89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
Size

184KB
MD5

c611509cb541fc26d89c9ac8fa25a3d5
SHA1

33164fb1c86295f15f30574b75293164dbcd78de
SHA256

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9
SHA512

cb8e6644f5334b7b15c48f5c03f91ece6b7719014fad1b236bdfd8a818cb44c8655fbb6c30bdd922807b11a1984640c8c517bfcab5823fe3009d4abcb69e4938
SSDEEP

3072:cTa3AioTvJOTjG4WeHwLREPUhl/ViF7n3:cTQo8HG4WLePUhl/ViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-24721.exeUnicorn-43452.exeUnicorn-47567.exeUnicorn-23079.exeUnicorn-16124.exeUnicorn-41086.exeUnicorn-53372.exeUnicorn-9791.exeUnicorn-14887.exeUnicorn-60092.exeUnicorn-60559.exeUnicorn-41730.exeUnicorn-11148.exeUnicorn-23822.exeUnicorn-1865.exeUnicorn-37365.exeUnicorn-62327.exeUnicorn-62825.exeUnicorn-17154.exeUnicorn-42475.exeUnicorn-3725.exeUnicorn-23591.exeUnicorn-50236.exeUnicorn-5342.exeUnicorn-2535.exeUnicorn-56832.exeUnicorn-31403.exeUnicorn-51269.exeUnicorn-58591.exeUnicorn-15000.exeUnicorn-15000.exeUnicorn-28274.exeUnicorn-2301.exeUnicorn-44356.exeUnicorn-19541.exeUnicorn-19541.exeUnicorn-40759.exeUnicorn-61240.exeUnicorn-15568.exeUnicorn-28781.exeUnicorn-31329.exeUnicorn-223.exeUnicorn-25637.exeUnicorn-58444.exeUnicorn-41183.exeUnicorn-60992.exeUnicorn-60992.exeUnicorn-37587.exeUnicorn-17080.exeUnicorn-17080.exeUnicorn-46117.exeUnicorn-26251.exeUnicorn-26251.exeUnicorn-41311.exeUnicorn-4393.exeUnicorn-18639.exeUnicorn-18639.exeUnicorn-14777.exeUnicorn-56075.exeUnicorn-29023.exeUnicorn-29023.exeUnicorn-30589.exeUnicorn-13729.exeUnicorn-27975.exe

pid	process
3028	Unicorn-24721.exe
2988	Unicorn-43452.exe
3004	Unicorn-47567.exe
2712	Unicorn-23079.exe
2732	Unicorn-16124.exe
2728	Unicorn-41086.exe
1972	Unicorn-53372.exe
2688	Unicorn-9791.exe
844	Unicorn-14887.exe
2548	Unicorn-60092.exe
2036	Unicorn-60559.exe
1672	Unicorn-41730.exe
1764	Unicorn-11148.exe
1536	Unicorn-23822.exe
2692	Unicorn-1865.exe
2256	Unicorn-37365.exe
480	Unicorn-62327.exe
1116	Unicorn-62825.exe
1488	Unicorn-17154.exe
292	Unicorn-42475.exe
1556	Unicorn-3725.exe
972	Unicorn-23591.exe
2192	Unicorn-50236.exe
2032	Unicorn-5342.exe
1760	Unicorn-2535.exe
2068	Unicorn-56832.exe
2060	Unicorn-31403.exe
1260	Unicorn-51269.exe
1508	Unicorn-58591.exe
1580	Unicorn-15000.exe
1744	Unicorn-15000.exe
1616	Unicorn-28274.exe
2540	Unicorn-2301.exe
2624	Unicorn-44356.exe
2704	Unicorn-19541.exe
2496	Unicorn-19541.exe
2460	Unicorn-40759.exe
2984	Unicorn-61240.exe
2952	Unicorn-15568.exe
2700	Unicorn-28781.exe
2400	Unicorn-31329.exe
1432	Unicorn-223.exe
2784	Unicorn-25637.exe
1996	Unicorn-58444.exe
2072	Unicorn-41183.exe
1028	Unicorn-60992.exe
1928	Unicorn-60992.exe
1080	Unicorn-37587.exe
1660	Unicorn-17080.exe
2252	Unicorn-17080.exe
2088	Unicorn-46117.exe
2280	Unicorn-26251.exe
2292	Unicorn-26251.exe
2836	Unicorn-41311.exe
1792	Unicorn-4393.exe
2124	Unicorn-18639.exe
2348	Unicorn-18639.exe
904	Unicorn-14777.exe
2772	Unicorn-56075.exe
3020	Unicorn-29023.exe
2156	Unicorn-29023.exe
1804	Unicorn-30589.exe
3032	Unicorn-13729.exe
2456	Unicorn-27975.exe

Loads dropped DLL 64 IoCs

Processes:

