn-12604.exe
2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
2508	Unicorn-41072.exe
2508	Unicorn-41072.exe
2844	Unicorn-12604.exe
2844	Unicorn-12604.exe
2560	Unicorn-21206.exe
2560	Unicorn-21206.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
2504	Unicorn-17899.exe
2504	Unicorn-17899.exe
2412	Unicorn-20168.exe
2412	Unicorn-20168.exe
2560	Unicorn-21206.exe
2576	Unicorn-24340.exe
2560	Unicorn-21206.exe
2576	Unicorn-24340.exe
2508	Unicorn-41072.exe
2508	Unicorn-41072.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
380	Unicorn-22281.exe
380	Unicorn-22281.exe
2504	Unicorn-17899.exe
2504	Unicorn-17899.exe
2400	Unicorn-30837.exe
2400	Unicorn-30837.exe
616	Unicorn-47859.exe
616	Unicorn-47859.exe
1052	Unicorn-50703.exe
1052	Unicorn-50703.exe
2576	Unicorn-24340.exe
2576	Unicorn-24340.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1868	WerFault.exe
1808	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2572	2264	WerFault.exe	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
3036	2844	WerFault.exe	Unicorn-12604.exe
1948	2508	WerFault.exe	Unicorn-41072.exe
2196	2560	WerFault.exe	Unicorn-21206.exe
2920	2504	WerFault.exe	Unicorn-17899.exe
1868	2412	WerFault.exe	Unicorn-20168.exe
1808	2576	WerFault.exe	Unicorn-24340.exe
3032	1092	WerFault.exe	Unicorn-38100.exe
2248	380	WerFault.exe	Unicorn-22281.exe
2060	2400	WerFault.exe	Unicorn-30837.exe
2784	1600	WerFault.exe	Unicorn-21705.exe
1620	616	WerFault.exe	Unicorn-47859.exe
2284	1052	WerFault.exe	Unicorn-50703.exe
1712	628	WerFault.exe	Unicorn-21802.exe
1984	860	WerFault.exe	Unicorn-1936.exe
2348	2760	WerFault.exe	Unicorn-38387.exe
1768	576	WerFault.exe	Unicorn-34966.exe
3008	2908	WerFault.exe	Unicorn-12512.exe
2344	1164	WerFault.exe	Unicorn-57233.exe
1436	2964	WerFault.exe	Unicorn-19770.exe
1636	2900	WerFault.exe	Unicorn-39636.exe
2388	1764	WerFault.exe	Unicorn-21655.exe
2328	352	WerFault.exe	Unicorn-40212.exe
348	1832	WerFault.exe	Unicorn-1213.exe
2100	1372	WerFault.exe	Unicorn-20346.exe
1280	2040	WerFault.exe	Unicorn-21655.exe
1932	2032	WerFault.exe	Unicorn-1789.exe
2012	2212	WerFault.exe	Unicorn-52853.exe
2488	3052	WerFault.exe	Unicorn-39347.exe
2568	3060	WerFault.exe	Unicorn-4538.exe
1960	2600	WerFault.exe	Unicorn-56946.exe
2748	2724	WerFault.exe	Unicorn-56370.exe
3020	2612	WerFault.exe	Unicorn-39218.exe
1564	2648	WerFault.exe	Unicorn-28824.exe
304	356	WerFault.exe	Unicorn-47730.exe
2892	2492	WerFault.exe	Unicorn-32079.exe
2652	1704	WerFault.exe	Unicorn-18374.exe
2332	2632	WerFault.exe	Unicorn-12213.exe
1484	2780	WerFault.exe	Unicorn-10075.exe
1592	768	WerFault.exe	Unicorn-32655.exe
2944	332	WerFault.exe	Unicorn-11035.exe
1776	1680	WerFault.exe	Unicorn-50444.exe
3884	2036	WerFault.exe	Unicorn-28319.exe
3900	2756	WerFault.exe	Unicorn-48185.exe
3928	2516	WerFault.exe	Unicorn-34480.exe
3952	3680	WerFault.exe	Unicorn-65216.exe
3968	1108	WerFault.exe	Unicorn-63898.exe
4012	1496	WerFault.exe	Unicorn-18227.exe
3996	3028	WerFault.exe	Unicorn-437.exe
4056	324	WerFault.exe	Unicorn-45149.exe
4088	312	WerFault.exe	Unicorn-62362.exe
3436	2644	WerFault.exe	Unicorn-12082.exe
3452	1724	WerFault.exe	Unicorn-36592.exe
3496	2004	WerFault.exe	Unicorn-11122.exe
3540	2540	WerFault.exe	Unicorn-57754.exe
3548	2520	WerFault.exe	Unicorn-57754.exe
3576	2252	WerFault.exe	Unicorn-6057.exe
3624	2452	WerFault.exe	Unicorn-44049.exe
3608	2856	WerFault.exe	Unicorn-56794.exe
3672	2616	WerFault.exe	Unicorn-32420.exe
3104	2336	WerFault.exe	Unicorn-11122.exe
3400	1616	WerFault.exe	Unicorn-56794.exe
1036	3024	WerFault.exe	Unicorn-35056.exe
3780	3316	WerFault.exe	Unicorn-561.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exeUnicorn-12604.exeUnicorn-41072.exeUnicorn-21206.exeUnicorn-17899.exeUnicorn-20168.exeUnicorn-24340.exeUnicorn-22281.exeUnicorn-30837.exeUnicorn-47859.exeUnicorn-21705.exeUnicorn-50703.exeUnicorn-21802.exeUnicorn-1936.exeUnicorn-38387.exeUnicorn-39347.exeUnicorn-12512.exeUnicorn-34966.exeUnicorn-57233.exeUnicorn-19770.exeUnicorn-39636.exeUnicorn-20346.exeUnicorn-40212.exeUnicorn-1213.exeUnicorn-52853.exeUnicorn-21655.exeUnicorn-21655.exeUnicorn-1789.exeUnicorn-56946.exeUnicorn-4538.exeUnicorn-56370.exeUnicorn-39218.exeUnicorn-28824.exeUnicorn-47730.exeUnicorn-32079.exeUnicorn-12213.exeUnicorn-10075.exeUnicorn-18374.exeUnicorn-11035.exeUnicorn-50444.exeUnicorn-30901.exeUnicorn-32655.exeUnicorn-28319.exeUnicorn-48185.exeUnicorn-34480.exeUnicorn-63898.exeUnicorn-18227.exeUnicorn-45149.exeUnicorn-35056.exeUnicorn-437.exeUnicorn-63478.exeUnicorn-62362.exeUnicorn-13654.exeUnicorn-36592.exeUnicorn-6057.exeUnicorn-56794.exeUnicorn-11122.exeUnicorn-56794.exeUnicorn-11122.exeUnicorn-32420.exeUnicorn-57754.exeUnicorn-57754.exeUnicorn-12082.exeUnicorn-44049.exe

