ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
Size

184KB
MD5

53405cb2ed506729e5648943d002d8ae
SHA1

9f266fd2fdb25afdbeddac03c74650b8c4f9127e
SHA256

ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d
SHA512

8abf991fbc7e2f0b4cd30a616dcaead456eab520b264368621388f817b521fec3abe0d10d42190061a8b7cfd0210fedbeef231b68660e50812c70c933db0013a
SSDEEP

1536:GBSdgjZlu3Hxotx1tZQAlawMGe9y3Zc87mddjiLRCVzetQhl5hj5nizpvy:KZa3HxoT7ZQTlGQ+eZiLRWsQhlnViFq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-42919.exeUnicorn-35081.exeUnicorn-3212.exeUnicorn-48200.exeUnicorn-11121.exeUnicorn-30987.exeUnicorn-10019.exeUnicorn-20653.exeUnicorn-787.exeUnicorn-40388.exeUnicorn-34227.exeUnicorn-31878.exeUnicorn-58390.exeUnicorn-24006.exeUnicorn-50710.exeUnicorn-4332.exeUnicorn-5038.exeUnicorn-57192.exeUnicorn-4846.exeUnicorn-5168.exeUnicorn-9527.exeUnicorn-16456.exeUnicorn-42583.exeUnicorn-17032.exeUnicorn-62475.exeUnicorn-42801.exeUnicorn-7849.exeUnicorn-23693.exeUnicorn-36499.exeUnicorn-41290.exeUnicorn-52343.exeUnicorn-8809.exeUnicorn-57133.exeUnicorn-19120.exeUnicorn-34387.exeUnicorn-6313.exeUnicorn-39754.exeUnicorn-35155.exeUnicorn-55021.exeUnicorn-20080.exeUnicorn-7081.exeUnicorn-11160.exeUnicorn-31244.exeUnicorn-15794.exeUnicorn-20585.exeUnicorn-18473.exeUnicorn-51145.exeUnicorn-36070.exeUnicorn-47123.exeUnicorn-47123.exeUnicorn-19049.exeUnicorn-3589.exeUnicorn-19049.exeUnicorn-3589.exeUnicorn-51913.exeUnicorn-16972.exeUnicorn-16972.exeUnicorn-32239.exeUnicorn-4165.exeUnicorn-65488.exeUnicorn-19817.exeUnicorn-40785.exeUnicorn-5040.exeUnicorn-36212.exe

pid	process
2328	Unicorn-42919.exe
2724	Unicorn-35081.exe
2552	Unicorn-3212.exe
2200	Unicorn-48200.exe
2648	Unicorn-11121.exe
2428	Unicorn-30987.exe
1520	Unicorn-10019.exe
2760	Unicorn-20653.exe
2780	Unicorn-787.exe
892	Unicorn-40388.exe
1748	Unicorn-34227.exe
856	Unicorn-31878.exe
2032	Unicorn-58390.exe
1832	Unicorn-24006.exe
2352	Unicorn-50710.exe
1912	Unicorn-4332.exe
1936	Unicorn-5038.exe
444	Unicorn-57192.exe
2832	Unicorn-4846.exe
872	Unicorn-5168.exe
752	Unicorn-9527.exe
756	Unicorn-16456.exe
340	Unicorn-42583.exe
552	Unicorn-17032.exe
2276	Unicorn-62475.exe
824	Unicorn-42801.exe
2176	Unicorn-7849.exe
108	Unicorn-23693.exe
1956	Unicorn-36499.exe
1816	Unicorn-41290.exe
3024	Unicorn-52343.exe
2612	Unicorn-8809.exe
2412	Unicorn-57133.exe
2672	Unicorn-19120.exe
2448	Unicorn-34387.exe
2524	Unicorn-6313.exe
2468	Unicorn-39754.exe
2924	Unicorn-35155.exe
1564	Unicorn-55021.exe
2732	Unicorn-20080.exe
1528	Unicorn-7081.exe
2392	Unicorn-11160.exe
2900	Unicorn-31244.exe
1600	Unicorn-15794.exe
472	Unicorn-20585.exe
1556	Unicorn-18473.exe
836	Unicorn-51145.exe
2796	Unicorn-36070.exe
1460	Unicorn-47123.exe
1580	Unicorn-47123.exe
1288	Unicorn-19049.exe
1768	Unicorn-3589.exe
1524	Unicorn-19049.exe
2244	Unicorn-3589.exe
2192	Unicorn-51913.exe
1420	Unicorn-16972.exe
2260	Unicorn-16972.exe
2996	Unicorn-32239.exe
352	Unicorn-4165.exe
1504	Unicorn-65488.exe
1028	Unicorn-19817.exe
2400	Unicorn-40785.exe
2240	Unicorn-5040.exe
1536	Unicorn-36212.exe

Loads dropped DLL 64 IoCs

Processes:

ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exeUnicorn-42919.exeUnicorn-3212.exeUnicorn-35081.exeWerFault.exeUnicorn-11121.exeUnicorn-30987.exeUnicorn-48200.exeWerFault.exeWerFault.exeUnicorn-10019.exeUnicorn-20653.exeWerFault.exeUnicorn-40388.exeWerFault.exeWerFault.exe

pid	process
992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
2328	Unicorn-42919.exe
2328	Unicorn-42919.exe
992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
2552	Unicorn-3212.exe
2552	Unicorn-3212.exe
2328	Unicorn-42919.exe
2328	Unicorn-42919.exe
2724	Unicorn-35081.exe
2724	Unicorn-35081.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
2648	Unicorn-11121.exe
2648	Unicorn-11121.exe
2428	Unicorn-30987.exe
2428	Unicorn-30987.exe
2724	Unicorn-35081.exe
2724	Unicorn-35081.exe
2200	Unicorn-48200.exe
2200	Unicorn-48200.exe
2552	Unicorn-3212.exe
2552	Unicorn-3212.exe
308	WerFault.exe
308	WerFault.exe
308	WerFault.exe
308	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
308	WerFault.exe
1520	Unicorn-10019.exe
1520	Unicorn-10019.exe
2648	Unicorn-11121.exe
2648	Unicorn-11121.exe
2760	Unicorn-20653.exe
2760	Unicorn-20653.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2428	Unicorn-30987.exe
2200	Unicorn-48200.exe
2200	Unicorn-48200.exe
892	Unicorn-40388.exe
2428	Unicorn-30987.exe
892	Unicorn-40388.exe
2000	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2836	992	WerFault.exe	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
1904	2328	WerFault.exe	Unicorn-42919.exe
308	2552	WerFault.exe	Unicorn-3212.exe
2912	2724	WerFault.exe	Unicorn-35081.exe
2000	1748	WerFault.exe	Unicorn-34227.exe
2944	2648	WerFault.exe	Unicorn-11121.exe
1464	2428	WerFault.exe	Unicorn-30987.exe
1948	2200	WerFault.exe	Unicorn-48200.exe
532	1520	WerFault.exe	Unicorn-10019.exe
1540	2760	WerFault.exe	Unicorn-20653.exe
316	2780	WerFault.exe	Unicorn-787.exe
1480	892	WerFault.exe	Unicorn-40388.exe
1828	856	WerFault.exe	Unicorn-31878.exe
1424	2032	WerFault.exe	Unicorn-58390.exe
1012	1832	WerFault.exe	Unicorn-24006.exe
1252	2352	WerFault.exe	Unicorn-50710.exe
3064	1936	WerFault.exe	Unicorn-5038.exe
2264	1912	WerFault.exe	Unicorn-4332.exe
2592	2832	WerFault.exe	Unicorn-4846.exe
2680	872	WerFault.exe	Unicorn-5168.exe
2572	444	WerFault.exe	Unicorn-57192.exe
2548	752	WerFault.exe	Unicorn-9527.exe
1888	756	WerFault.exe	Unicorn-16456.exe
2628	340	WerFault.exe	Unicorn-42583.exe
2756	552	WerFault.exe	Unicorn-17032.exe
1436	824	WerFault.exe	Unicorn-42801.exe
1516	2176	WerFault.exe	Unicorn-7849.exe
1568	108	WerFault.exe	Unicorn-23693.exe
1724	1956	WerFault.exe	Unicorn-36499.exe
2684	3024	WerFault.exe	Unicorn-52343.exe
2920	1816	WerFault.exe	Unicorn-41290.exe
2660	2612	WerFault.exe	Unicorn-8809.exe
1636	2448	WerFault.exe	Unicorn-34387.exe
1820	2412	WerFault.exe	Unicorn-57133.exe
2512	1528	WerFault.exe	Unicorn-7081.exe
1304	2468	WerFault.exe	Unicorn-39754.exe
2044	2524	WerFault.exe	Unicorn-6313.exe
264	2732	WerFault.exe	Unicorn-20080.exe
1952	1564	WerFault.exe	Unicorn-55021.exe
2312	2672	WerFault.exe	Unicorn-19120.exe
2916	2924	WerFault.exe	Unicorn-35155.exe
3552	1416	WerFault.exe	Unicorn-34126.exe
3464	472	WerFault.exe	Unicorn-20585.exe
3504	2244	WerFault.exe	Unicorn-3589.exe
3516	1420	WerFault.exe	Unicorn-16972.exe
3560	1768	WerFault.exe	Unicorn-3589.exe
3528	1028	WerFault.exe	Unicorn-19817.exe
3584	1504	WerFault.exe	Unicorn-65488.exe
3624	1460	WerFault.exe	Unicorn-47123.exe
3644	1288	WerFault.exe	Unicorn-19049.exe
3664	2392	WerFault.exe	Unicorn-11160.exe
3772	1600	WerFault.exe	Unicorn-15794.exe
3788	1228	WerFault.exe	Unicorn-48239.exe
3836	1580	WerFault.exe	Unicorn-47123.exe
3852	2900	WerFault.exe	Unicorn-31244.exe
3976	2796	WerFault.exe	Unicorn-36070.exe
3984	836	WerFault.exe	Unicorn-51145.exe
4036	1556	WerFault.exe	Unicorn-18473.exe
3252	2436	WerFault.exe	Unicorn-36186.exe
3304	2400	WerFault.exe	Unicorn-40785.exe
3348	2192	WerFault.exe	Unicorn-51913.exe
3564	1484	WerFault.exe	Unicorn-6000.exe
3648	1560	WerFault.exe	Unicorn-54002.exe
3972	2260	WerFault.exe	Unicorn-16972.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exeUnicorn-42919.exeUnicorn-35081.exeUnicorn-3212.exeUnicorn-11121.exeUnicorn-30987.exeUnicorn-48200.exeUnicorn-10019.exeUnicorn-787.exeUnicorn-20653.exeUnicorn-40388.exeUnicorn-34227.exeUnicorn-58390.exeUnicorn-31878.exeUnicorn-24006.exeUnicorn-50710.exeUnicorn-4332.exeUnicorn-5038.exeUnicorn-57192.exeUnicorn-4846.exeUnicorn-5168.exeUnicorn-9527.exeUnicorn-16456.exeUnicorn-42583.exeUnicorn-17032.exeUnicorn-62475.exeUnicorn-42801.exeUnicorn-23693.exeUnicorn-36499.exeUnicorn-41290.exeUnicorn-52343.exeUnicorn-8809.exeUnicorn-57133.exeUnicorn-34387.exeUnicorn-19120.exeUnicorn-6313.exeUnicorn-39754.exeUnicorn-55021.exeUnicorn-35155.exeUnicorn-7081.exeUnicorn-20080.exeUnicorn-48239.exeUnicorn-11160.exeUnicorn-31244.exeUnicorn-15794.exeUnicorn-20585.exeUnicorn-18473.exeUnicorn-51145.exeUnicorn-36070.exeUnicorn-19049.exeUnicorn-47123.exeUnicorn-47123.exeUnicorn-19049.exeUnicorn-3589.exeUnicorn-3589.exeUnicorn-16972.exeUnicorn-51913.exeUnicorn-16972.exeUnicorn-32239.exeUnicorn-19817.exeUnicorn-4165.exeUnicorn-65488.exeUnicorn-40785.exeUnicorn-5040.exe