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exeUnicorn-24721.exeUnicorn-43452.exeUnicorn-47567.exeWerFault.exeUnicorn-16124.exeUnicorn-23079.exeUnicorn-41086.exeWerFault.exeWerFault.exeUnicorn-53372.exeUnicorn-9791.exeUnicorn-60559.exeUnicorn-60092.exeUnicorn-14887.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
3028	Unicorn-24721.exe
3028	Unicorn-24721.exe
2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
2988	Unicorn-43452.exe
2988	Unicorn-43452.exe
3028	Unicorn-24721.exe
3028	Unicorn-24721.exe
3004	Unicorn-47567.exe
3004	Unicorn-47567.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2732	Unicorn-16124.exe
2732	Unicorn-16124.exe
2712	Unicorn-23079.exe
2712	Unicorn-23079.exe
2988	Unicorn-43452.exe
2988	Unicorn-43452.exe
2728	Unicorn-41086.exe
3004	Unicorn-47567.exe
2728	Unicorn-41086.exe
3004	Unicorn-47567.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
1972	Unicorn-53372.exe
1972	Unicorn-53372.exe
2732	Unicorn-16124.exe
2732	Unicorn-16124.exe
2688	Unicorn-9791.exe
2036	Unicorn-60559.exe
2688	Unicorn-9791.exe
2036	Unicorn-60559.exe
2712	Unicorn-23079.exe
2712	Unicorn-23079.exe
2548	Unicorn-60092.exe
2548	Unicorn-60092.exe
844	Unicorn-14887.exe
844	Unicorn-14887.exe
2728	Unicorn-41086.exe
2728	Unicorn-41086.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
1144	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2840	2944	WerFault.exe	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
2900	3028	WerFault.exe	Unicorn-24721.exe
1992	2988	WerFault.exe	Unicorn-43452.exe
2424	3004	WerFault.exe	Unicorn-47567.exe
2416	2732	WerFault.exe	Unicorn-16124.exe
2028	2712	WerFault.exe	Unicorn-23079.exe
1144	2728	WerFault.exe	Unicorn-41086.exe
1956	1972	WerFault.exe	Unicorn-53372.exe
2168	2688	WerFault.exe	Unicorn-9791.exe
2816	2036	WerFault.exe	Unicorn-60559.exe
2828	2548	WerFault.exe	Unicorn-60092.exe
2564	844	WerFault.exe	Unicorn-14887.exe
580	1672	WerFault.exe	Unicorn-41730.exe
1692	1764	WerFault.exe	Unicorn-11148.exe
1800	1536	WerFault.exe	Unicorn-23822.exe
2200	2692	WerFault.exe	Unicorn-1865.exe
1268	2256	WerFault.exe	Unicorn-37365.exe
860	480	WerFault.exe	Unicorn-62327.exe
1868	1116	WerFault.exe	Unicorn-62825.exe
1308	1488	WerFault.exe	Unicorn-17154.exe
2640	292	WerFault.exe	Unicorn-42475.exe
2652	972	WerFault.exe	Unicorn-23591.exe
2576	1556	WerFault.exe	Unicorn-3725.exe
2472	2192	WerFault.exe	Unicorn-50236.exe
2520	2032	WerFault.exe	Unicorn-5342.exe
2516	1760	WerFault.exe	Unicorn-2535.exe
2412	1508	WerFault.exe	Unicorn-58591.exe
1056	2068	WerFault.exe	Unicorn-56832.exe
320	2060	WerFault.exe	Unicorn-31403.exe
2844	1260	WerFault.exe	Unicorn-51269.exe
2800	1580	WerFault.exe	Unicorn-15000.exe
588	1744	WerFault.exe	Unicorn-15000.exe
800	1616	WerFault.exe	Unicorn-28274.exe
3708	2496	WerFault.exe	Unicorn-19541.exe
3700	2624	WerFault.exe	Unicorn-44356.exe
3748	2540	WerFault.exe	Unicorn-2301.exe
3784	2460	WerFault.exe	Unicorn-40759.exe
3792	2700	WerFault.exe	Unicorn-28781.exe
3808	2400	WerFault.exe	Unicorn-31329.exe
3856	1432	WerFault.exe	Unicorn-223.exe
3904	2784	WerFault.exe	Unicorn-25637.exe
3920	1080	WerFault.exe	Unicorn-37587.exe
3936	1660	WerFault.exe	Unicorn-17080.exe
3960	2072	WerFault.exe	Unicorn-41183.exe
3996	1996	WerFault.exe	Unicorn-58444.exe
4040	2280	WerFault.exe	Unicorn-26251.exe
4032	1028	WerFault.exe	Unicorn-60992.exe
3148	2704	WerFault.exe	Unicorn-19541.exe
3132	2088	WerFault.exe	Unicorn-46117.exe
3172	2292	WerFault.exe	Unicorn-26251.exe
3288	2952	WerFault.exe	Unicorn-15568.exe
3320	2252	WerFault.exe	Unicorn-17080.exe
3556	1928	WerFault.exe	Unicorn-60992.exe
2020	2984	WerFault.exe	Unicorn-61240.exe
4256	2244	WerFault.exe	Unicorn-35742.exe
4264	1788	WerFault.exe	Unicorn-48030.exe
4332	1036	WerFault.exe	Unicorn-45934.exe
4324	2008	WerFault.exe	Unicorn-26493.exe
4388	2336	WerFault.exe	Unicorn-26068.exe
4780	2240	WerFault.exe	Unicorn-42122.exe
4800	2124	WerFault.exe	Unicorn-18639.exe
4832	2772	WerFault.exe	Unicorn-56075.exe
4848	2348	WerFault.exe	Unicorn-18639.exe
4952	1296	WerFault.exe	Unicorn-58079.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exeUnicorn-24721.exeUnicorn-43452.exeUnicorn-47567.exeUnicorn-23079.exeUnicorn-16124.exeUnicorn-41086.exeUnicorn-53372.exeUnicorn-9791.exeUnicorn-60092.exeUnicorn-60559.exeUnicorn-14887.exeUnicorn-41730.exeUnicorn-11148.exeUnicorn-23822.exeUnicorn-1865.exeUnicorn-37365.exeUnicorn-62327.exeUnicorn-17154.exeUnicorn-62825.exeUnicorn-42475.exeUnicorn-3725.exeUnicorn-23591.exeUnicorn-50236.exeUnicorn-5342.exeUnicorn-2535.exeUnicorn-56832.exeUnicorn-31403.exeUnicorn-51269.exeUnicorn-58591.exeUnicorn-15000.exeUnicorn-28274.exeUnicorn-15000.exeUnicorn-2301.exeUnicorn-44356.exeUnicorn-19541.exeUnicorn-19541.exeUnicorn-40759.exeUnicorn-61240.exeUnicorn-15568.exeUnicorn-28781.exeUnicorn-31329.exeUnicorn-223.exeUnicorn-25637.exeUnicorn-60992.exeUnicorn-41183.exeUnicorn-58444.exeUnicorn-60992.exeUnicorn-37587.exeUnicorn-17080.exeUnicorn-26251.exeUnicorn-46117.exeUnicorn-17080.exeUnicorn-26251.exeUnicorn-41311.exeUnicorn-4393.exeUnicorn-18639.exeUnicorn-14777.exeUnicorn-18639.exeUnicorn-56075.exeUnicorn-29023.exeUnicorn-29023.exeUnicorn-13729.exeUnicorn-30589.exe