pid	process
2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
2844	Unicorn-12604.exe
2508	Unicorn-41072.exe
2560	Unicorn-21206.exe
2504	Unicorn-17899.exe
2412	Unicorn-20168.exe
2576	Unicorn-24340.exe
380	Unicorn-22281.exe
2400	Unicorn-30837.exe
616	Unicorn-47859.exe
1600	Unicorn-21705.exe
1052	Unicorn-50703.exe
628	Unicorn-21802.exe
860	Unicorn-1936.exe
2760	Unicorn-38387.exe
3052	Unicorn-39347.exe
2908	Unicorn-12512.exe
576	Unicorn-34966.exe
1164	Unicorn-57233.exe
2964	Unicorn-19770.exe
2900	Unicorn-39636.exe
1372	Unicorn-20346.exe
352	Unicorn-40212.exe
1832	Unicorn-1213.exe
2212	Unicorn-52853.exe
2040	Unicorn-21655.exe
1764	Unicorn-21655.exe
2032	Unicorn-1789.exe
2600	Unicorn-56946.exe
3060	Unicorn-4538.exe
2724	Unicorn-56370.exe
2612	Unicorn-39218.exe
2648	Unicorn-28824.exe
356	Unicorn-47730.exe
2492	Unicorn-32079.exe
2632	Unicorn-12213.exe
2780	Unicorn-10075.exe
1704	Unicorn-18374.exe
332	Unicorn-11035.exe
1680	Unicorn-50444.exe
1648	Unicorn-30901.exe
768	Unicorn-32655.exe
2036	Unicorn-28319.exe
2756	Unicorn-48185.exe
2516	Unicorn-34480.exe
1108	Unicorn-63898.exe
1496	Unicorn-18227.exe
324	Unicorn-45149.exe
3024	Unicorn-35056.exe
3028	Unicorn-437.exe
1796	Unicorn-63478.exe
312	Unicorn-62362.exe
3044	Unicorn-13654.exe
1724	Unicorn-36592.exe
2252	Unicorn-6057.exe
2856	Unicorn-56794.exe
2004	Unicorn-11122.exe
1616	Unicorn-56794.exe
2336	Unicorn-11122.exe
2616	Unicorn-32420.exe
2520	Unicorn-57754.exe
2540	Unicorn-57754.exe
2644	Unicorn-12082.exe
2452	Unicorn-44049.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exeUnicorn-12604.exeUnicorn-41072.exeUnicorn-21206.exeUnicorn-17899.exeUnicorn-20168.exeUnicorn-24340.exeUnicorn-22281.exe