pid	process
992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
2328	Unicorn-42919.exe
2724	Unicorn-35081.exe
2552	Unicorn-3212.exe
2648	Unicorn-11121.exe
2428	Unicorn-30987.exe
2200	Unicorn-48200.exe
1520	Unicorn-10019.exe
2780	Unicorn-787.exe
2760	Unicorn-20653.exe
892	Unicorn-40388.exe
1748	Unicorn-34227.exe
2032	Unicorn-58390.exe
856	Unicorn-31878.exe
1832	Unicorn-24006.exe
2352	Unicorn-50710.exe
1912	Unicorn-4332.exe
1936	Unicorn-5038.exe
444	Unicorn-57192.exe
2832	Unicorn-4846.exe
872	Unicorn-5168.exe
752	Unicorn-9527.exe
756	Unicorn-16456.exe
340	Unicorn-42583.exe
552	Unicorn-17032.exe
2276	Unicorn-62475.exe
824	Unicorn-42801.exe
108	Unicorn-23693.exe
1956	Unicorn-36499.exe
1816	Unicorn-41290.exe
3024	Unicorn-52343.exe
2612	Unicorn-8809.exe
2412	Unicorn-57133.exe
2448	Unicorn-34387.exe
2672	Unicorn-19120.exe
2524	Unicorn-6313.exe
2468	Unicorn-39754.exe
1564	Unicorn-55021.exe
2924	Unicorn-35155.exe
1528	Unicorn-7081.exe
2732	Unicorn-20080.exe
1228	Unicorn-48239.exe
2392	Unicorn-11160.exe
2900	Unicorn-31244.exe
1600	Unicorn-15794.exe
472	Unicorn-20585.exe
1556	Unicorn-18473.exe
836	Unicorn-51145.exe
2796	Unicorn-36070.exe
1288	Unicorn-19049.exe
1460	Unicorn-47123.exe
1580	Unicorn-47123.exe
1524	Unicorn-19049.exe
1768	Unicorn-3589.exe
2244	Unicorn-3589.exe
1420	Unicorn-16972.exe
2192	Unicorn-51913.exe
2260	Unicorn-16972.exe
2996	Unicorn-32239.exe
1028	Unicorn-19817.exe
352	Unicorn-4165.exe
1504	Unicorn-65488.exe
2400	Unicorn-40785.exe
2240	Unicorn-5040.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exeUnicorn-42919.exeUnicorn-3212.exeUnicorn-35081.exeUnicorn-11121.exeUnicorn-30987.exeUnicorn-48200.exeUnicorn-10019.exe