pid	process
2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
3028	Unicorn-24721.exe
2988	Unicorn-43452.exe
3004	Unicorn-47567.exe
2712	Unicorn-23079.exe
2732	Unicorn-16124.exe
2728	Unicorn-41086.exe
1972	Unicorn-53372.exe
2688	Unicorn-9791.exe
2548	Unicorn-60092.exe
2036	Unicorn-60559.exe
844	Unicorn-14887.exe
1672	Unicorn-41730.exe
1764	Unicorn-11148.exe
1536	Unicorn-23822.exe
2692	Unicorn-1865.exe
2256	Unicorn-37365.exe
480	Unicorn-62327.exe
1488	Unicorn-17154.exe
1116	Unicorn-62825.exe
292	Unicorn-42475.exe
1556	Unicorn-3725.exe
972	Unicorn-23591.exe
2192	Unicorn-50236.exe
2032	Unicorn-5342.exe
1760	Unicorn-2535.exe
2068	Unicorn-56832.exe
2060	Unicorn-31403.exe
1260	Unicorn-51269.exe
1508	Unicorn-58591.exe
1744	Unicorn-15000.exe
1616	Unicorn-28274.exe
1580	Unicorn-15000.exe
2540	Unicorn-2301.exe
2624	Unicorn-44356.exe
2704	Unicorn-19541.exe
2496	Unicorn-19541.exe
2460	Unicorn-40759.exe
2984	Unicorn-61240.exe
2952	Unicorn-15568.exe
2700	Unicorn-28781.exe
2400	Unicorn-31329.exe
1432	Unicorn-223.exe
2784	Unicorn-25637.exe
1928	Unicorn-60992.exe
2072	Unicorn-41183.exe
1996	Unicorn-58444.exe
1028	Unicorn-60992.exe
1080	Unicorn-37587.exe
1660	Unicorn-17080.exe
2292	Unicorn-26251.exe
2088	Unicorn-46117.exe
2252	Unicorn-17080.exe
2280	Unicorn-26251.exe
2836	Unicorn-41311.exe
1792	Unicorn-4393.exe
2348	Unicorn-18639.exe
904	Unicorn-14777.exe
2124	Unicorn-18639.exe
2772	Unicorn-56075.exe
2156	Unicorn-29023.exe
3020	Unicorn-29023.exe
3032	Unicorn-13729.exe
1804	Unicorn-30589.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exeUnicorn-24721.exeUnicorn-43452.exeUnicorn-47567.exeUnicorn-16124.exeUnicorn-23079.exeUnicorn-41086.exeUnicorn-53372.exe

