ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
Size

184KB
MD5

3f9cf0eeeec3dd1b35112f8c605d5398
SHA1

900e3438dfe9674ec1359cef8a9f7484ce1eac15
SHA256

ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5
SHA512

8ccd4465642e1853d4ff1761b24abe9dc22a66c8ab7be66988bde3687ba4176a24f08822970aa78e9b191fd0dc6a977aaaa9cbc90310cf09d1736bfc06275d14
SSDEEP

1536:kB2J6jZlP3nyotxMt4OAlawMGt9yvZc8hmdzjgLR2Mz5tqAl5hj5nizpvK:Qr73nyoTG4OTdGnWelgLR7vqAlnViFi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-11363.exeUnicorn-39654.exeUnicorn-35055.exeUnicorn-35865.exeUnicorn-40464.exeUnicorn-45049.exeUnicorn-62610.exeUnicorn-42744.exeUnicorn-39367.exeUnicorn-28719.exeUnicorn-64873.exeUnicorn-14603.exeUnicorn-35983.exeUnicorn-7909.exeUnicorn-3311.exeUnicorn-64147.exeUnicorn-18516.exeUnicorn-8719.exeUnicorn-21718.exeUnicorn-57235.exeUnicorn-51895.exeUnicorn-6415.exeUnicorn-21683.exeUnicorn-39280.exeUnicorn-35065.exeUnicorn-56501.exeUnicorn-56693.exeUnicorn-51903.exeUnicorn-49013.exeUnicorn-61820.exeUnicorn-47477.exeUnicorn-48281.exeUnicorn-2801.exeUnicorn-35474.exeUnicorn-45095.exeUnicorn-45095.exeUnicorn-25421.exeUnicorn-3569.exeUnicorn-49241.exeUnicorn-43018.exeUnicorn-31375.exeUnicorn-2656.exeUnicorn-64815.exeUnicorn-30066.exeUnicorn-49932.exeUnicorn-47436.exeUnicorn-43221.exeUnicorn-63087.exeUnicorn-36969.exeUnicorn-32370.exeUnicorn-17295.exeUnicorn-20140.exeUnicorn-53414.exeUnicorn-16335.exeUnicorn-27177.exeUnicorn-24908.exeUnicorn-60041.exeUnicorn-5194.exeUnicorn-27945.exeUnicorn-25676.exeUnicorn-18385.exeUnicorn-45542.exeUnicorn-45542.exeUnicorn-18385.exe

pid	process
2200	Unicorn-11363.exe
2548	Unicorn-39654.exe
2656	Unicorn-35055.exe
2868	Unicorn-35865.exe
2584	Unicorn-40464.exe
1556	Unicorn-45049.exe
1324	Unicorn-62610.exe
1368	Unicorn-42744.exe
280	Unicorn-39367.exe
1584	Unicorn-28719.exe
1228	Unicorn-64873.exe
2352	Unicorn-14603.exe
2112	Unicorn-35983.exe
2136	Unicorn-7909.exe
2732	Unicorn-3311.exe
2708	Unicorn-64147.exe
1312	Unicorn-18516.exe
1656	Unicorn-8719.exe
1672	Unicorn-21718.exe
2900	Unicorn-57235.exe
1444	Unicorn-51895.exe
756	Unicorn-6415.exe
980	Unicorn-21683.exe
812	Unicorn-39280.exe
912	Unicorn-35065.exe
2988	Unicorn-56501.exe
2072	Unicorn-56693.exe
1436	Unicorn-51903.exe
2276	Unicorn-49013.exe
2892	Unicorn-61820.exe
2140	Unicorn-47477.exe
2628	Unicorn-48281.exe
2600	Unicorn-2801.exe
2096	Unicorn-35474.exe
2636	Unicorn-45095.exe
2404	Unicorn-45095.exe
2580	Unicorn-25421.exe
1736	Unicorn-3569.exe
2408	Unicorn-49241.exe
1516	Unicorn-43018.exe
1588	Unicorn-31375.exe
2132	Unicorn-2656.exe
2796	Unicorn-64815.exe
2036	Unicorn-30066.exe
2016	Unicorn-49932.exe
2716	Unicorn-47436.exe
672	Unicorn-43221.exe
1212	Unicorn-63087.exe
1468	Unicorn-36969.exe
2940	Unicorn-32370.exe
1052	Unicorn-17295.exe
2152	Unicorn-20140.exe
1688	Unicorn-53414.exe
1064	Unicorn-16335.exe
880	Unicorn-27177.exe
580	Unicorn-24908.exe
3032	Unicorn-60041.exe
636	Unicorn-5194.exe
2760	Unicorn-27945.exe
2080	Unicorn-25676.exe
1924	Unicorn-18385.exe
2908	Unicorn-45542.exe
2120	Unicorn-45542.exe
2536	Unicorn-18385.exe