description	pid	process	target process
PID 992 wrote to memory of 2328	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-42919.exe
PID 992 wrote to memory of 2328	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-42919.exe
PID 992 wrote to memory of 2328	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-42919.exe
PID 992 wrote to memory of 2328	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-42919.exe
PID 2328 wrote to memory of 2724	2328	Unicorn-42919.exe	Unicorn-35081.exe
PID 2328 wrote to memory of 2724	2328	Unicorn-42919.exe	Unicorn-35081.exe
PID 2328 wrote to memory of 2724	2328	Unicorn-42919.exe	Unicorn-35081.exe
PID 2328 wrote to memory of 2724	2328	Unicorn-42919.exe	Unicorn-35081.exe
PID 992 wrote to memory of 2552	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-3212.exe
PID 992 wrote to memory of 2552	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-3212.exe
PID 992 wrote to memory of 2552	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-3212.exe
PID 992 wrote to memory of 2552	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	Unicorn-3212.exe
PID 992 wrote to memory of 2836	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	WerFault.exe
PID 992 wrote to memory of 2836	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	WerFault.exe
PID 992 wrote to memory of 2836	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	WerFault.exe
PID 992 wrote to memory of 2836	992	ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe	WerFault.exe
PID 2552 wrote to memory of 2200	2552	Unicorn-3212.exe	Unicorn-48200.exe
PID 2552 wrote to memory of 2200	2552	Unicorn-3212.exe	Unicorn-48200.exe
PID 2552 wrote to memory of 2200	2552	Unicorn-3212.exe	Unicorn-48200.exe
PID 2552 wrote to memory of 2200	2552	Unicorn-3212.exe	Unicorn-48200.exe
PID 2328 wrote to memory of 2648	2328	Unicorn-42919.exe	Unicorn-11121.exe
PID 2328 wrote to memory of 2648	2328	Unicorn-42919.exe	Unicorn-11121.exe
PID 2328 wrote to memory of 2648	2328	Unicorn-42919.exe	Unicorn-11121.exe
PID 2328 wrote to memory of 2648	2328	Unicorn-42919.exe	Unicorn-11121.exe
PID 2724 wrote to memory of 2428	2724	Unicorn-35081.exe	Unicorn-30987.exe
PID 2724 wrote to memory of 2428	2724	Unicorn-35081.exe	Unicorn-30987.exe
PID 2724 wrote to memory of 2428	2724	Unicorn-35081.exe	Unicorn-30987.exe
PID 2724 wrote to memory of 2428	2724	Unicorn-35081.exe	Unicorn-30987.exe
PID 2328 wrote to memory of 1904	2328	Unicorn-42919.exe	WerFault.exe
PID 2328 wrote to memory of 1904	2328	Unicorn-42919.exe	WerFault.exe
PID 2328 wrote to memory of 1904	2328	Unicorn-42919.exe	WerFault.exe
PID 2328 wrote to memory of 1904	2328	Unicorn-42919.exe	WerFault.exe
PID 2648 wrote to memory of 1520	2648	Unicorn-11121.exe	Unicorn-10019.exe
PID 2648 wrote to memory of 1520	2648	Unicorn-11121.exe	Unicorn-10019.exe
PID 2648 wrote to memory of 1520	2648	Unicorn-11121.exe	Unicorn-10019.exe
PID 2648 wrote to memory of 1520	2648	Unicorn-11121.exe	Unicorn-10019.exe
PID 2428 wrote to memory of 2760	2428	Unicorn-30987.exe	Unicorn-20653.exe
PID 2428 wrote to memory of 2760	2428	Unicorn-30987.exe	Unicorn-20653.exe
PID 2428 wrote to memory of 2760	2428	Unicorn-30987.exe	Unicorn-20653.exe
PID 2428 wrote to memory of 2760	2428	Unicorn-30987.exe	Unicorn-20653.exe
PID 2724 wrote to memory of 2780	2724	Unicorn-35081.exe	Unicorn-787.exe
PID 2724 wrote to memory of 2780	2724	Unicorn-35081.exe	Unicorn-787.exe
PID 2724 wrote to memory of 2780	2724	Unicorn-35081.exe	Unicorn-787.exe
PID 2724 wrote to memory of 2780	2724	Unicorn-35081.exe	Unicorn-787.exe
PID 2200 wrote to memory of 892	2200	Unicorn-48200.exe	Unicorn-40388.exe
PID 2200 wrote to memory of 892	2200	Unicorn-48200.exe	Unicorn-40388.exe
PID 2200 wrote to memory of 892	2200	Unicorn-48200.exe	Unicorn-40388.exe
PID 2200 wrote to memory of 892	2200	Unicorn-48200.exe	Unicorn-40388.exe
PID 2552 wrote to memory of 1748	2552	Unicorn-3212.exe	Unicorn-34227.exe
PID 2552 wrote to memory of 1748	2552	Unicorn-3212.exe	Unicorn-34227.exe
PID 2552 wrote to memory of 1748	2552	Unicorn-3212.exe	Unicorn-34227.exe
PID 2552 wrote to memory of 1748	2552	Unicorn-3212.exe	Unicorn-34227.exe
PID 2552 wrote to memory of 308	2552	Unicorn-3212.exe	WerFault.exe
PID 2552 wrote to memory of 308	2552	Unicorn-3212.exe	WerFault.exe
PID 2552 wrote to memory of 308	2552	Unicorn-3212.exe	WerFault.exe
PID 2552 wrote to memory of 308	2552	Unicorn-3212.exe	WerFault.exe
PID 2724 wrote to memory of 2912	2724	Unicorn-35081.exe	WerFault.exe
PID 2724 wrote to memory of 2912	2724	Unicorn-35081.exe	WerFault.exe
PID 2724 wrote to memory of 2912	2724	Unicorn-35081.exe	WerFault.exe
PID 2724 wrote to memory of 2912	2724	Unicorn-35081.exe	WerFault.exe
PID 1520 wrote to memory of 856	1520	Unicorn-10019.exe	Unicorn-31878.exe
PID 1520 wrote to memory of 856	1520	Unicorn-10019.exe	Unicorn-31878.exe
PID 1520 wrote to memory of 856	1520	Unicorn-10019.exe	Unicorn-31878.exe
PID 1520 wrote to memory of 856	1520	Unicorn-10019.exe	Unicorn-31878.exe

C:\Users\Admin\AppData\Local\Temp\ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe
"C:\Users\Admin\AppData\Local\Temp\ad93bda5bd5527c42f2b8a335ce7825dbd485956bba52dcee38972c48a092f0d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
10⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
11⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
12⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
13⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
14⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
15⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
15⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
14⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
13⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
12⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
11⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
12⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
13⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
14⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
14⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
13⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
12⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
11⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
10⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
11⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
12⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
13⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
14⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
15⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
14⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 236
13⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 220
12⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
11⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 220
10⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
9⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
10⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
11⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
12⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
13⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
14⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
14⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
13⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
12⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
11⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
10⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 220
9⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
9⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
10⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
11⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-62210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62210.exe
12⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
13⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
14⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
14⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
13⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
12⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
11⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
10⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
11⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
12⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
13⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 236
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
12⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
11⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
10⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
9⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
8⤵
- Program crash
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
9⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
11⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
12⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
13⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
14⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
14⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 236
13⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 236
12⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
11⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
11⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
13⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
13⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
11⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 220
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
8⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
10⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
11⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
12⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
13⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
14⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
13⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
11⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
11⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
12⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 216
13⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 236
12⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 236
11⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
9⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
8⤵
- Program crash
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
7⤵
- Program crash
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
9⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
10⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
11⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
12⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
13⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
14⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
14⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
13⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
12⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
11⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
10⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
12⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
13⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
14⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 236
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
13⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
12⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 236
11⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
10⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
11⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 236
12⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 240
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
8⤵
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
8⤵
- Program crash
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
10⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 220
12⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 236
11⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
9⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
8⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
7⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
6⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
8⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
10⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
12⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
13⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
12⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
11⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
9⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
8⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
11⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
12⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
13⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
13⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 236
12⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
11⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
12⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
11⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 220
9⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
8⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
8⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
10⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
11⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
12⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
13⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
14⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 236
14⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
11⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
11⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
12⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 236
11⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
7⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
10⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
11⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
12⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
12⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
11⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
8⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
7⤵
- Program crash
PID:264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
6⤵
- Program crash
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
8⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
11⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
12⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
13⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
13⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
12⤵
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
11⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-59841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59841.exe
11⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
12⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
12⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
8⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
7⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
12⤵
PID:11824

C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11824 -s 236
13⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
12⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 220
11⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
8⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
7⤵
- Program crash
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
7⤵
PID:660

C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
10⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64184.exe
11⤵
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 236
11⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
10⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
11⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
11⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
10⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
9⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
8⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
6⤵
- Program crash
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
5⤵
- Program crash
PID:316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
9⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
10⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
11⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
12⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
13⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
14⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
15⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
14⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
13⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
12⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
11⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
10⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
11⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
12⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
13⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
14⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 236
13⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
11⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
10⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 220
11⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
9⤵
- Program crash
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
8⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
11⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
12⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
13⤵
PID:11684

C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
14⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 204
13⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
12⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
12⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
13⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
10⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
9⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
8⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
8⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
11⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
12⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 220
13⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
12⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
11⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
12⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
11⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
9⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
8⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
7⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
8⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
9⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
10⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
11⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
12⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
13⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
13⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
12⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 236
11⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 216
10⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 220
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
11⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 240
8⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
7⤵
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
11⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 220
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
11⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
8⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
7⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
6⤵
- Program crash
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
6⤵
- Executes dropped EXE
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-48239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48239.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
9⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
10⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
12⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
13⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 236
13⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
11⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
9⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
8⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
7⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
8⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
11⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
12⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
11⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
10⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
9⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
8⤵
- Program crash
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
8⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
10⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
11⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
11⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
9⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
10⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
9⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
8⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
7⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 220
10⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
9⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
7⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
5⤵
- Program crash
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
7⤵
- Executes dropped EXE
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
11⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
12⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
12⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
11⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
8⤵
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
7⤵
- Program crash
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
7⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
10⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
11⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 220
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
11⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 220
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
9⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
10⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
11⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
10⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
8⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
7⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
6⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
7⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
8⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
12⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 236
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
8⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
7⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
9⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
10⤵
PID:10320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
9⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 216
8⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
7⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
6⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
7⤵
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
10⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
11⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
11⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 220
10⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 216
8⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
7⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 220
6⤵
- Program crash
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
5⤵
- Program crash
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-48200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48200.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
8⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-40805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40805.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
11⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
12⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
13⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
13⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
12⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 220
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
10⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
12⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
12⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
11⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 220
10⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
8⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
7⤵
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
8⤵
- Program crash
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
7⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
6⤵
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
11⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
12⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
13⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
13⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
12⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
11⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
10⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
11⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 220
10⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 220
9⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
12⤵
PID:11964

C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
13⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11964 -s 236
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 220
11⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
8⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
7⤵
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
7⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
11⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
12⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
12⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 236
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
10⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 236
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 220
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
7⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
9⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
10⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-59433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59433.exe
11⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
10⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
9⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
8⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 220
7⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
6⤵
- Program crash
PID:1436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
5⤵
- Program crash
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
11⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
12⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
13⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 204
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
12⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
9⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
8⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
7⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
10⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
11⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
10⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
8⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 220
7⤵
- Program crash
PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
6⤵
- Program crash
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
7⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
11⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
12⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
10⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-17919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17919.exe
9⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
10⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
11⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
11⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
10⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 240
8⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
7⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
6⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
7⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
8⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
11⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
12⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 236
10⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 236
9⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
8⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
10⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
10⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
9⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
8⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
7⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
6⤵
- Program crash
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
5⤵
- Program crash
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
4⤵
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 244
4⤵
- Loads dropped DLL
- Program crash
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
2⤵
- Program crash
PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe

Filesize
184KB

MD5
36bd272deb77dfa86adeb298539ffd79

SHA1
dd6422982cc6ec94d14efb8efec98275a65c4cc1

SHA256
e67f238fc0b7b355f1bc7a67d39fa168e472742636a935eebac82171e70cd76a

SHA512
24689f6dbd39cedde859530e81c8009fed1e3572ef21dd49decf5e66034d09b18b2a7896fabed7287009dd9f4d0b1f772342b951bf0c2aab9158c3af96f36fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe

Filesize
184KB

MD5
9798bca9e4fa563eb1914ffdb7fc19c4

SHA1
1ce03c62df04ac8b1a77cf1a6c095e3519ad0e7b

SHA256
b46968b4afc5280b8b4015a9bc0dc87d7f1c696958a27250e9bd64218de4fcba

SHA512
342703900c1bfe894d9ed4d83cf1af692f8331403425db524ecbc0193b7a97d0d7a447e1125cb7ffa3231db9e33358c10c00cee9a2f56345b4829a5b8eb98c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe

Filesize
184KB

MD5
b80aac37e6fb6f3d4d7640b42926ebf7

SHA1
d638bb066f1f0239c78cfe1ba0705015dc8f53b4

SHA256
bb505509bf33dc7bc9e979581c297cc57e4cb899dbd730cc88f53c486ed2af2e

SHA512
bd4bcf121af13a3e48d516e0911d1bf6f19f2eb6f5242fffad110f5d7f372333de42178f7e3761002c64b27f803a7649be2ee2c26ed865eac517aca5f1ed9141

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe

Filesize
184KB

MD5
bc90906af02c8c3f9ef7d8615755d168

SHA1
f48de9dcb272d26b9b671cae238c96bff91df244

SHA256
73a996096f14c40ebdad23b73db6a249412c943d776335500762000d9724a3e4

SHA512
005a9e201259d7d85424db63872e507429930a55ced77a3f38170bfce9984d0965a5840e4f5602e1fd943cfd70670adf012e1b85b4f4cad32fc404f6638aaafd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe

Filesize
184KB

MD5
546fec5f828e588ca377806d3e0b54c3

SHA1
efc011372c19bd677c17baad08927ace8c32b42c

SHA256
0f68e3919099460dee9df33d67c526d8983cca82f4527fe7d5970bef77fae75d

SHA512
3b222644c1c17f6cb3c1f6d0bb827a73f7fe07177c6033fd897976f241d68b70c25b9159e2904fd3abcc878cd7abced4df7fd47ed401773e7cc1dedc6c9f3231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe

Filesize
184KB

MD5
a9eaa44d6a95eb827d909a66ac1d9134

SHA1
d7bc904d7094f3322b58ad5696be7231fcff78f5

SHA256
546afb5b55bf8c07a95105df8cd8c0bde6367c700f6bc7ac04d8a896ff1eb4d7

SHA512
0a30d56a8cae54f4714be70d3ce6621dbd633a095c6aceb0f312603fa60a639ec4ba031e410ca993cf83077e6358a81c844a423ccd03f01348d850e406189cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe

Filesize
184KB

MD5
49f1e1a0cc320cee2336aa2c51177bc5

SHA1
9af955a53117f33924329b7af15de25e94f1f7c7

SHA256
83e799ef42e33e5c13d6733f4ff7266ecf9fe08542684071320c124605fd3d74

SHA512
0181d6242c6703e9a7806d48a7a96d8fffebc74e73e6c3943d9bf1abf4ac9f65ddfe2ee25bf13337cd28386b71fb5aa1afd9c31b5738e44da1fa5d2e835dd237

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe

Filesize
184KB

MD5
a277202b124347dc0c01795db4bb9015

SHA1
39f273f2ce43156eff954a3c3fc72156a1402c0a

SHA256
08fa199d423fecac5ab0a01d8f42efddc2b5c962a06a1b4d0f5ed533c54b041a

SHA512
36c258f90f5671b6ae87a37c20e362f1ebbcef58f18566ee2fa9e5a7512798510514f8dfa07d974440490235b4bc2a4b55cdfbfe9b702878aa55625a5e3b43de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe

Filesize
184KB

MD5
864b998e659c0819b05a016d627e7c5e

SHA1
ae50887a2264dab6a7854f57d63556eab6f4bac4

SHA256
0c530acd22e4e953860d9d5c9b6aee5d1eab32f77c4c958ac598e45ab4803611

SHA512
3f7a3125ecd8eeca4b896bb8a9d74f8f16a2438abbbce9f992ce300e6225bbf3e6cc0cbf7bde51c7a2422600b9a82823d4d081df0eda61a5ab58f395e560f3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe

Filesize
184KB

MD5
ef6b209e4b746c61158e861df6573345

SHA1
2b52a3eb912d65efb6a8e41f7132086ec75345f6

SHA256
c1ba01c98e886bc57123abd672be14ee61aa7c8d46b5d7c483b3dc3984eff209

SHA512
4514925c49ada48e8eb25defe5889720ec886c99b38c5773f76e9887d14d5c4f0ff9a5e5468df73d008a6ca7cdf43f0d3c3e717d4d19101e29ee5261da4972ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe

Filesize
184KB

MD5
c20704d2a11f00ac05c0c72d97f1f971

SHA1
82478a5446c70333ccbc007925a9e886b6b7ea8d

SHA256
8d6cdb381ef640dc3da1e4a1054761493ad4a155e2a4f6bc914b0aee56936982

SHA512
8750aa5fb9697e747243cd5425c8035a5bc0e3906b688add44c6ece370955d89e74ffd409180c6fe05701dd97d8daf8e57f62273e9adfe644e516d48ac100c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe

Filesize
184KB

MD5
e493873ce8738ea106fc757ef807f96c

SHA1
f299c24d1b28e31122bc7ed87f70a0fc783e7a99

SHA256
706c02cd0411ae79c3e6689e304bb73a9fc801950c9e31a12ed052909b985c17

SHA512
b6c227867b381b4d67b1c9f6d3d3ff92c5f3bba34e49499fdaee2fe2f9043345519d1c8d7a1163a6b1990294b51a629edfac94e5edcb5af2e76da0721963d717

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe

Filesize
184KB

MD5
cb499e3a1e564dfdca777c497978bebc

SHA1
a7d91f1c0f491f4eacd4d0642c6455ae73d1fdca

SHA256
110a9e78aff405a79f1a198fb0536d49d5edfd62d38d93ec15eba371838e6eba

SHA512
4379ef5ca5903d1258069af97a1ec103edb36a65f4ff5324b2b7b2ba9b7c434c3feac38e56363f8c22e57cb91203c92c506ed4cd6a27a6185288c9fcfc889724

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe

Filesize
184KB

MD5
61796523fbcd70a4d700918be0c71116

SHA1
3fa65541e5236196b7099da49a5ee1317c47341a

SHA256
4533127537ee5cc147d2d52a833036e073ef68a0d6ef44caeb37b670c86f2ede

SHA512
72c33a8ec590112812013e2775f97a67414bee8031b402f43b048ca5ef5b315976c3ab97d233ff8051a817ceabecb9ea0ec59895bd355684ccbfdee250a5c24e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe

Filesize
184KB

MD5
01d722f455a5dbc19f4f1d38bb60526b

SHA1
1aaaf5ecb6252a26a196997c4eedd2af7a2d6ccc

SHA256
72e48b79746496de97ec591fba3aa87bbe0e3780e22015e456fafdfe4119a34b

SHA512
2ab04ca79a220305aad704c8a24a471902a2a1b87f92812b0d8a8764368f2b6fe3c559b94863ea65058e08d2dc1e5faf9e48564b7375a78d8e3c6bb0010b203b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe

Filesize
184KB

MD5
b955d305b112e0592f8689e7ce4f5939

SHA1
f1603d62d411eec303401bac8c92c405f15051cd

SHA256
e0d3486d26f799e0def73c50c8f4742fe9a61265b05d885dc8fe799031a4f05b

SHA512
5bca8fb79c120ae10013a2b7d29586669e8d0d1c5210d063ec6cba164e906845312593b94afed4b16afb7b5b001291e46d6b210f7e03eb3f51793690f0350d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe

Filesize
184KB

MD5
3ff0842f5d33e3c842053609f4f7ccf0

SHA1
199ed30fcd27b9471e7465471f2854bd47169d8b

SHA256
206437a1c1818f597bc7b1062c7647fd948a2385fb587e4098429cd6fe932c0f

SHA512
05d9ab121e8fd0aed00aa56d985c86f6e667e6dd15436c302d700fcd981d792e059ab394cce6d5adc92f1aeee627adebb416ab05e66ffb71bc00b908503a2789

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe

Filesize
184KB

MD5
909370ee20f3260335466162a10cd749

SHA1
3d3b05bf6a48793372d60ec794c05024cc8e0699

SHA256
8af6d362a10f4a48420ab697f926b1b119d2e34c5f813f42d619af5df3bb3428

SHA512
677f92993e9c03d4c145b0d1b02c2bd7c7313a6c11eebcd57e17bcc2f8dc791e0622aa7ef3808913e8cabc19e396b76e28bb0474b3454561a4f6547185ebbaba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe

Filesize
184KB

MD5
59a26d3bf1e21f016323410d4aa7b288

SHA1
a1a3af90a7c3cbbb2c795ebb982475abb8bf74cc

SHA256
01a265f15b71730e38ccb8a3905a762cd4a877adacf2c58a49a4f7dbc16e5d84

SHA512
c99f69dba2c358ba85ce0b9ab88591d345be5674d7bfd4e46ce769dd9c7b46e65db985377c5c94d43946fe786e15bb1d38ea58f1dbcf59136593a80676d6f7f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe

Filesize
184KB

MD5
0b6d8840ca19861fa064692a2007d7f5

SHA1
2ced8eae1c7358f95ac753dd98be178f2da886a9

SHA256
84216e828643987076ac18d664592ff85fc4040fbdb3634abaef5dccdbad3f29

SHA512
16f46e575ead38c3964dd10ea37da50afd5b9c167f1532c4bdd895aa5c3d1d43d14fdbdb72981c193556b1fc90271830d047855fd0e15ef7412ac155c2b99c24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe

Filesize
184KB

MD5
334cd22278384517d97d391045c60747

SHA1
495aff103802ac4ca799616dd599aeb546896871

SHA256
373731599778af9975739de2683b3e4cad0f36651c85f77b0513a318ad4aecaf

SHA512
2a4cc856d4914737a34a175e1c3c977d0d73aaa1160d360ca91799eb46d96a04347707f2caaddf1ab6d49c8ce44e60e995061b022b0c0d9ed25d2970164366c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48200.exe

Filesize
184KB

MD5
0d01328536a09a64ff2a7302533e45d1

SHA1
9e01cde11a257d0f59d7542eb26dc30b5b74aea4

SHA256
e576b29d3875285155d57c833b9bfed015bb7232ae320139b4226b236d6e9940

SHA512
079f3608cd0a52c0095cd7083db9ecc963276cb4d30ea97554b700811784f1ef53941a307d77e77f7f69e825b02e08908213488a0010f402d0f909b281ddb34f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-787.exe

Filesize
184KB

MD5
ff2fcd74331c015391a70555f3e019ee

SHA1
6c8ad755000392d2d8c99450a854119c2b116ad4

SHA256
bbde42bed53d4b30f0f08b353f432465d5b51f2b7c078f2e50e82a41c0f33cec

SHA512
5edbdd2b4ac3120153246b90147a00acd8197fdbe1c5782b1fae39c398eab9411689a5ed8a9a58ebd77b6b43807f03401ab33a27726338ee64a9ad8df2f459be

Download Submit
memory/2176-774-0x00000000028D0000-0x0000000002A2C000-memory.dmp

Filesize
1.4MB

Download