description	pid	process	target process
PID 2944 wrote to memory of 3028	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-24721.exe
PID 2944 wrote to memory of 3028	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-24721.exe
PID 2944 wrote to memory of 3028	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-24721.exe
PID 2944 wrote to memory of 3028	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-24721.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-24721.exe	Unicorn-43452.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-24721.exe	Unicorn-43452.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-24721.exe	Unicorn-43452.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-24721.exe	Unicorn-43452.exe
PID 2944 wrote to memory of 3004	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-47567.exe
PID 2944 wrote to memory of 3004	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-47567.exe
PID 2944 wrote to memory of 3004	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-47567.exe
PID 2944 wrote to memory of 3004	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-47567.exe
PID 2944 wrote to memory of 2840	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	WerFault.exe
PID 2944 wrote to memory of 2840	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	WerFault.exe
PID 2944 wrote to memory of 2840	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	WerFault.exe
PID 2944 wrote to memory of 2840	2944	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	WerFault.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-43452.exe	Unicorn-23079.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-43452.exe	Unicorn-23079.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-43452.exe	Unicorn-23079.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-43452.exe	Unicorn-23079.exe
PID 3028 wrote to memory of 2732	3028	Unicorn-24721.exe	Unicorn-16124.exe
PID 3028 wrote to memory of 2732	3028	Unicorn-24721.exe	Unicorn-16124.exe
PID 3028 wrote to memory of 2732	3028	Unicorn-24721.exe	Unicorn-16124.exe
PID 3028 wrote to memory of 2732	3028	Unicorn-24721.exe	Unicorn-16124.exe
PID 3004 wrote to memory of 2728	3004	Unicorn-47567.exe	Unicorn-41086.exe
PID 3004 wrote to memory of 2728	3004	Unicorn-47567.exe	Unicorn-41086.exe
PID 3004 wrote to memory of 2728	3004	Unicorn-47567.exe	Unicorn-41086.exe
PID 3004 wrote to memory of 2728	3004	Unicorn-47567.exe	Unicorn-41086.exe
PID 3028 wrote to memory of 2900	3028	Unicorn-24721.exe	WerFault.exe
PID 3028 wrote to memory of 2900	3028	Unicorn-24721.exe	WerFault.exe
PID 3028 wrote to memory of 2900	3028	Unicorn-24721.exe	WerFault.exe
PID 3028 wrote to memory of 2900	3028	Unicorn-24721.exe	WerFault.exe
PID 2732 wrote to memory of 1972	2732	Unicorn-16124.exe	Unicorn-53372.exe
PID 2732 wrote to memory of 1972	2732	Unicorn-16124.exe	Unicorn-53372.exe
PID 2732 wrote to memory of 1972	2732	Unicorn-16124.exe	Unicorn-53372.exe
PID 2732 wrote to memory of 1972	2732	Unicorn-16124.exe	Unicorn-53372.exe
PID 2712 wrote to memory of 2688	2712	Unicorn-23079.exe	Unicorn-9791.exe
PID 2712 wrote to memory of 2688	2712	Unicorn-23079.exe	Unicorn-9791.exe
PID 2712 wrote to memory of 2688	2712	Unicorn-23079.exe	Unicorn-9791.exe
PID 2712 wrote to memory of 2688	2712	Unicorn-23079.exe	Unicorn-9791.exe
PID 2988 wrote to memory of 2548	2988	Unicorn-43452.exe	Unicorn-60092.exe
PID 2988 wrote to memory of 2548	2988	Unicorn-43452.exe	Unicorn-60092.exe
PID 2988 wrote to memory of 2548	2988	Unicorn-43452.exe	Unicorn-60092.exe
PID 2988 wrote to memory of 2548	2988	Unicorn-43452.exe	Unicorn-60092.exe
PID 2728 wrote to memory of 844	2728	Unicorn-41086.exe	Unicorn-14887.exe
PID 2728 wrote to memory of 844	2728	Unicorn-41086.exe	Unicorn-14887.exe
PID 2728 wrote to memory of 844	2728	Unicorn-41086.exe	Unicorn-14887.exe
PID 2728 wrote to memory of 844	2728	Unicorn-41086.exe	Unicorn-14887.exe
PID 3004 wrote to memory of 2036	3004	Unicorn-47567.exe	Unicorn-60559.exe
PID 3004 wrote to memory of 2036	3004	Unicorn-47567.exe	Unicorn-60559.exe
PID 3004 wrote to memory of 2036	3004	Unicorn-47567.exe	Unicorn-60559.exe
PID 3004 wrote to memory of 2036	3004	Unicorn-47567.exe	Unicorn-60559.exe
PID 2988 wrote to memory of 1992	2988	Unicorn-43452.exe	WerFault.exe
PID 2988 wrote to memory of 1992	2988	Unicorn-43452.exe	WerFault.exe
PID 2988 wrote to memory of 1992	2988	Unicorn-43452.exe	WerFault.exe
PID 2988 wrote to memory of 1992	2988	Unicorn-43452.exe	WerFault.exe
PID 3004 wrote to memory of 2424	3004	Unicorn-47567.exe	WerFault.exe
PID 3004 wrote to memory of 2424	3004	Unicorn-47567.exe	WerFault.exe
PID 3004 wrote to memory of 2424	3004	Unicorn-47567.exe	WerFault.exe
PID 3004 wrote to memory of 2424	3004	Unicorn-47567.exe	WerFault.exe
PID 1972 wrote to memory of 1672	1972	Unicorn-53372.exe	Unicorn-41730.exe
PID 1972 wrote to memory of 1672	1972	Unicorn-53372.exe	Unicorn-41730.exe
PID 1972 wrote to memory of 1672	1972	Unicorn-53372.exe	Unicorn-41730.exe
PID 1972 wrote to memory of 1672	1972	Unicorn-53372.exe	Unicorn-41730.exe