Loads dropped DLL 64 IoCs

Processes:

ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exeUnicorn-11363.exeUnicorn-39654.exeWerFault.exeUnicorn-35055.exeUnicorn-40464.exeUnicorn-35865.exeWerFault.exeWerFault.exeUnicorn-45049.exeUnicorn-62610.exeUnicorn-42744.exeUnicorn-39367.exeWerFault.exeWerFault.exeUnicorn-28719.exeUnicorn-64873.exeUnicorn-14603.exe

pid	process
1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
2200	Unicorn-11363.exe
2200	Unicorn-11363.exe
1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
2548	Unicorn-39654.exe
2200	Unicorn-11363.exe
2200	Unicorn-11363.exe
2548	Unicorn-39654.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2656	Unicorn-35055.exe
2656	Unicorn-35055.exe
2548	Unicorn-39654.exe
2584	Unicorn-40464.exe
2584	Unicorn-40464.exe
2548	Unicorn-39654.exe
2868	Unicorn-35865.exe
2868	Unicorn-35865.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1556	Unicorn-45049.exe
1556	Unicorn-45049.exe
1324	Unicorn-62610.exe
1324	Unicorn-62610.exe
1368	Unicorn-42744.exe
1368	Unicorn-42744.exe
2584	Unicorn-40464.exe
2584	Unicorn-40464.exe
280	Unicorn-39367.exe
280	Unicorn-39367.exe
2868	Unicorn-35865.exe
2868	Unicorn-35865.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
1584	Unicorn-28719.exe
1584	Unicorn-28719.exe
1556	Unicorn-45049.exe
1556	Unicorn-45049.exe
1228	Unicorn-64873.exe
1228	Unicorn-64873.exe
1324	Unicorn-62610.exe
1324	Unicorn-62610.exe
2352	Unicorn-14603.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2540	1964	WerFault.exe	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
2836	2200	WerFault.exe	Unicorn-11363.exe
1464	2656	WerFault.exe	Unicorn-35055.exe
1512	2548	WerFault.exe	Unicorn-39654.exe
576	2584	WerFault.exe	Unicorn-40464.exe
2780	2868	WerFault.exe	Unicorn-35865.exe
2488	1556	WerFault.exe	Unicorn-45049.exe
3020	1324	WerFault.exe	Unicorn-62610.exe
888	1368	WerFault.exe	Unicorn-42744.exe
1900	280	WerFault.exe	Unicorn-39367.exe
1364	1584	WerFault.exe	Unicorn-28719.exe
2288	1228	WerFault.exe	Unicorn-64873.exe
2044	2352	WerFault.exe	Unicorn-14603.exe
1996	2112	WerFault.exe	Unicorn-35983.exe
1844	2732	WerFault.exe	Unicorn-3311.exe
1908	2136	WerFault.exe	Unicorn-7909.exe
2460	2708	WerFault.exe	Unicorn-64147.exe
2884	1312	WerFault.exe	Unicorn-18516.exe
2180	1656	WerFault.exe	Unicorn-8719.exe
1236	2900	WerFault.exe	Unicorn-57235.exe
2824	1672	WerFault.exe	Unicorn-21718.exe
3040	1444	WerFault.exe	Unicorn-51895.exe
2504	812	WerFault.exe	Unicorn-39280.exe
2244	756	WerFault.exe	Unicorn-6415.exe
1700	912	WerFault.exe	Unicorn-35065.exe
704	980	WerFault.exe	Unicorn-21683.exe
2204	2988	WerFault.exe	Unicorn-56501.exe
2220	1436	WerFault.exe	Unicorn-51903.exe
112	2072	WerFault.exe	Unicorn-56693.exe
2724	2276	WerFault.exe	Unicorn-49013.exe
1308	2892	WerFault.exe	Unicorn-61820.exe
872	2140	WerFault.exe	Unicorn-47477.exe
916	2628	WerFault.exe	Unicorn-48281.exe
2156	2600	WerFault.exe	Unicorn-2801.exe
2512	2096	WerFault.exe	Unicorn-35474.exe
2696	1516	WerFault.exe	Unicorn-43018.exe
320	2408	WerFault.exe	Unicorn-49241.exe
848	2580	WerFault.exe	Unicorn-25421.exe
1916	2636	WerFault.exe	Unicorn-45095.exe
2864	2404	WerFault.exe	Unicorn-45095.exe
3588	2796	WerFault.exe	Unicorn-64815.exe
3632	1736	WerFault.exe	Unicorn-3569.exe
4056	1588	WerFault.exe	Unicorn-31375.exe
3128	1688	WerFault.exe	Unicorn-53414.exe
3188	880	WerFault.exe	Unicorn-27177.exe
3240	1924	WerFault.exe	Unicorn-18385.exe
3268	636	WerFault.exe	Unicorn-5194.exe
3264	3032	WerFault.exe	Unicorn-60041.exe
3600	1052	WerFault.exe	Unicorn-17295.exe
3628	672	WerFault.exe	Unicorn-43221.exe
3648	2716	WerFault.exe	Unicorn-47436.exe
3788	1468	WerFault.exe	Unicorn-36969.exe
3804	3064	WerFault.exe	Unicorn-25867.exe
3864	2468	WerFault.exe	Unicorn-58923.exe
3904	2116	WerFault.exe	Unicorn-28476.exe
3992	2016	WerFault.exe	Unicorn-49932.exe
4012	1928	WerFault.exe	Unicorn-59883.exe
4028	2940	WerFault.exe	Unicorn-32370.exe
3304	780	WerFault.exe	Unicorn-46816.exe
3448	2820	WerFault.exe	Unicorn-21346.exe
3476	288	WerFault.exe	Unicorn-1336.exe
3516	2128	WerFault.exe	Unicorn-55581.exe
3564	1420	WerFault.exe	Unicorn-58425.exe
3348	2768	WerFault.exe	Unicorn-23650.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exeUnicorn-11363.exeUnicorn-39654.exeUnicorn-35055.exeUnicorn-40464.exeUnicorn-35865.exeUnicorn-45049.exeUnicorn-42744.exeUnicorn-62610.exeUnicorn-39367.exeUnicorn-28719.exeUnicorn-64873.exeUnicorn-14603.exeUnicorn-7909.exeUnicorn-35983.exeUnicorn-3311.exeUnicorn-64147.exeUnicorn-18516.exeUnicorn-8719.exeUnicorn-21718.exeUnicorn-57235.exeUnicorn-51895.exeUnicorn-6415.exeUnicorn-21683.exeUnicorn-39280.exeUnicorn-35065.exeUnicorn-56501.exeUnicorn-51903.exeUnicorn-56693.exeUnicorn-49013.exeUnicorn-61820.exeUnicorn-47477.exeUnicorn-48281.exeUnicorn-2801.exeUnicorn-35474.exeUnicorn-45095.exeUnicorn-25421.exeUnicorn-3569.exeUnicorn-45095.exeUnicorn-49241.exeUnicorn-43018.exeUnicorn-31375.exeUnicorn-2656.exeUnicorn-64815.exeUnicorn-30066.exeUnicorn-49932.exeUnicorn-43221.exeUnicorn-47436.exeUnicorn-63087.exeUnicorn-36969.exeUnicorn-32370.exeUnicorn-17295.exeUnicorn-20140.exeUnicorn-53414.exeUnicorn-16335.exeUnicorn-27177.exeUnicorn-60041.exeUnicorn-24908.exeUnicorn-27945.exeUnicorn-5194.exeUnicorn-45542.exeUnicorn-45542.exeUnicorn-25676.exeUnicorn-18385.exe