description	pid	process	target process
PID 2264 wrote to memory of 2844	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-12604.exe
PID 2264 wrote to memory of 2844	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-12604.exe
PID 2264 wrote to memory of 2844	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-12604.exe
PID 2264 wrote to memory of 2844	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-12604.exe
PID 2844 wrote to memory of 2508	2844	Unicorn-12604.exe	Unicorn-41072.exe
PID 2844 wrote to memory of 2508	2844	Unicorn-12604.exe	Unicorn-41072.exe
PID 2844 wrote to memory of 2508	2844	Unicorn-12604.exe	Unicorn-41072.exe
PID 2844 wrote to memory of 2508	2844	Unicorn-12604.exe	Unicorn-41072.exe
PID 2264 wrote to memory of 2560	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-21206.exe
PID 2264 wrote to memory of 2560	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-21206.exe
PID 2264 wrote to memory of 2560	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-21206.exe
PID 2264 wrote to memory of 2560	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	Unicorn-21206.exe
PID 2264 wrote to memory of 2572	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	WerFault.exe
PID 2264 wrote to memory of 2572	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	WerFault.exe
PID 2264 wrote to memory of 2572	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	WerFault.exe
PID 2264 wrote to memory of 2572	2264	94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe	WerFault.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-41072.exe	Unicorn-24340.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-41072.exe	Unicorn-24340.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-41072.exe	Unicorn-24340.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-41072.exe	Unicorn-24340.exe
PID 2844 wrote to memory of 2504	2844	Unicorn-12604.exe	Unicorn-17899.exe
PID 2844 wrote to memory of 2504	2844	Unicorn-12604.exe	Unicorn-17899.exe
PID 2844 wrote to memory of 2504	2844	Unicorn-12604.exe	Unicorn-17899.exe
PID 2844 wrote to memory of 2504	2844	Unicorn-12604.exe	Unicorn-17899.exe
PID 2560 wrote to memory of 2412	2560	Unicorn-21206.exe	Unicorn-20168.exe
PID 2560 wrote to memory of 2412	2560	Unicorn-21206.exe	Unicorn-20168.exe
PID 2560 wrote to memory of 2412	2560	Unicorn-21206.exe	Unicorn-20168.exe
PID 2560 wrote to memory of 2412	2560	Unicorn-21206.exe	Unicorn-20168.exe
PID 2844 wrote to memory of 3036	2844	Unicorn-12604.exe	WerFault.exe
PID 2844 wrote to memory of 3036	2844	Unicorn-12604.exe	WerFault.exe
PID 2844 wrote to memory of 3036	2844	Unicorn-12604.exe	WerFault.exe
PID 2844 wrote to memory of 3036	2844	Unicorn-12604.exe	WerFault.exe
PID 2504 wrote to memory of 380	2504	Unicorn-17899.exe	Unicorn-22281.exe
PID 2504 wrote to memory of 380	2504	Unicorn-17899.exe	Unicorn-22281.exe
PID 2504 wrote to memory of 380	2504	Unicorn-17899.exe	Unicorn-22281.exe
PID 2504 wrote to memory of 380	2504	Unicorn-17899.exe	Unicorn-22281.exe
PID 2412 wrote to memory of 1600	2412	Unicorn-20168.exe	Unicorn-21705.exe
PID 2412 wrote to memory of 1600	2412	Unicorn-20168.exe	Unicorn-21705.exe
PID 2412 wrote to memory of 1600	2412	Unicorn-20168.exe	Unicorn-21705.exe
PID 2412 wrote to memory of 1600	2412	Unicorn-20168.exe	Unicorn-21705.exe
PID 2560 wrote to memory of 2400	2560	Unicorn-21206.exe	Unicorn-30837.exe
PID 2560 wrote to memory of 2400	2560	Unicorn-21206.exe	Unicorn-30837.exe
PID 2560 wrote to memory of 2400	2560	Unicorn-21206.exe	Unicorn-30837.exe
PID 2560 wrote to memory of 2400	2560	Unicorn-21206.exe	Unicorn-30837.exe
PID 2576 wrote to memory of 1052	2576	Unicorn-24340.exe	Unicorn-50703.exe
PID 2576 wrote to memory of 1052	2576	Unicorn-24340.exe	Unicorn-50703.exe
PID 2576 wrote to memory of 1052	2576	Unicorn-24340.exe	Unicorn-50703.exe
PID 2576 wrote to memory of 1052	2576	Unicorn-24340.exe	Unicorn-50703.exe
PID 2508 wrote to memory of 616	2508	Unicorn-41072.exe	Unicorn-47859.exe
PID 2508 wrote to memory of 616	2508	Unicorn-41072.exe	Unicorn-47859.exe
PID 2508 wrote to memory of 616	2508	Unicorn-41072.exe	Unicorn-47859.exe
PID 2508 wrote to memory of 616	2508	Unicorn-41072.exe	Unicorn-47859.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-41072.exe	WerFault.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-41072.exe	WerFault.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-41072.exe	WerFault.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-41072.exe	WerFault.exe
PID 2560 wrote to memory of 2196	2560	Unicorn-21206.exe	WerFault.exe
PID 2560 wrote to memory of 2196	2560	Unicorn-21206.exe	WerFault.exe
PID 2560 wrote to memory of 2196	2560	Unicorn-21206.exe	WerFault.exe
PID 2560 wrote to memory of 2196	2560	Unicorn-21206.exe	WerFault.exe
PID 380 wrote to memory of 628	380	Unicorn-22281.exe	Unicorn-21802.exe
PID 380 wrote to memory of 628	380	Unicorn-22281.exe	Unicorn-21802.exe
PID 380 wrote to memory of 628	380	Unicorn-22281.exe	Unicorn-21802.exe
PID 380 wrote to memory of 628	380	Unicorn-22281.exe	Unicorn-21802.exe