C:\Users\Admin\AppData\Local\Temp\89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
"C:\Users\Admin\AppData\Local\Temp\89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
10⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
11⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
12⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
13⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
14⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
15⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11588 -s 216
15⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
14⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
13⤵
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
12⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
11⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
12⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
13⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
14⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11860 -s 216
14⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
12⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
11⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
9⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
10⤵
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 240
11⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
10⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
9⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
9⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
11⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
12⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
13⤵
PID:11676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
14⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
13⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
12⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
11⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
10⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8818.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
12⤵
PID:11612

C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
13⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11612 -s 216
13⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
9⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
8⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
8⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-5203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5203.exe
9⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
11⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
12⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
12⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
11⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
11⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
12⤵
PID:12128

C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
13⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
11⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 220
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
11⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
11⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
9⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
8⤵
- Program crash
PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
7⤵
- Program crash
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
8⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
11⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
12⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
12⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
11⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
10⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
11⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
12⤵
PID:12156

C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
13⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
11⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
12⤵
PID:12192

C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
13⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 236
12⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
10⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
9⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
8⤵
- Program crash
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
7⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
11⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
12⤵
PID:12044

C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
13⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
11⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
8⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
8⤵
- Program crash
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
7⤵
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
6⤵
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
10⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
11⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
12⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
8⤵
- Program crash
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
7⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
10⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
11⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
12⤵
PID:12040

C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
13⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12040 -s 216
13⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 220
12⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
11⤵
PID:12144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
12⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12144 -s 236
12⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 220
11⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 220
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
8⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
7⤵
- Program crash
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
7⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
10⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
11⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
12⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 216
8⤵
- Program crash
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
7⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
10⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
11⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
8⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
6⤵
- Program crash
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
9⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
10⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
11⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
12⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
13⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
13⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 220
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
11⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
12⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
11⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
8⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
11⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
12⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
12⤵
PID:14196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
8⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
7⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
8⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
9⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
10⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
11⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
10⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 220
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 240
8⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
7⤵
- Program crash
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
7⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
11⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
12⤵
PID:11776

C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
13⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
10⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
11⤵
PID:11924

C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
12⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
11⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
8⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
7⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
9⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
10⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
11⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
10⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
7⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
6⤵
- Program crash
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-58591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58591.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
7⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
10⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
11⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 236
12⤵
PID:13888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
11⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
8⤵
- Program crash
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
10⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
11⤵
PID:12092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
12⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
11⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
8⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
6⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
10⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
11⤵
PID:12172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
12⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
11⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
10⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
7⤵
- Program crash
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
6⤵
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
5⤵
- Program crash
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
9⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
11⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
12⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
13⤵
PID:11820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
14⤵
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11820 -s 216
14⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
13⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
12⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
11⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
11⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
12⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
13⤵
PID:13940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
9⤵
- Program crash
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
11⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
12⤵
PID:11912

C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
13⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 236
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
9⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
7⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
8⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
10⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
11⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
12⤵
PID:11880

C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
13⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11880 -s 216
13⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
12⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
11⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
9⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
10⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
11⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
12⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
11⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
7⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
10⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 236
11⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
10⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
7⤵
- Program crash
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
6⤵
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
7⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
8⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
10⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
12⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 216
12⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
9⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
8⤵
- Program crash
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
7⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
7⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
10⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
11⤵
PID:11708

C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
12⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
11⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
7⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
8⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
9⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
10⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11540 -s 220
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
10⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
9⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
8⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
7⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
6⤵
- Program crash
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
5⤵
- Program crash
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
8⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
10⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
12⤵
PID:12240