pid	process
1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
2200	Unicorn-11363.exe
2548	Unicorn-39654.exe
2656	Unicorn-35055.exe
2584	Unicorn-40464.exe
2868	Unicorn-35865.exe
1556	Unicorn-45049.exe
1368	Unicorn-42744.exe
1324	Unicorn-62610.exe
280	Unicorn-39367.exe
1584	Unicorn-28719.exe
1228	Unicorn-64873.exe
2352	Unicorn-14603.exe
2136	Unicorn-7909.exe
2112	Unicorn-35983.exe
2732	Unicorn-3311.exe
2708	Unicorn-64147.exe
1312	Unicorn-18516.exe
1656	Unicorn-8719.exe
1672	Unicorn-21718.exe
2900	Unicorn-57235.exe
1444	Unicorn-51895.exe
756	Unicorn-6415.exe
980	Unicorn-21683.exe
812	Unicorn-39280.exe
912	Unicorn-35065.exe
2988	Unicorn-56501.exe
1436	Unicorn-51903.exe
2072	Unicorn-56693.exe
2276	Unicorn-49013.exe
2892	Unicorn-61820.exe
2140	Unicorn-47477.exe
2628	Unicorn-48281.exe
2600	Unicorn-2801.exe
2096	Unicorn-35474.exe
2636	Unicorn-45095.exe
2580	Unicorn-25421.exe
1736	Unicorn-3569.exe
2404	Unicorn-45095.exe
2408	Unicorn-49241.exe
1516	Unicorn-43018.exe
1588	Unicorn-31375.exe
2132	Unicorn-2656.exe
2796	Unicorn-64815.exe
2036	Unicorn-30066.exe
2016	Unicorn-49932.exe
672	Unicorn-43221.exe
2716	Unicorn-47436.exe
1212	Unicorn-63087.exe
1468	Unicorn-36969.exe
2940	Unicorn-32370.exe
1052	Unicorn-17295.exe
2152	Unicorn-20140.exe
1688	Unicorn-53414.exe
1064	Unicorn-16335.exe
880	Unicorn-27177.exe
3032	Unicorn-60041.exe
580	Unicorn-24908.exe
2760	Unicorn-27945.exe
636	Unicorn-5194.exe
2908	Unicorn-45542.exe
2120	Unicorn-45542.exe
2080	Unicorn-25676.exe
2536	Unicorn-18385.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 1964 wrote to memory of 2200	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-11363.exe
PID 1964 wrote to memory of 2200	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-11363.exe
PID 1964 wrote to memory of 2200	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-11363.exe
PID 1964 wrote to memory of 2200	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-11363.exe
PID 2200 wrote to memory of 2548	2200	Unicorn-11363.exe	Unicorn-39654.exe
PID 2200 wrote to memory of 2548	2200	Unicorn-11363.exe	Unicorn-39654.exe
PID 2200 wrote to memory of 2548	2200	Unicorn-11363.exe	Unicorn-39654.exe
PID 2200 wrote to memory of 2548	2200	Unicorn-11363.exe	Unicorn-39654.exe
PID 1964 wrote to memory of 2656	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-35055.exe
PID 1964 wrote to memory of 2656	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-35055.exe
PID 1964 wrote to memory of 2656	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-35055.exe
PID 1964 wrote to memory of 2656	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	Unicorn-35055.exe
PID 1964 wrote to memory of 2540	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	WerFault.exe
PID 1964 wrote to memory of 2540	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	WerFault.exe
PID 1964 wrote to memory of 2540	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	WerFault.exe
PID 1964 wrote to memory of 2540	1964	ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe	WerFault.exe
PID 2200 wrote to memory of 2868	2200	Unicorn-11363.exe	Unicorn-35865.exe
PID 2200 wrote to memory of 2868	2200	Unicorn-11363.exe	Unicorn-35865.exe
PID 2200 wrote to memory of 2868	2200	Unicorn-11363.exe	Unicorn-35865.exe