C:\Users\Admin\AppData\Local\Temp\94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe
"C:\Users\Admin\AppData\Local\Temp\94bb8a25437d684ce148372e17a64fc64e07ccc08b53effbecd70821329f8d2f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-63478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63478.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
10⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
11⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
12⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
13⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
14⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
15⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
15⤵
PID:13960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
14⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
13⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
12⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
11⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
12⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
13⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
14⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 220
14⤵
PID:13396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
13⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
11⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
10⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
11⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
12⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
13⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
14⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
14⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
13⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
12⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
11⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
9⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
10⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
11⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
12⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
13⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
14⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
13⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
12⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
11⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
10⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
11⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
12⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
13⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
13⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
10⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
9⤵
- Program crash
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
9⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
10⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
11⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
11⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
12⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
13⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
14⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 220
14⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
13⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
12⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 220
11⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
11⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
12⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
13⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
13⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
12⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 220
11⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
11⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
12⤵
PID:11708

C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
13⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11708 -s 216
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
9⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
8⤵
- Program crash
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-36592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36592.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
9⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
10⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
11⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
12⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
13⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
14⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
14⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
13⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
12⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
11⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
11⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
12⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
13⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
13⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 220
10⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
9⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
8⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
12⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
13⤵
PID:12244

C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
14⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 236
13⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 236
12⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
11⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
11⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
12⤵
PID:11680

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
13⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 236
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 220
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
9⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
8⤵
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
7⤵
- Program crash
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
9⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
10⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
11⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
12⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
13⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
14⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 220
14⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
13⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 220
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
11⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
10⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
11⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
12⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
13⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 220
13⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
12⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
10⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
9⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
9⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
8⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
11⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
12⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 216
13⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
10⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
11⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
12⤵
PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 220
12⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
10⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
10⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
11⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
12⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 236
12⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
10⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
11⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
12⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 220
12⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 220
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
8⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
7⤵
- Program crash
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
6⤵
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34966.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
10⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
11⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
12⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
13⤵
PID:12216

C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
14⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
13⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
12⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
10⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
11⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
12⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
11⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
10⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
9⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
8⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
8⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
11⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
12⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
13⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
13⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 220
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
10⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
10⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
11⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 220
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 220
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
9⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
10⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
11⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
12⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 220
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 220
8⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
7⤵
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
8⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
11⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
12⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
13⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 220
13⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
12⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
11⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
11⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 212
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
11⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 220
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 220
9⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
10⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
9⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 220
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
7⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
11⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 220
12⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
8⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
9⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
10⤵
PID:9764

C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
11⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 216
11⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 220
10⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
9⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
8⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 220
7⤵
- Program crash
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
6⤵
- Program crash
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
6⤵
- Executes dropped EXE
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 148
7⤵
- Program crash
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
6⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
7⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
11⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-17726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17726.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
10⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
11⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
10⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
8⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
7⤵
- Program crash
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
7⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
8⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
9⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
11⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
9⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
8⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
7⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
6⤵
- Program crash
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
5⤵
- Program crash
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
9⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
10⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
11⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
12⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
13⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
14⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
14⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
13⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
12⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
11⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
10⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
11⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
12⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
13⤵
PID:11596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
14⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 236
13⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
10⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
11⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
12⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
13⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
12⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
10⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
9⤵
- Program crash
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
8⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
9⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 240
10⤵
- Program crash
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
10⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
11⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
12⤵
PID:12432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
13⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
12⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
9⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
8⤵
- Program crash
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
8⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 220
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
10⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
12⤵
PID:12284

C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
13⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 220
8⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
7⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
8⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
7⤵
- Program crash
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
6⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
8⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
9⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
10⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
11⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
12⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 220
13⤵
PID:13476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
12⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
11⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
10⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
11⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
12⤵
PID:11460

C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
13⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
12⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
11⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
10⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
11⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
12⤵
PID:11720

C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
13⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
12⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
8⤵
- Program crash
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
7⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
10⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
11⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
12⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
12⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-35027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35027.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
10⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 220
11⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
10⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
8⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
7⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
7⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
8⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
11⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
12⤵
PID:12180

C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
13⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 236
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
11⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
10⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
11⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
12⤵
PID:13980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 236
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
9⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
7⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
9⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
10⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
11⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
11⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
10⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
8⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
7⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
6⤵
- Program crash
PID:1436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
5⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-1936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1936.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
8⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
10⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
11⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
12⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
13⤵
PID:12056

C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
14⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
12⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
10⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
10⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
11⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 220
12⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
11⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 220
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
8⤵
- Program crash
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
7⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
8⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 200
9⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
7⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
12⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
12⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
10⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
8⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
10⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
11⤵
PID:12252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
12⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
11⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
10⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
8⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
10⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 220
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 236
10⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
8⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
7⤵
- Program crash
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
6⤵
- Program crash
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
9⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
9⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
10⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
11⤵
PID:14188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
10⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
9⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
8⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
9⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
10⤵
PID:11896

C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
11⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11896 -s 216
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
10⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
9⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
8⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
7⤵
- Program crash
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
6⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-29690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29690.exe
7⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
8⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
9⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
10⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
11⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
11⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
10⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
9⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
7⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
8⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
9⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
10⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 220
10⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
9⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
8⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
7⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
6⤵
- Program crash
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
5⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
11⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220
12⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
11⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
8⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
9⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
10⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
11⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
11⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
10⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 236
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
8⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
7⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
10⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
10⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
7⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
6⤵
- Program crash
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
5⤵
- Program crash
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
8⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
12⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 220
13⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
10⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-44685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44685.exe
10⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 220
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
8⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
11⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
12⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 236
10⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
8⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
- Program crash
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
10⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
11⤵
PID:11628

C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
12⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11628 -s 216
12⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
7⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
10⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
11⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
11⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
10⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
8⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
7⤵
- Program crash
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
6⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
7⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
11⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
9⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
10⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
11⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
11⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
10⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 220
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
8⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
7⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
9⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
10⤵
PID:9540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
11⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 216
11⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
10⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
8⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
7⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
6⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
7⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
9⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
10⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
11⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 220
11⤵
PID:14228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
10⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 220
9⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
8⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
7⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
6⤵
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
5⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-1213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1213.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
10⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
11⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
12⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
12⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 220
11⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
8⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
9⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
10⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
11⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 220
11⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
10⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 220
9⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
8⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
7⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
9⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
10⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
11⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
11⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 220
10⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
9⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
7⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
7⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
8⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
9⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
10⤵
PID:11600

C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
11⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11600 -s 216
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
10⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
9⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
8⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
7⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
6⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
8⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
9⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 200
10⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
9⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
7⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
6⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
5⤵
- Program crash
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
4⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
2⤵
- Program crash
PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe

Filesize
184KB

MD5
274183365e556df1981dce81d822b747

SHA1
28ce57fc17b6d8f8f5f4ebb88fae1053c78d1683

SHA256
b83b5acc2303ca0028559b70f8d78af189331d39d504402ce7025e347d841808

SHA512
c101d28be21c1d01cd470a8d31f210107bbc05e9ac59f8456b2235f835c4f032bae689709e4d60c2f5479e52b184aa84cf78e1e84421f52170d5ac12065734a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe

Filesize
184KB

MD5
08ac0ac311c137f72524844bd54b2b50

SHA1
d9cae9844d128333335a5216713683d19e396352

SHA256
38dc1b0f6d4ec95d4924fe68d1f64ccc9ac7e6a05f78f3b4a9556d9280cf6b53

SHA512
e5205946e85f216d1dec67f7c6f510ee37310c3a7243b48c8e2c0071f007b1672cfde5b0580d7a1ac170d7759dac589d8ddb2cc45d0c27800f587802a5d41351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe

Filesize
184KB

MD5
d9b5c8e1bd360717851e3e47ebcaba73

SHA1
22dcb3d3251d7112ca6a2a185911560d30576bd1

SHA256
08c78476780bb6432a620c054d6f36ab72ea7bb1101ab61b7f126d5893bdef8c

SHA512
4685315279f189d7633cd7bd316c6e8864799f50ee9ec2008a2940fc1054892eebb2505f42f98c752fa851980919e8ff8094cb1f6cd59864956272fc9597dd82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe

Filesize
184KB

MD5
12eacb05d342ce127d0223288a5ea7a8

SHA1
43cdc5b65554e1b23bdf5d21e2b73d2cd155fe69

SHA256
294820fcee22bddbb838e8aca75c067495d4e7dcc0beba753a1cdd66d2ae15ae

SHA512
e22e01054e54e7ab29ba59b3b61e28bd7f0f8935d0f56e046e9f42bea27ef92857d0c087b112b56754711bc4aca39092cb17bf92c2b59260c717356010bb93da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe

Filesize
184KB

MD5
7fbcfe0f1715b39a757772f1cfa3bf57

SHA1
9493e4efcef6d1988ecbef6b7e79512dbe8c15a3

SHA256
9696fa94a26acf5de8f14e9e956a177f4e16b3191edb29452aa6b634c4ad36ea

SHA512
3b484d4a4726c130e462b220583244edd3fc23894c305926183a3d47f4c23023ac66d298b6a0de08567bb60e434764df307ddddf258e1321d768b642260466f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe

Filesize
184KB

MD5
f68002daadba7291920249d7013d1cfd

SHA1
6c5853eca5f4a965390f4b3a5440272c183e1679

SHA256
66fab5537db9cbb14353cf67001d1defaf352baf4e04aec3185eca688b20a116

SHA512
6e41161b4da4995552200047a86362d6fdd074490e90d1ee48e727e79011b1eac819f37e91a0b0521452f8421936ecc1a938bbd2c57126d960bb9ced43506a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe

Filesize
184KB

MD5
798280516507bfc1c9fc2c8700a0fd00

SHA1
b49e794b49bd763ab37d0208392d56aaa40f6f24

SHA256
daa057975eac4f306984761288230750c0054a2c524489cf6c946536149995e8

SHA512
564f31aeba036959b21a3e2abc42619f0c7b1b4b6a25d8c23b80edd9881ed0de08acf59c27f0b79fa1431b2622af8cb446a90ba03a3f7d23a21b87f2ff40601c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe

Filesize
184KB

MD5
8ca9c243a2a11e632b216181917c0262

SHA1
898fd362580c283113ae2dd625df79c49ab478f6

SHA256
2ac2a980dc174035b4f68c2281e68ea1284bb4901267bf715160b7996016e277

SHA512
abe015367ca0dacf9814bd54ccd76852f16d51efb0e87897b2043d3a3acba059951a6665b2bc24612b6de94a126d082e72b9d41373280da5da47ac229df7be8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe

Filesize
184KB

MD5
ee526914f614253c1bad50d4725954df

SHA1
927ebabdf734ec67897c680317a71c6bdea6a51c

SHA256
b5ce9aa23db3ea74149084105ac81d05dc6341c138dd72428f5060352fa1582a

SHA512
0b9c71f4cfdeb175b8d802f00228bfbf35fa067e5f0c5d1d6bc9e6f921e0eeec6d57e04a6810bb96843319ef8df54c2b4063d3bc61b12d5a9242a5010604b91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe

Filesize
184KB

MD5
beb6fd071af4ccbbfb250aa3ef36587e

SHA1
1743f9b470fc915a5d482e73f9c2b69395b8cc6e

SHA256
974a35c2556bea5c7bade8aa959649c5d30a888d5258317ed65604339d6f0db8

SHA512
f49ab832bde8c35971f27cfe4b7c36e148306cb9a0fb82ae280170fe248cf833203c0197f0a93ce159324fc2d7474a53fddbed65ec6f7f5ea7522bec176fdc77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe

Filesize
184KB

MD5
7207f9ab3531807860d6f313fb0a9dec

SHA1
d21c79ce0df4cc611c7ec2a1e9311a5322cec33d

SHA256
600154176cb264a477f27d2ea9f7501cc76df4bf15b0aaaa9330613e1fd07573

SHA512
ceaa890f055c8091f3dcfd99c230664e7a5c1e92899979084e08681b72bce9e487f98bfb164d69b945ac82653c3f8d922069b883bf4dfa872d6944c523d3d411

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe

Filesize
184KB

MD5
271b09b99c410fe21bfd4730cd1b32c9

SHA1
beb9e089cb88fa94c1a0b43c90b2225241855e37

SHA256
cc5c42e6fdd6e6a18a5010b73ed3ab1ebe65f71df77bb1e35579781825f7c17a

SHA512
013d989d6b3960978ee4c484673919adfdd14da35c2fd218f9cc9a574b1d6de0371c0052e01c2f963495ca103bb82f1700b5ce22f93386298fa7945d1e7e0793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe

Filesize
184KB

MD5
2ff3b223428de681396c32d432fae514

SHA1
47ddd0af9def0550f78c544ec36b79afe4217acc

SHA256
136cf4318e539fe6e730858badec3bdb8f9ee8be20a494802557125979b9755f

SHA512
af2b9eb638cad8d82f698ebed463343e2c7205942938f25ca7d34c5d4d424c264851ca87e1967e537bade332ca81aef1a1af979d9c319a2ea9b0d5aabe8ca3b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1936.exe

Filesize
184KB

MD5
3eea17aa01f33cb84f256aeef44ae50e

SHA1
4260025377e822d0d51319e0b72bbfee762a652e

SHA256
7cc2a5880cd709b507ba55b50ad7202e8d985004ef97973281e6b95ece5c0b41

SHA512
a8b1d5c351c00509090c2964da3cea7037f50ce88d06783af480c0865c2fb200b8759fc2c3e258e107e1fcb92949cfe2f352f20a9e7127f71cea3575c4e9b628

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe

Filesize
184KB

MD5
0f7d32662cf278da597070ff1b5acd26

SHA1
25302052f7be48235e76347f327f00a55ab6749e

SHA256
9803013f3126b3a02e6a243375f59d9a3118b5e21538e92f2f862c7bccae555b

SHA512
489f9591f8ca49401443f4da70b108758dead9d991db1393b72d2a63b5f41069cce548435aabe14ed9199f52ae835a62a1a01730f390762600a42a55072acff8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe

Filesize
184KB

MD5
d1e348792dd141af1f91e46a8bed69fa

SHA1
4d25f8ec753bee6a93446a5e44943539a02c1402

SHA256
0378b53996ca52ca63a162a518bbb3fd404c752e868f5368679f4c70be5b3b66

SHA512
000045ec35506b3e45c8f0e805c17b53ed598ff11a6f4c30abdf99d716c40a3a11a410bad0e03706c7d22f317bc7ae75efaa7be01088f36d25177b767d36bf6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe

Filesize
184KB

MD5
53dd6a9bf9ab02cf664799365e4a6843

SHA1
d370d5edf747fc9087aa884b459beb009a631244

SHA256
b5235eae20b5b259d828d7f93f06f2c4df92fa82da2e3efde8d44dcf658e470e

SHA512
6c2ef2396550d7a52150a352de23ecaad06165c8d5603c1177f081a6f08ed0e8b98e519a9f2fffa9a2a46900839ed52f84dc8b512baec77ad51b6be4ac1dc5eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe

Filesize
184KB

MD5
e2b4fc84230daae262a661b913a83c46

SHA1
03e29e42bdea9bc398b7fda43b1b12e951f2b4ae

SHA256
ec730478a9872a6a00c18a4136128c9fb91b5478cb5cbcadf4397337c73f7ac6

SHA512
9b220e3cc827075a4d185efe5147077a414b760b18e7e1cca534727303b0a05c95be1a4f01fc5b4119028e4f6178af9f91db688a783289707ad92fa0a1f37ac9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe

Filesize
184KB

MD5
ee8787776a8d64557c95c365881b2fab

SHA1
2b92935d78fb72afbd42f534f8d83d45de52be8f

SHA256
9f6a7da70abd2f9c24a949fb3cdd5e4c3265ffac70469164c08c9902d07da9db

SHA512
38ebc3b23ae7178ad0a89389ac7082e19cebdbea2b5e9cda14edc3005fee8c50f32e4a6e180d6912fb64a45f3332cb6789d1f6835f183a164ff6d35640936b75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe

Filesize
184KB

MD5
28ead8ea91963ef51219f61fb4972139

SHA1
0eff8a619f99c69ea312b875586cfdbdef8949e6

SHA256
746b443805a4f02f607717a4aba6e800c4747308f7bd1f3d8843ed5530220108

SHA512
13fc71bb697eb252925a446b9816dfe5501671608dc1d602e1d8ed5319afa9fe4253fbdbae064e6eba17cc56886987e958d43e4ad07c7ab379bd2588b13d8e7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe

Filesize
184KB

MD5
b3a3136f8148a8c00f85366989a65788

SHA1
313733ca053fe1bc4e0a4e754700d35a783a9f3b

SHA256
8110585304355cae91837828eb9f4bc19ad25f03a0ddf04106240ff14495dd89

SHA512
3c5f288e92acdabaec35a4a13bd9114aa4313545137491cd72e8a059b890901f75a352fb22c8973d23dd6db2dcd22258af44d5089452aff17f55bfcb77c59d95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe

Filesize
184KB

MD5
d2496d1fa9f229b708c7aa8c96fa3086

SHA1
8ad65547470f33150a6fd17badb776357460d5ac

SHA256
93b306342816db4a7f0a5d3bf619730a32f0a028a3d0269c16e459120a914b76

SHA512
f6985cd9192ac652a930e49ed65b8d816d90893df37fdd25589a03a21995f0ac9602471ef5ef34caf5996e141e66294ed22fdb44e39d5d39ae0fca99d48a7ec9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe

Filesize
184KB

MD5
ff41afe50e03dd235f52958cf1d3c4ba

SHA1
19c6ebe4f8b539ad775cd441140d7c90fff8bbda

SHA256
f45c89881dea60752435d542888532dbd7adbce4e5933475972280575e129c58

SHA512
e06a66d742e8baaea6262a7c455ba9232632a42335b5b6fd745b0e321a8555fa444b257e4ffb1d4767a0a95865c20fe9e98c726dbf385ebb1cdf96535b09136e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe

Filesize
184KB

MD5
8134eabe610adc66075e75cc527dfe61

SHA1
ca6390c7a073ebdec897cf8eca88356a6ca28927

SHA256
82042a9d753d117572604eccbe2c3e2f14e546789c022a4211ee359968958c61

SHA512
b25f933299ee1d8d46aee0057d70fecb0c4969a98ade9ca7fa9650f6ae1401a99dc67a9eaf744e4a5e706fa0db2e05292dba7a0a491510b0f31f3f0e268292cc

Download Submit