C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
13⤵
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
11⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-19959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19959.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
11⤵
PID:11472

C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
12⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
10⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
8⤵
- Program crash
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37914.exe
7⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
10⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
11⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
10⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
9⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
8⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
7⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
7⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
10⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
11⤵
PID:11868

C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
12⤵
PID:13500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11868 -s 216
12⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
11⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
7⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
9⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
10⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
11⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
10⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
9⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
8⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
7⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
6⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
7⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
10⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
11⤵
PID:11644

C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
12⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
11⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
7⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
9⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
10⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
11⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
9⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
8⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
7⤵
- Program crash
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
6⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
8⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
9⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
10⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
10⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
9⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
7⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
6⤵
- Program crash
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
5⤵
- Program crash
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
8⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
9⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
10⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
11⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
13⤵
PID:11988

C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
14⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
12⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
11⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
11⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
12⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 220
11⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 220
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
11⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
12⤵
PID:11744

C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
13⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
9⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
8⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
7⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
10⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
11⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
12⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11108 -s 216
12⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
10⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
11⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 220
8⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 220
7⤵
- Program crash
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
7⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-17974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17974.exe
10⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
11⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
12⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
12⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 220
11⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 216
8⤵
- Program crash
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
7⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
10⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-258.exe
11⤵
PID:11980

C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
12⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11980 -s 236
12⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
10⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
8⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
7⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
6⤵
- Program crash
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
7⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
8⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-24218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24218.exe
11⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
12⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
12⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
9⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
8⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 220
9⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
8⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-15434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15434.exe
7⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
8⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 212
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
8⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
7⤵
- Program crash
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
6⤵
- Program crash
PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
5⤵
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
7⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
10⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
11⤵
PID:11444

C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
12⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11444 -s 216
12⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
11⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
10⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
8⤵
- Program crash
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
7⤵
- Program crash
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
6⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
7⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
8⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
9⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
10⤵
PID:11288

C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
11⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11288 -s 236
11⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
10⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
9⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
8⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
7⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
8⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
9⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-30982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30982.exe
10⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 220
10⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
9⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
8⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 220
7⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
6⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
6⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
10⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
11⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11496 -s 216
12⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
8⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
9⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
10⤵
PID:13696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 220
9⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 220
8⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
6⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
7⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
8⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
9⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
10⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
10⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 220
9⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
8⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
7⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
6⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
5⤵
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
7⤵
- Executes dropped EXE
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
12⤵
PID:12028

C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12028 -s 236
13⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
10⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
11⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
8⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
7⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
9⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
10⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 220
11⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 220
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
9⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
8⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
7⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
6⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
7⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
10⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 220
11⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
8⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
7⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
8⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
9⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
10⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
10⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 220
9⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
8⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
7⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
6⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
6⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
9⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
10⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
11⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
11⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
10⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 220
9⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
8⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
7⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
8⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
9⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
10⤵
PID:12268

C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
11⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12268 -s 216
11⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
10⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
9⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
8⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
7⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
6⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
7⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
8⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
9⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
10⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 216
10⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
9⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
8⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
7⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
6⤵
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
5⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
7⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
10⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
11⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 220
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 220
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
8⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
8⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
9⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
10⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 220
10⤵
PID:13372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
9⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
8⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220
7⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
6⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
8⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
9⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
10⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
10⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
9⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
8⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
7⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
6⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
7⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
8⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
9⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
10⤵
PID:11600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
11⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
10⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
9⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
8⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
7⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
6⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
7⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
8⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
9⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
9⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 220
8⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 216
7⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
6⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
5⤵
- Program crash
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
4⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
2⤵
- Program crash
PID:2840

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
Filesize
184KB

MD5
6df08a62d5e113d8decbecc7974279ae

SHA1
61c8de91fdcb459dce45bf7513e351e197bcf050

SHA256
e6192075fc5bb7995c59ab8fa523dfd823db68bfe28f83ebc8c3a323873d3bc8

SHA512
37f9a3f50edae0f862dc3c08826df0d5844828e62878fd9fafa40097b971826112b59c66f02dbc3923cc8f69c28e0589cdc75e5fc43469f293f19c22d2800a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
Filesize
184KB

MD5
a887ded5b8c70b97a6f3fd0c8a1ef371

SHA1
27cc95c18d70775fc4926fb0dd949d1f42078480

SHA256
490917e7cf12db1377f76f3660ce665c933fd2cc55301298be97d3c9beb82fcf

SHA512
4ad610f207fcc7a3e2a88f48f93a6244d18ebf6b8275cbd85a66a70267ae2b28c5b6a9d00461b3d1c2c337fb35474a2aaf282bd25cf4e0cbfec0bc465f4053f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
Filesize
184KB