PID 2200 wrote to memory of 2868	2200	Unicorn-11363.exe	Unicorn-35865.exe
PID 2548 wrote to memory of 2584	2548	Unicorn-39654.exe	Unicorn-40464.exe
PID 2548 wrote to memory of 2584	2548	Unicorn-39654.exe	Unicorn-40464.exe
PID 2548 wrote to memory of 2584	2548	Unicorn-39654.exe	Unicorn-40464.exe
PID 2548 wrote to memory of 2584	2548	Unicorn-39654.exe	Unicorn-40464.exe
PID 2200 wrote to memory of 2836	2200	Unicorn-11363.exe	WerFault.exe
PID 2200 wrote to memory of 2836	2200	Unicorn-11363.exe	WerFault.exe
PID 2200 wrote to memory of 2836	2200	Unicorn-11363.exe	WerFault.exe
PID 2200 wrote to memory of 2836	2200	Unicorn-11363.exe	WerFault.exe
PID 2656 wrote to memory of 1556	2656	Unicorn-35055.exe	Unicorn-45049.exe
PID 2656 wrote to memory of 1556	2656	Unicorn-35055.exe	Unicorn-45049.exe
PID 2656 wrote to memory of 1556	2656	Unicorn-35055.exe	Unicorn-45049.exe
PID 2656 wrote to memory of 1556	2656	Unicorn-35055.exe	Unicorn-45049.exe
PID 2584 wrote to memory of 1324	2584	Unicorn-40464.exe	Unicorn-62610.exe
PID 2584 wrote to memory of 1324	2584	Unicorn-40464.exe	Unicorn-62610.exe
PID 2584 wrote to memory of 1324	2584	Unicorn-40464.exe	Unicorn-62610.exe
PID 2584 wrote to memory of 1324	2584	Unicorn-40464.exe	Unicorn-62610.exe
PID 2548 wrote to memory of 1368	2548	Unicorn-39654.exe	Unicorn-42744.exe
PID 2548 wrote to memory of 1368	2548	Unicorn-39654.exe	Unicorn-42744.exe
PID 2548 wrote to memory of 1368	2548	Unicorn-39654.exe	Unicorn-42744.exe
PID 2548 wrote to memory of 1368	2548	Unicorn-39654.exe	Unicorn-42744.exe
PID 2868 wrote to memory of 280	2868	Unicorn-35865.exe	Unicorn-39367.exe
PID 2868 wrote to memory of 280	2868	Unicorn-35865.exe	Unicorn-39367.exe
PID 2868 wrote to memory of 280	2868	Unicorn-35865.exe	Unicorn-39367.exe
PID 2868 wrote to memory of 280	2868	Unicorn-35865.exe	Unicorn-39367.exe
PID 2656 wrote to memory of 1464	2656	Unicorn-35055.exe	WerFault.exe
PID 2656 wrote to memory of 1464	2656	Unicorn-35055.exe	WerFault.exe
PID 2656 wrote to memory of 1464	2656	Unicorn-35055.exe	WerFault.exe
PID 2656 wrote to memory of 1464	2656	Unicorn-35055.exe	WerFault.exe
PID 2548 wrote to memory of 1512	2548	Unicorn-39654.exe	WerFault.exe
PID 2548 wrote to memory of 1512	2548	Unicorn-39654.exe	WerFault.exe
PID 2548 wrote to memory of 1512	2548	Unicorn-39654.exe	WerFault.exe
PID 2548 wrote to memory of 1512	2548	Unicorn-39654.exe	WerFault.exe
PID 1556 wrote to memory of 1584	1556	Unicorn-45049.exe	Unicorn-28719.exe
PID 1556 wrote to memory of 1584	1556	Unicorn-45049.exe	Unicorn-28719.exe
PID 1556 wrote to memory of 1584	1556	Unicorn-45049.exe	Unicorn-28719.exe
PID 1556 wrote to memory of 1584	1556	Unicorn-45049.exe	Unicorn-28719.exe
PID 1324 wrote to memory of 1228	1324	Unicorn-62610.exe	Unicorn-64873.exe
PID 1324 wrote to memory of 1228	1324	Unicorn-62610.exe	Unicorn-64873.exe
PID 1324 wrote to memory of 1228	1324	Unicorn-62610.exe	Unicorn-64873.exe
PID 1324 wrote to memory of 1228	1324	Unicorn-62610.exe	Unicorn-64873.exe
PID 1368 wrote to memory of 2352	1368	Unicorn-42744.exe	Unicorn-14603.exe
PID 1368 wrote to memory of 2352	1368	Unicorn-42744.exe	Unicorn-14603.exe
PID 1368 wrote to memory of 2352	1368	Unicorn-42744.exe	Unicorn-14603.exe
PID 1368 wrote to memory of 2352	1368	Unicorn-42744.exe	Unicorn-14603.exe

C:\Users\Admin\AppData\Local\Temp\ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe
"C:\Users\Admin\AppData\Local\Temp\ad0561da631fca71ddb026689f88a69fa53ade53ff7ab63525fe92989f3fc0e5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7579.exe
10⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
11⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
12⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
13⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
14⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
15⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
15⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
14⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
13⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
12⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
11⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
11⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
12⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
13⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
14⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 236
14⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
13⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
12⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
11⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
10⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
9⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
10⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
11⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
12⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
13⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
14⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
14⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
13⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
12⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
11⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
10⤵
- Program crash
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
9⤵
- Program crash
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
9⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
10⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
11⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
12⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
13⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
14⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 220
14⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
13⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
12⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
11⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
11⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
12⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
13⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
13⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
12⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
9⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
8⤵
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
9⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
10⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
11⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
12⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
13⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
14⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 236
14⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
13⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
12⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
11⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
10⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
9⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
11⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
12⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
12⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
8⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
10⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
11⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
12⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
13⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
12⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
11⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
10⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
9⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
8⤵
- Program crash
PID:1308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
7⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
9⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
11⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
12⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
13⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
13⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
9⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
8⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44567.exe
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
11⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
12⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 236
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
9⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
8⤵
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
8⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
12⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
13⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 236
13⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
11⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
9⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
10⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
11⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 220
12⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
11⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
10⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
8⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 220
6⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
9⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
10⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
11⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
12⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
13⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
14⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
14⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
13⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 236
12⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
11⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
10⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-4133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4133.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
11⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
12⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
13⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
12⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
11⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-4019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4019.exe
8⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-4133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4133.exe
10⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
11⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
12⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
13⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 216
13⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
12⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
9⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
8⤵
- Program crash
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
8⤵
PID:456