MD5
ee971693f6b713565de0f39c40cf3a96

SHA1
805f412828fe72b1be85237fa9f03e2c8e426e80

SHA256
84bcc1c3ce4494086d49e87588f8b9d5e3665650f7dfb20d031cb873a0e7ce23

SHA512
19e093db6002d28e05e21258d68b45a025665486a2a9b12deed7174a3c29fd8c68d52ed9dce7f15343cc814346aeb4c8ff49dfebfae93c0599f8b4731a0e9967

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
Filesize
184KB

MD5
c3abdfbe5d242061d12eb609d7071d15

SHA1
0d8fd216b863a8e0b3d0a5b70eb5b8789e0b69ae

SHA256
57cd6d67617afb19e852d5ec7a4ccb0e450dd1a595dc5ca4cd3204652cd8fec9

SHA512
65a3c7172947b09f36bb803378f76d7ca634f4d792f9f33fd796b373ecf50c0419bf0eca0df6b45d1393241858ed948c3e9bdf85f0809e02549ed41980bf62ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
Filesize
184KB

MD5
3bda93b79abf17be4c8ef7520c8f52c8

SHA1
57edef4e90f432cbc01be093871acc52eff1d26d

SHA256
dde27a5a5f2e016ffe710ab13afd12c8fe71064a906a4eb39ebd8e943e73ca11

SHA512
d96a8049bb85fc232995fed8fb7a15b083d06e2e584256429dedba5dedb5c6c38319f2a8a2888c752744fda9e61dab25924d7ec7ecee16613b7370d7434e1ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
Filesize
184KB

MD5
78e26525e3e8308f9f87b1fb3efadcae

SHA1
a3c3f032348565d73408fd314dace8bf7812a4db

SHA256
6dd231c61940a4c2565ea49a1a0bb3f99c5daaa270b9185979d13d4e9bee2823

SHA512
a3b95b614bafa10b585135944e76a88de30bd3a97969ff5d83524d8fc9d8ad4509389b96d7af05fa422d03a14a03276e2f822faee1818eed3d0b3a80003f835c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
Filesize
184KB

MD5
7b7a847f7aef28a99122d168a1055e3d

SHA1
c221fa568c69027fe0c26738c4993389dfa2b52c

SHA256
9a0c078b4c30d9c0d75fdad105620d7cc1e74d9eb1b035ecc39149a3529d3379

SHA512
40feea8af7629b1c75c051b303de74ae904fcdacbe0256568d5e3c981ade7c3cc5ec0bcee7db9f29ba51dc23382e9946921f73c677797e8e84aa1f7ec2a93011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
Filesize
184KB

MD5
a02dad8b75ceb2ee038cd1a3dcac41ea

SHA1
5195d2dac68ef60c923d18f56d56106b2f64da6c

SHA256
531edee8df4ce060e01aa40ec6afadf4fedf4c1757d825cb9d7bc3a0e52966ed

SHA512
6a4c5d0a014651cef7cb95e770c8696fc7a43a211d6b059f054c8873f967c3e88c335de3954f79d8b5877dbbfee1d4ebe61f6132f79a52c6aef0dd45b17c867d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
Filesize
184KB

MD5
620a17850c1779fe18d8cb2ff8d3569b

SHA1
823105d4f8e8f501eb03688647e411cd0b2a8a39

SHA256
2ba5517597bc111692c98c75cd4ac7eb34fcc05ae8fcd23612e95ca78211ea2a

SHA512
0a5e898171d22498a9f8065b465cf0ddf1dac1ee9272c56e6b7a487efe461df4bb74ae567b47134f82d990b674605ca44eb174e05ab828234f1c5264fedb5a44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
Filesize
184KB

MD5
63a4cc30e496f7c3bd80dee6928b327a

SHA1
12a2620dc6481b3fd78cae88487c8920ec35d0b5

SHA256
34d8d9c3fe4eab4bcbf2387a295b60c5b4f67d136c86d32fc4dd50b1e6bfa3e9

SHA512
dd85376e51856e509cbd5a110d23ac7e8fefa3954475c0bb392ae999504eeba6131902839dfa1245886a899255e74a990ffd348055de868ddfea7e67088bc063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
Filesize
184KB

MD5
65031af4aa3bcbf69777178eb96c747a

SHA1
5df6b8fbd6ee936ab18e6d74638a624203c81c10

SHA256
f1d1c82dab9f4b39c721893e2024c26c1067fe5b928de2caa3df3521cd743304

SHA512
aee3eec453d957b007da90cca9bfc20a4140e36ebc047dce943070a130e2e797c82d17037de609ce73d0df76bbea617ec5da31ff30d5b315b12ff6206a40a956

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
Filesize
184KB

MD5
6ce4a0d6fa256364f81145c8b3404530

SHA1
1ff2490306746451dd8da2d992b1c821f865a142

SHA256
cd12da1ead7a0887f16ab57a7b3e69497de5b57f86f558db881933eba0de8411

SHA512
dbe9e3487d12683a6a702441367e23239779c1c58bc626205aff6f514d7d847fc19f4955acb09f5514337cad4d2938a2e003d6eb40457ac41bea43a6f78cb73a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
Filesize
184KB