C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
10⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 220
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 236
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
10⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
11⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
12⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 204
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
8⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 220
7⤵
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-25421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25421.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
7⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
10⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
11⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
12⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
11⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
8⤵
- Program crash
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
7⤵
- Program crash
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
6⤵
- Program crash
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-57235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57235.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
9⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
10⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
11⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
12⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
13⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
14⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 236
14⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
13⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
12⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
11⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
11⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
12⤵
PID:8904

C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
13⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
13⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
12⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 236
11⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
9⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
8⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
10⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
11⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
12⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
13⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 204
12⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 220
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
10⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
9⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
8⤵
- Program crash
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
8⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
12⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
12⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
9⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
10⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
11⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-1286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1286.exe
12⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 236
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
8⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
7⤵
- Program crash
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
8⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
10⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
11⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
12⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
13⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
13⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
10⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
11⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 236
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
7⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
10⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
11⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
12⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 236
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
8⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
7⤵
- Program crash
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
6⤵
- Program crash
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
11⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
12⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
13⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 236
13⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
12⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
9⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
7⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
10⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
7⤵
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
7⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
10⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
11⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
12⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 220
11⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
9⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
10⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
11⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 236
11⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
10⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
9⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
7⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
6⤵
- Program crash
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
5⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:280

C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
9⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
10⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
11⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
12⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
13⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
14⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
13⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
12⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
11⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
10⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
9⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
11⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
12⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
13⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
12⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
11⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
10⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
8⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
10⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
11⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
12⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
13⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
13⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
9⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 220
8⤵
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
8⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
12⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
11⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
12⤵
PID:11948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 220
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
11⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
9⤵
PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
8⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 220
7⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
8⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
12⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
11⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
9⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
8⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
7⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
10⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
11⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 236
11⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
10⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
8⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
6⤵
- Program crash
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
10⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
11⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
12⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 220
11⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 220
10⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
7⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
8⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
9⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
10⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
11⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 236
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 236
10⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
9⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
8⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
7⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
6⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
5⤵
- Program crash
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
11⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
12⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
13⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 236
13⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
11⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 220
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
7⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
10⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 216
8⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
7⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
6⤵
- Executes dropped EXE
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
7⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
10⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
10⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
8⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
7⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
6⤵
- Program crash
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
7⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
10⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
11⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
10⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
8⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
7⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
6⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
7⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-25853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25853.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
10⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
8⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
7⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
6⤵
- Program crash
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
5⤵
- Program crash
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-56501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56501.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25867.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
9⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
10⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
12⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
13⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 236
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
12⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
10⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
9⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
8⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
9⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
12⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 236
12⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
7⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
8⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
11⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
12⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
13⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 220
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
11⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
9⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 236
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
10⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
7⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
8⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
11⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 236
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
10⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 216
9⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
8⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
7⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
10⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
11⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
9⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
6⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
7⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
6⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
7⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
10⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
9⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
8⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
7⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
6⤵
- Program crash
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
5⤵
- Program crash
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
10⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
11⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 236
12⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 220
11⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
10⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
7⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
8⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
9⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
10⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
11⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
11⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
10⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
8⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
7⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
6⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
9⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
10⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
11⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 236
11⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
10⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
9⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
8⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 236
7⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
6⤵
- Program crash
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
6⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
7⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-42192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42192.exe
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 212
10⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
9⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
7⤵
- Program crash
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
6⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
7⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
8⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
9⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
10⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
10⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
9⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
8⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
7⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
6⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
5⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
4⤵
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
3⤵
- Loads dropped DLL
- Program crash
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
2⤵
- Program crash
PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe

Filesize
184KB

MD5
9b69117751fa1a973b775ad35a89fec4

SHA1
e90e7516596e0070f0d9b79330e3fa8394671cac

SHA256
4ac7f37d72e3f6acb5bc8d8e0b9af032c3655a4c2c223ed9c4d5eb9f76229f9a

SHA512
fe625394a8c6efddbb5de006c6e77c170149aff27223c4b4eccd071bc289cba320c0236de3973da3a19deb6429b073dd69a5a3e6dedccefa365d7ba1d1a78231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe

Filesize
184KB

MD5
d1897a5ae972589f3b262493d1327e6b

SHA1
1910e354fcc6567608f29d76417606c374d1752d

SHA256
15d4757d2036e98b2cb1c971cc149caeea99600c3b454eecea1435d3612205ad

SHA512
ef535dbea4baf77f92a9927ec0357cd5cc97fe5283e303f103182bec79aef453cdf188399e3f08bd5cff06118e1ff19fee7edf5b9697847c70b358ca25d53497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe

Filesize
184KB

MD5
bd0987dd2319fd61cc7d6e990767b355

SHA1
e31cf5cd99d5a2d06ee0b7080f19d11c0887f03a

SHA256
15a393d8df30529bab52150e1f181be899aaafcf39381959636b8fb39e07fc42

SHA512
84ed95529488cbffccc54a380895a2c322ee7d45d7233b565a00b57cd6a8c03b3f7ff00e3f23f98b9c422907632fd1033a3663ca0a71f5b6fedfe7fa89d43010

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe

Filesize
184KB

MD5
913d9f0fe6325ac5d75564472773f146

SHA1
accad6cb00d429c4f6342f0bc087a1a4028de048

SHA256
cb11514602ad6ed43659056296446c49e51f0e2deb3c3346dd75b8f0e1088d8b

SHA512
d097b11b3b3a883c6abd32b6202ab2d21c8c67990a2e5ff684e6e2f23e94ca4e3cec5e761e399dd04e8ddbba48c04b18575c935353377b3e564d9b42ff8d4c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe

Filesize
184KB

MD5
f2d76a5a72f2a03addc60cbc2c258072

SHA1
2ca989461db7d001c62db0dab5c9f427e6eddd30

SHA256
c22eb32ca4eb40693f5a0e5aa157908f487f0a93fc2cfb0ae80eeb7e523fe7a9

SHA512
7ff89291467ed96616ae7f55cebf87149dfc5d10404114af844802fddaefbfc5f77140dd55b406c1272eb68690584494506575733105b06f49d8c4d4b51d4577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe

Filesize
184KB

MD5
46bf991da5f829f665ee6c12e0738653

SHA1
082e8153a494ad5001a364c9bb796a1c681f032b

SHA256
8d3ab6908ca7e472f85c24ab4fa89f1f5e4a64be31a015e247dab133f29e416b

SHA512
08b870d5d4fcc7f9ac1b74da8bd30feac4a3d8dc5be3df9fe83b9e5549b8417dda723f9acd790833ffb741163e6bf0d44762a65787c342340222c77e423f14fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe

Filesize
184KB

MD5
371e7268cdbeeb105f521f8ff05add9f

SHA1
f1f0027c3c88290af7e5687ea9169b1992935d32

SHA256
230d5cc3914b37c49e84681be0cc9b9f64fdad78b6908fa75d4d076742872595

SHA512
8214467b0a9ddff20a5328eeb86706c36e5383074a9dc71bee7bdc95a2a25799ace5fb40f68cdf72844367b895907ef004f8321fd4a613439a1929a5dd54495d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe

Filesize
184KB

MD5
500cc5335873cd548443e5ec01edbf55

SHA1
eb8ddbdeaf3fe6b3d1d68ea010cb1ee36ce594c4

SHA256
899f05a8aa34228c8a91cbaea6f4211f2ad4adb6edbac77df526a7945805e81f

SHA512
016257c381dcfbe422cba6f5f84a3f6af401e99b919be39bd8a6b28f0e0b41a6b68e131956d18c4d03d7cc0187f49c15491e4d60bad8eea601bdec752e96f545

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe

Filesize
184KB

MD5
406076c92b22e7bc2b51fc36f5bbf8ed

SHA1
d4b21555f6103d6e66a28014d624762b26ee3b6a

SHA256
e1b30461d934c7cfb6dab4b8d960e8c2bb35da4fde7c46ecb275fa6729b2bd29

SHA512
153f5c0eff8571610daab5d0e444dc72296c8f4f2d2ec1be217e3a5cc1972bfcb94327cbdb413fad21c5a9e58874424aed3d0c7b44cc540d04086de780061f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe

Filesize
184KB

MD5
2552e22d627cd1565e2ffafd6c431089

SHA1
f0d0c965970ede9a42fa3273ead2c27ba2bfc8d2

SHA256
ca77416f7efb2360ef652abc55c9d6db3a3633e509486347b34c32b967b5e0bf

SHA512
7b89f9efd3e90fc9757e47242ccb3ab394035702559b440f48b642160354c90849237ea19c3931f78ac6727ee708866a83583b55da19a730cb76b98f704faabe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe

Filesize
184KB

MD5
f8b74eb3e3733182f523c1fd8dd18944

SHA1
665fad31ac0ef81396ea6562df05024a3a1ca248

SHA256
119862a3d248084d9d7cb0653e6a95be687541df061f7d9196a6f13cf8df84eb

SHA512
929fa2a3794778af3de1db78277834edcc1b66bbbf0209eec865b96673c5b67ce5e8df39704342a044a5f9b90119fe1bb466815a3bfa6eb86b02472a71b34a29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe

Filesize
184KB

MD5
cfcb1a496062bffdd2c09cb52243a56a

SHA1
9de238c73d36c130d3bdbb4fb74fe3900a14f1bc

SHA256
e5004616b1e0c5b3d49e2187eafad0c64676f4f059100251821b3c6710692406

SHA512
8cea2b3737600ab714c194898ea2b4309e9d1c3c5e9755c3e0fd29c7c46a2645eb659cb63d2ad10a6822dfeb6e472b00b3da80d1d96e304e3e8ed0410e0f7757

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe

Filesize
184KB

MD5
b807969650066ea7c2c79c42675c6a0d

SHA1
7356adca6d4155d78a18bdb8910f6a0f3c2fb687

SHA256
63e5e23e473ec4b9297bd9756e43c24d4fae7da01cbd274760703cbad1fbd071

SHA512
5ebd413927f09b2df5a3466455871ee618f501849ca3ee3754310dc1de5df897f5ea81ee4f60033f56f74ff643e0c030bc65e482e8a64fb161878c78d002883c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe

Filesize
184KB

MD5
b1a93d846cbb26b3839879b369fb6920

SHA1
5ce02c1579b7a3aac9df21d2fadb5fc6a7c199e4

SHA256
be8dbf98e3028cca87137bb0117ee693add90f551ca89aa5bd7e3642077ceb60

SHA512
578fef56e933ae9226c1584080bb443077a273cb893c89a8b2b90e5273dabf1b258c44872639abe285e22746acd2e9f8ef9dda9c978a712ca51c745b8bb85766

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe

Filesize
184KB

MD5
7b83a1be407390a509d09c75aa424e7f

SHA1
83cd9a9c6d57d8998c016b82aade472cfc66fdf3

SHA256
0afdbb293d813af89d9cc9c1573a5c93bb99e8192bb70cf3814bdb963bb9afca

SHA512
36646b0b569ae8f61200bc2431c1fc8f09dc5a9ee71ea3c6ffca70b0a9b9ce62f9015a5604dd7265f88f9f725cf45a76366befb16f3e4959ac07ea92d41feb4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe

Filesize
184KB

MD5
77f44f2f681d552a169e7e9eea2d1929

SHA1
d46a6cb0a4c9c647c14a4b8e92e16062a3206fa5

SHA256
a5c53c449ad045f61fff3b96f87e509c744efcaf330a86cde12b13ffcdda9bc7

SHA512
45de847f9ea9637222c32415c6fe34922a11a358f86f703120a632467fc79d6dd567af7ee2a4dc8ddd7e592ac8818a8b4d6b10c2a90fc54223e86d84610c341b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe

Filesize
184KB

MD5
74d761c8c49a6e417b64dd30457dff55

SHA1
39891daf6f46862534e69a981808067b2dd76fbd

SHA256
927c83e9e84d6b13fc3329d304077841c8122568d79e0bf561f804ec7189c559

SHA512
cfc7bde049cbac5934365f0508e6bd5b59f0190d2ed2ec0cb1e3c613dbd7655119ba0e6b12efb1ef4229ebf34d34ce35a889f3f89d07604d9db7142af822d167

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe

Filesize
184KB

MD5
08246a754e7b54b807c34cfb19626b29

SHA1
6df4772a24cea0c44bde7c2f05f4dd6e8a31b9e8

SHA256
78e744e076ddba1ce9562d6e2e164680761eedf212ff3d29371d5462edaeff9e

SHA512
db916b174f81a85a02934525c461175a5a122f8a71d2900e5958e9f50632d130f3a2b2834ed99332059aedc6976c7fd692c92975a670fa876e88dad65700ad9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe

Filesize
184KB

MD5
1ab5221fb8741ef1dd7164b63b4e560f

SHA1
2a19378684d07c1dedff925d0b3cc91fd9eaaf6f

SHA256
b7918648ab9a0dbf338565fb05e695d4dd03768f0603c35b7c70603daa7ea8d4

SHA512
e15d824ad70d3da2cd3a706b6a501fb19395e4c1c7d99aaad6480d06fef2e23560daa35656ede7a823055d77d6d9f52d483587542d5e06f499d54d95c2f1ecb4

Download Submit