MD5
7e42f43ce1769db63aedc67addcaf318

SHA1
2926e233d6e18962faaf88a24e4461f99ea12fd8

SHA256
010163cab0489b3e6179844e1411f42dedf8b14d4e1b29491421f11be64f81bb

SHA512
ffcb39d190f15da9e70ee2f753dbaa5c6f24952a87ccdf397b7664859779f12925c2b0f800024a53755ce5b53796b3d03fe2c4dd7ecb27931953abf160b8cd80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
Filesize
184KB

MD5
15c005ac6c274d7cd93128efc06f4374

SHA1
44ccf9c2296c5407c45a0ca2ca1a74f10d17900b

SHA256
6a035998af04cc56b3ac4f2ccc9af7f35dc415deee6695f26d7c1969b2c14246

SHA512
ada470eca5baf5ec2516222ceefa2d302448275c71bf1a7c2a07c981041c7498e9edf7a704bf75689086fdf2e4182804365503e9e17b1810e6dbcb8cb2c5cb4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
Filesize
184KB

MD5
34e91ffa686a8a801a323b346426adac

SHA1
72347b5726a5db67b679513d45d3dbc216c0cca7

SHA256
6253a8545c4607b6e893f5d4717245701410d9b22d42856a8f55062a7c4e65cf

SHA512
830375310a2392b296c5842a3bf164060f8d120e0060fd6f69e753bc531b25e0ffae76620ba21d0db05437d1a9e99d84993373d31b6bb5f9d9379b07dcbae8a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
Filesize
184KB

MD5
7e54c106f37f0f1d41bf750563d2749a

SHA1
21eb3046fa5353bcf7111b633c25d92fc16858b6

SHA256
e1968980db56dbc8f5fa7bc069b5afeabade625ebe2cc71ed89eb9d32d48d644

SHA512
94326a2dd26ab4b82837b6a0d0332e7ac78d8f98f2fc236b710275a8a9258e6ceeb6a4b4b162267a08c2d05f8cacfb633e8a2773bd30c437ac43acadbd44c8d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
Filesize
184KB

MD5
31350c105d817937a927d09475432009

SHA1
638b58d8ef82b6797b4e9ae9c50fffd2de638fc7

SHA256
fe6deb846bd052efd655691a6ea783ac445cc54d2d7992cb4c6451e1705831ee

SHA512
ace3cb39248ae010fda52068afa412173390fc5ea8dad21c1ca825046a34e6c5685361ab7a3ec284fffe54498e925e7690a99ecb9ac96f547a8d080304513a60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
Filesize
184KB

MD5
29dc05b00ff242c43aaa2e2a1dfb3a50

SHA1
a27d433a576a6f7e48c5d6b761be6e53173e3456

SHA256
9b247f4fe0bc0961b5dc025c97629b47f7f77554d4312672a6e67a7ee4c05b36

SHA512
000573cdb3356320d50c1f5332e8d4c8d4e63c92e66edd7c6879c0031e0d16943251dbf8c1cac282cf489f08ed2b651957632c55bc289281d71fa5a1326f2158

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
Filesize
184KB

MD5
c97f2ec3852b147426d7825ed25e9d8e

SHA1
8e25cb1a517401501ee0fb565dc7587c307d6ea3

SHA256
f8c5027d61d7d98b2752fdc8929cc43044c9a01cba39ffd1d44224c4b0a1454e

SHA512
2384d6d6b11179c8fab151314ba06bc13b831c8eeca9a11d83d5d65fa57a7830a55c04f7e70f27bf961cb46e8639c5e7fb0e53d92747e61df7c7e63dcb58ad6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
Filesize
184KB

MD5
e9a26b55f89294bc0f006399c152989f

SHA1
07e70f83eabad410a19f698f1a8ba086e6b860dc

SHA256
fc357db9246f1df69c7e5b45383e41511eb5bc7f0eb4bf83e5cb062cb7b6e758

SHA512
47fdfaf6423bcb09db03fe6d4b755ad1896090f870529767941e00eef6aa458367f4723a83628ded10abd9e73c02aea7953272d581ce12be670f72678d1c4a7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
Filesize
184KB

MD5
48489fe0086070710efea555f96973a8

SHA1
626579d15710e8b61bfb57ee0488c6eed7d6022a

SHA256
f0eb885a7543c842b1d14d6dd993dc524d48afd23424ad5b048323841694e2b3

SHA512
162394c1f2ebae00d845cc5a5809671faf262b206426997d8b65cbb77bfc419c1de6012a5b2eceab56199530009961112a838e26c4a06b3041167a63f01c0944

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads