ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
Size

184KB
MD5

c94a340104d1c04a6b2599364147202f
SHA1

fad184fc6387de73cad811dbd8d0f8147abbf612
SHA256

ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c
SHA512

f7fbe401809779b6d584d5156ffcec22783477c0db4d0f7b9ec58ceea48c3a0ca6769eafb4f7d40d031a70c3690720f78ef892f7b8a7769cd5d2248f1e8f9de0
SSDEEP

1536:A7SI6jZlu3M4otxAtDO9lewMG2dyvZclmmdpc7LR2AzetAhl5hj5nizpvJ:u4a3M4oTCDOOdG4Wee7LRXsAhlnViFR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-28243.exeUnicorn-51035.exeUnicorn-4527.exeUnicorn-12854.exeUnicorn-13046.exeUnicorn-58718.exeUnicorn-56970.exeUnicorn-24298.exeUnicorn-52756.exeUnicorn-7084.exeUnicorn-60507.exeUnicorn-40641.exeUnicorn-52059.exeUnicorn-10533.exeUnicorn-43206.exeUnicorn-32769.exeUnicorn-32769.exeUnicorn-15344.exeUnicorn-28727.exeUnicorn-15921.exeUnicorn-11706.exeUnicorn-61364.exeUnicorn-61556.exeUnicorn-24477.exeUnicorn-13808.exeUnicorn-57918.exeUnicorn-12246.exeUnicorn-36383.exeUnicorn-1058.exeUnicorn-27530.exeUnicorn-1598.exeUnicorn-53684.exeUnicorn-41069.exeUnicorn-48038.exeUnicorn-61930.exeUnicorn-9776.exeUnicorn-44909.exeUnicorn-9968.exeUnicorn-12620.exeUnicorn-12812.exeUnicorn-12812.exeUnicorn-25619.exeUnicorn-61136.exeUnicorn-41270.exeUnicorn-47922.exeUnicorn-28248.exeUnicorn-28955.exeUnicorn-16952.exeUnicorn-12353.exeUnicorn-30683.exeUnicorn-49048.exeUnicorn-53407.exeUnicorn-29225.exeUnicorn-29993.exeUnicorn-27724.exeUnicorn-14917.exeUnicorn-60781.exeUnicorn-15109.exeUnicorn-45286.exeUnicorn-60553.exeUnicorn-60553.exeUnicorn-60553.exeUnicorn-40687.exeUnicorn-39125.exe

pid	process
1796	Unicorn-28243.exe
1728	Unicorn-51035.exe
3036	Unicorn-4527.exe
2628	Unicorn-12854.exe
2796	Unicorn-13046.exe
2536	Unicorn-58718.exe
296	Unicorn-56970.exe
1932	Unicorn-24298.exe
2580	Unicorn-52756.exe
1532	Unicorn-7084.exe
1788	Unicorn-60507.exe
2240	Unicorn-40641.exe
1152	Unicorn-52059.exe
1148	Unicorn-10533.exe
2696	Unicorn-43206.exe
2860	Unicorn-32769.exe
2852	Unicorn-32769.exe
680	Unicorn-15344.exe
2472	Unicorn-28727.exe
404	Unicorn-15921.exe
1716	Unicorn-11706.exe
1344	Unicorn-61364.exe
1300	Unicorn-61556.exe
2968	Unicorn-24477.exe
3044	Unicorn-13808.exe
2872	Unicorn-57918.exe
2120	Unicorn-12246.exe
1572	Unicorn-36383.exe
2076	Unicorn-1058.exe
2208	Unicorn-27530.exe
2924	Unicorn-1598.exe
2652	Unicorn-53684.exe
2728	Unicorn-41069.exe
2252	Unicorn-48038.exe
2760	Unicorn-61930.exe
2544	Unicorn-9776.exe
2476	Unicorn-44909.exe
1696	Unicorn-9968.exe
1384	Unicorn-12620.exe
2488	Unicorn-12812.exe
1948	Unicorn-12812.exe
1224	Unicorn-25619.exe
2416	Unicorn-61136.exe
2424	Unicorn-41270.exe
2296	Unicorn-47922.exe
2372	Unicorn-28248.exe
1008	Unicorn-28955.exe
1804	Unicorn-16952.exe
852	Unicorn-12353.exe
1144	Unicorn-30683.exe
1644	Unicorn-49048.exe
1612	Unicorn-53407.exe
2828	Unicorn-29225.exe
988	Unicorn-29993.exe
344	Unicorn-27724.exe
2596	Unicorn-14917.exe
2176	Unicorn-60781.exe
2084	Unicorn-15109.exe
2972	Unicorn-45286.exe
2300	Unicorn-60553.exe
2708	Unicorn-60553.exe
2840	Unicorn-60553.exe
2344	Unicorn-40687.exe
2184	Unicorn-39125.exe

Loads dropped DLL 64 IoCs

Processes:

ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exeUnicorn-28243.exeUnicorn-51035.exeUnicorn-4527.exeWerFault.exeUnicorn-12854.exeUnicorn-58718.exeUnicorn-13046.exeWerFault.exeWerFault.exeUnicorn-56970.exeUnicorn-52756.exeUnicorn-24298.exeUnicorn-7084.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
1796	Unicorn-28243.exe
1796	Unicorn-28243.exe
2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
1728	Unicorn-51035.exe
1728	Unicorn-51035.exe
1796	Unicorn-28243.exe
3036	Unicorn-4527.exe
3036	Unicorn-4527.exe
1796	Unicorn-28243.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
2628	Unicorn-12854.exe
2628	Unicorn-12854.exe
2536	Unicorn-58718.exe
2536	Unicorn-58718.exe
3036	Unicorn-4527.exe
3036	Unicorn-4527.exe
2796	Unicorn-13046.exe
2796	Unicorn-13046.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1312	WerFault.exe
1312	WerFault.exe
1312	WerFault.exe
1312	WerFault.exe
1296	WerFault.exe
1312	WerFault.exe
2628	Unicorn-12854.exe
296	Unicorn-56970.exe
296	Unicorn-56970.exe
2628	Unicorn-12854.exe
2580	Unicorn-52756.exe
2580	Unicorn-52756.exe
1932	Unicorn-24298.exe
1932	Unicorn-24298.exe
1532	Unicorn-7084.exe
1532	Unicorn-7084.exe
2796	Unicorn-13046.exe
2536	Unicorn-58718.exe
2536	Unicorn-58718.exe
2796	Unicorn-13046.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2768	2936	WerFault.exe	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
1440	1796	WerFault.exe	Unicorn-28243.exe
1296	1728	WerFault.exe	Unicorn-51035.exe
1312	3036	WerFault.exe	Unicorn-4527.exe
588	2628	WerFault.exe	Unicorn-12854.exe
944	2536	WerFault.exe	Unicorn-58718.exe
580	2796	WerFault.exe	Unicorn-13046.exe
1748	296	WerFault.exe	Unicorn-56970.exe
872	2580	WerFault.exe	Unicorn-52756.exe
2180	1932	WerFault.exe	Unicorn-24298.exe
1800	1532	WerFault.exe	Unicorn-7084.exe
2440	1788	WerFault.exe	Unicorn-60507.exe
2160	1152	WerFault.exe	Unicorn-52059.exe
2348	1148	WerFault.exe	Unicorn-10533.exe
1628	2240	WerFault.exe	Unicorn-40641.exe
684	2852	WerFault.exe	Unicorn-32769.exe
2276	2860	WerFault.exe	Unicorn-32769.exe
864	2696	WerFault.exe	Unicorn-43206.exe
2864	680	WerFault.exe	Unicorn-15344.exe
532	2472	WerFault.exe	Unicorn-28727.exe
2124	1716	WerFault.exe	Unicorn-11706.exe
892	404	WerFault.exe	Unicorn-15921.exe
1080	1344	WerFault.exe	Unicorn-61364.exe
1720	1300	WerFault.exe	Unicorn-61556.exe
1772	2968	WerFault.exe	Unicorn-24477.exe
1392	3044	WerFault.exe	Unicorn-13808.exe
1864	2120	WerFault.exe	Unicorn-12246.exe
3052	2872	WerFault.exe	Unicorn-57918.exe
1916	1572	WerFault.exe	Unicorn-36383.exe
1052	2076	WerFault.exe	Unicorn-1058.exe
1276	2208	WerFault.exe	Unicorn-27530.exe
1580	2652	WerFault.exe	Unicorn-53684.exe
3028	2728	WerFault.exe	Unicorn-41069.exe
2100	2252	WerFault.exe	Unicorn-48038.exe
2724	1224	WerFault.exe	Unicorn-25619.exe
2888	2416	WerFault.exe	Unicorn-61136.exe
1972	1948	WerFault.exe	Unicorn-12812.exe
1432	2544	WerFault.exe	Unicorn-9776.exe
3076	2476	WerFault.exe	Unicorn-44909.exe
3084	2424	WerFault.exe	Unicorn-41270.exe
3148	2924	WerFault.exe	Unicorn-1598.exe
3156	2760	WerFault.exe	Unicorn-61930.exe
3508	1696	WerFault.exe	Unicorn-9968.exe
3580	1384	WerFault.exe	Unicorn-12620.exe
3324	2488	WerFault.exe	Unicorn-12812.exe
3588	2840	WerFault.exe	Unicorn-60553.exe
3720	2344	WerFault.exe	Unicorn-40687.exe
3748	2708	WerFault.exe	Unicorn-60553.exe
3804	2972	WerFault.exe	Unicorn-45286.exe
3832	2184	WerFault.exe	Unicorn-39125.exe
3924	2176	WerFault.exe	Unicorn-60781.exe
4048	2396	WerFault.exe	Unicorn-6453.exe
3636	2372	WerFault.exe	Unicorn-28248.exe
3724	2792	WerFault.exe	Unicorn-26511.exe
3816	1644	WerFault.exe	Unicorn-49048.exe
3916	2028	WerFault.exe	Unicorn-58711.exe
3972	2780	WerFault.exe	Unicorn-11565.exe
4080	1144	WerFault.exe	Unicorn-30683.exe
3372	2732	WerFault.exe	Unicorn-11757.exe
3352	2064	WerFault.exe	Unicorn-26641.exe
3376	1248	WerFault.exe	Unicorn-14061.exe
3480	2808	WerFault.exe	Unicorn-46651.exe
3484	1488	WerFault.exe	Unicorn-58197.exe
4204	2296	WerFault.exe	Unicorn-47922.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exeUnicorn-28243.exeUnicorn-51035.exeUnicorn-4527.exeUnicorn-12854.exeUnicorn-58718.exeUnicorn-13046.exeUnicorn-56970.exeUnicorn-24298.exeUnicorn-52756.exeUnicorn-7084.exeUnicorn-40641.exeUnicorn-60507.exeUnicorn-52059.exeUnicorn-10533.exeUnicorn-43206.exeUnicorn-32769.exeUnicorn-32769.exeUnicorn-15344.exeUnicorn-28727.exeUnicorn-15921.exeUnicorn-11706.exeUnicorn-61364.exeUnicorn-61556.exeUnicorn-24477.exeUnicorn-13808.exeUnicorn-12246.exeUnicorn-57918.exeUnicorn-36383.exeUnicorn-1058.exeUnicorn-27530.exeUnicorn-1598.exeUnicorn-53684.exeUnicorn-41069.exeUnicorn-48038.exeUnicorn-61930.exeUnicorn-9776.exeUnicorn-44909.exeUnicorn-9968.exeUnicorn-12620.exeUnicorn-12812.exeUnicorn-25619.exeUnicorn-12812.exeUnicorn-61136.exeUnicorn-41270.exeUnicorn-47922.exeUnicorn-28248.exeUnicorn-28955.exeUnicorn-16952.exeUnicorn-12353.exeUnicorn-30683.exeUnicorn-49048.exeUnicorn-53407.exeUnicorn-29225.exeUnicorn-29993.exeUnicorn-27724.exeUnicorn-14917.exeUnicorn-60781.exeUnicorn-15109.exeUnicorn-60553.exeUnicorn-45286.exeUnicorn-60553.exeUnicorn-40687.exeUnicorn-60553.exe

pid	process
2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
1796	Unicorn-28243.exe
1728	Unicorn-51035.exe
3036	Unicorn-4527.exe
2628	Unicorn-12854.exe
2536	Unicorn-58718.exe
2796	Unicorn-13046.exe
296	Unicorn-56970.exe
1932	Unicorn-24298.exe
2580	Unicorn-52756.exe
1532	Unicorn-7084.exe
2240	Unicorn-40641.exe
1788	Unicorn-60507.exe
1152	Unicorn-52059.exe
1148	Unicorn-10533.exe
2696	Unicorn-43206.exe
2852	Unicorn-32769.exe
2860	Unicorn-32769.exe
680	Unicorn-15344.exe
2472	Unicorn-28727.exe
404	Unicorn-15921.exe
1716	Unicorn-11706.exe
1344	Unicorn-61364.exe
1300	Unicorn-61556.exe
2968	Unicorn-24477.exe
3044	Unicorn-13808.exe
2120	Unicorn-12246.exe
2872	Unicorn-57918.exe
1572	Unicorn-36383.exe
2076	Unicorn-1058.exe
2208	Unicorn-27530.exe
2924	Unicorn-1598.exe
2652	Unicorn-53684.exe
2728	Unicorn-41069.exe
2252	Unicorn-48038.exe
2760	Unicorn-61930.exe
2544	Unicorn-9776.exe
2476	Unicorn-44909.exe
1696	Unicorn-9968.exe
1384	Unicorn-12620.exe
2488	Unicorn-12812.exe
1224	Unicorn-25619.exe
1948	Unicorn-12812.exe
2416	Unicorn-61136.exe
2424	Unicorn-41270.exe
2296	Unicorn-47922.exe
2372	Unicorn-28248.exe
1008	Unicorn-28955.exe
1804	Unicorn-16952.exe
852	Unicorn-12353.exe
1144	Unicorn-30683.exe
1644	Unicorn-49048.exe
1612	Unicorn-53407.exe
2828	Unicorn-29225.exe
988	Unicorn-29993.exe
344	Unicorn-27724.exe
2596	Unicorn-14917.exe
2176	Unicorn-60781.exe
2084	Unicorn-15109.exe
2300	Unicorn-60553.exe
2972	Unicorn-45286.exe
2708	Unicorn-60553.exe
2344	Unicorn-40687.exe
2840	Unicorn-60553.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exeUnicorn-28243.exeUnicorn-51035.exeUnicorn-4527.exeUnicorn-12854.exeUnicorn-58718.exeUnicorn-13046.exeUnicorn-56970.exe

description	pid	process	target process
PID 2936 wrote to memory of 1796	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-28243.exe
PID 2936 wrote to memory of 1796	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-28243.exe
PID 2936 wrote to memory of 1796	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-28243.exe
PID 2936 wrote to memory of 1796	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-28243.exe
PID 1796 wrote to memory of 1728	1796	Unicorn-28243.exe	Unicorn-51035.exe
PID 1796 wrote to memory of 1728	1796	Unicorn-28243.exe	Unicorn-51035.exe
PID 1796 wrote to memory of 1728	1796	Unicorn-28243.exe	Unicorn-51035.exe
PID 1796 wrote to memory of 1728	1796	Unicorn-28243.exe	Unicorn-51035.exe
PID 2936 wrote to memory of 3036	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-4527.exe
PID 2936 wrote to memory of 3036	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-4527.exe
PID 2936 wrote to memory of 3036	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-4527.exe
PID 2936 wrote to memory of 3036	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	Unicorn-4527.exe
PID 2936 wrote to memory of 2768	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	WerFault.exe
PID 2936 wrote to memory of 2768	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	WerFault.exe
PID 2936 wrote to memory of 2768	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	WerFault.exe
PID 2936 wrote to memory of 2768	2936	ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe	WerFault.exe
PID 1728 wrote to memory of 2628	1728	Unicorn-51035.exe	Unicorn-12854.exe
PID 1728 wrote to memory of 2628	1728	Unicorn-51035.exe	Unicorn-12854.exe
PID 1728 wrote to memory of 2628	1728	Unicorn-51035.exe	Unicorn-12854.exe
PID 1728 wrote to memory of 2628	1728	Unicorn-51035.exe	Unicorn-12854.exe
PID 3036 wrote to memory of 2796	3036	Unicorn-4527.exe	Unicorn-13046.exe
PID 3036 wrote to memory of 2796	3036	Unicorn-4527.exe	Unicorn-13046.exe
PID 3036 wrote to memory of 2796	3036	Unicorn-4527.exe	Unicorn-13046.exe
PID 3036 wrote to memory of 2796	3036	Unicorn-4527.exe	Unicorn-13046.exe
PID 1796 wrote to memory of 2536	1796	Unicorn-28243.exe	Unicorn-58718.exe
PID 1796 wrote to memory of 2536	1796	Unicorn-28243.exe	Unicorn-58718.exe
PID 1796 wrote to memory of 2536	1796	Unicorn-28243.exe	Unicorn-58718.exe
PID 1796 wrote to memory of 2536	1796	Unicorn-28243.exe	Unicorn-58718.exe
PID 1796 wrote to memory of 1440	1796	Unicorn-28243.exe	WerFault.exe
PID 1796 wrote to memory of 1440	1796	Unicorn-28243.exe	WerFault.exe
PID 1796 wrote to memory of 1440	1796	Unicorn-28243.exe	WerFault.exe
PID 1796 wrote to memory of 1440	1796	Unicorn-28243.exe	WerFault.exe
PID 2628 wrote to memory of 296	2628	Unicorn-12854.exe	Unicorn-56970.exe
PID 2628 wrote to memory of 296	2628	Unicorn-12854.exe	Unicorn-56970.exe
PID 2628 wrote to memory of 296	2628	Unicorn-12854.exe	Unicorn-56970.exe
PID 2628 wrote to memory of 296	2628	Unicorn-12854.exe	Unicorn-56970.exe
PID 2536 wrote to memory of 1932	2536	Unicorn-58718.exe	Unicorn-24298.exe
PID 2536 wrote to memory of 1932	2536	Unicorn-58718.exe	Unicorn-24298.exe
PID 2536 wrote to memory of 1932	2536	Unicorn-58718.exe	Unicorn-24298.exe
PID 2536 wrote to memory of 1932	2536	Unicorn-58718.exe	Unicorn-24298.exe
PID 3036 wrote to memory of 2580	3036	Unicorn-4527.exe	Unicorn-52756.exe
PID 3036 wrote to memory of 2580	3036	Unicorn-4527.exe	Unicorn-52756.exe
PID 3036 wrote to memory of 2580	3036	Unicorn-4527.exe	Unicorn-52756.exe
PID 3036 wrote to memory of 2580	3036	Unicorn-4527.exe	Unicorn-52756.exe
PID 2796 wrote to memory of 1532	2796	Unicorn-13046.exe	Unicorn-7084.exe
PID 2796 wrote to memory of 1532	2796	Unicorn-13046.exe	Unicorn-7084.exe
PID 2796 wrote to memory of 1532	2796	Unicorn-13046.exe	Unicorn-7084.exe
PID 2796 wrote to memory of 1532	2796	Unicorn-13046.exe	Unicorn-7084.exe
PID 1728 wrote to memory of 1296	1728	Unicorn-51035.exe	WerFault.exe
PID 1728 wrote to memory of 1296	1728	Unicorn-51035.exe	WerFault.exe
PID 1728 wrote to memory of 1296	1728	Unicorn-51035.exe	WerFault.exe
PID 1728 wrote to memory of 1296	1728	Unicorn-51035.exe	WerFault.exe
PID 3036 wrote to memory of 1312	3036	Unicorn-4527.exe	WerFault.exe
PID 3036 wrote to memory of 1312	3036	Unicorn-4527.exe	WerFault.exe
PID 3036 wrote to memory of 1312	3036	Unicorn-4527.exe	WerFault.exe
PID 3036 wrote to memory of 1312	3036	Unicorn-4527.exe	WerFault.exe
PID 296 wrote to memory of 1788	296	Unicorn-56970.exe	Unicorn-60507.exe
PID 296 wrote to memory of 1788	296	Unicorn-56970.exe	Unicorn-60507.exe
PID 296 wrote to memory of 1788	296	Unicorn-56970.exe	Unicorn-60507.exe
PID 296 wrote to memory of 1788	296	Unicorn-56970.exe	Unicorn-60507.exe
PID 2628 wrote to memory of 2240	2628	Unicorn-12854.exe	Unicorn-40641.exe
PID 2628 wrote to memory of 2240	2628	Unicorn-12854.exe	Unicorn-40641.exe
PID 2628 wrote to memory of 2240	2628	Unicorn-12854.exe	Unicorn-40641.exe
PID 2628 wrote to memory of 2240	2628	Unicorn-12854.exe	Unicorn-40641.exe

C:\Users\Admin\AppData\Local\Temp\ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe
"C:\Users\Admin\AppData\Local\Temp\ad1a4bdbd3fc39868869e39ee68163b068f340ff66d7bb3dd0a0ceadbe1c6e3c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
10⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
11⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
12⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
13⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
14⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
15⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
15⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
14⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
13⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
12⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
11⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
10⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
11⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
12⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
13⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
14⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
14⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
13⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
11⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
10⤵
- Program crash
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
9⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
10⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
11⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
12⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
13⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
14⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
14⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
13⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
12⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
10⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
9⤵
- Program crash
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
9⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
10⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
11⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
12⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
13⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
14⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
14⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
13⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
11⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
10⤵
- Program crash
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
11⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
12⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
9⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 240
8⤵
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-55056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55056.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
11⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
12⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
13⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
14⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
14⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
12⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
10⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
11⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
12⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
13⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
13⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
8⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
11⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
12⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 236
13⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
12⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
11⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
9⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
8⤵
- Program crash
PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
7⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28727.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
9⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
10⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
11⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
12⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
13⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
14⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
14⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
13⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
12⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
11⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
10⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
11⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
12⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
13⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
13⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
12⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
8⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
13⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 220
11⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
10⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
9⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
8⤵
- Program crash
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
11⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
12⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
13⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
12⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
10⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
9⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
10⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
12⤵
PID:11292

C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 220
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
11⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
8⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
6⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
9⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
11⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
12⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
13⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
14⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
14⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
13⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
11⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
9⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
11⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
12⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
13⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
8⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32082.exe
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
11⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
12⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
13⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 236
13⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
9⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
8⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
10⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
11⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
12⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
13⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
12⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
10⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
11⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
12⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 216
12⤵
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 236
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
9⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
8⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 240
7⤵
- Program crash
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
7⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
11⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
12⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
9⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
8⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
7⤵
- Program crash
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
6⤵
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
9⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
10⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
11⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
12⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
13⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-22135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22135.exe
14⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
14⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
11⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
10⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
9⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
8⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-44228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44228.exe
11⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
12⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 220
13⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
12⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 216
9⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
8⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
7⤵
- Executes dropped EXE
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
10⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
11⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
12⤵
PID:11316

C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
13⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
8⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
7⤵
- Program crash
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
8⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
11⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 220
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
12⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
10⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
9⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
8⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
7⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
10⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
11⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
12⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 220
12⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 220
10⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
7⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
6⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
12⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
13⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
13⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
9⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
8⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
7⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
10⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
11⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 236
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
10⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
8⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 220
7⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
6⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
7⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
11⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
12⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
12⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
11⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 236
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
8⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
9⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
10⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
11⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 236
11⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
10⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
9⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
8⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
7⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
6⤵
- Program crash
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
5⤵
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
7⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-48011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48011.exe
8⤵
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
11⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
12⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
13⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
13⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
12⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 216
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
10⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 188
12⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
11⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
7⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
11⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
12⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
12⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
10⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
8⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 220
7⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
6⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
7⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
11⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
12⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 216
12⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
10⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
8⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
7⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
8⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
9⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
10⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
11⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 220
11⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
10⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
9⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
8⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
7⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
6⤵
- Program crash
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
6⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
7⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
9⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
10⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
11⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
10⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
8⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
7⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
6⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
8⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 220
9⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
8⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
7⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
6⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 220
5⤵
- Program crash
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
9⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
11⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
12⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
13⤵
PID:10376

C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
14⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 216
14⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
13⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
12⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
11⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
10⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 212
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 220
9⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
11⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 236
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
9⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
8⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
11⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-63831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63831.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
13⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 220
11⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
8⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
7⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
8⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
13⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
13⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 220
11⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
9⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
10⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
11⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
12⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
12⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
10⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
7⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
6⤵
- Program crash
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
7⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
8⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
11⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
12⤵
PID:11364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
9⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
11⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 220
12⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
7⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-56332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56332.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
10⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
11⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
12⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 216
12⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
10⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 216
8⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
7⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
6⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
7⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
10⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
11⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
12⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 236
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 220
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
8⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
7⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
6⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
5⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
7⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
10⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
11⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 236
12⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
11⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 236
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
7⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
9⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 240
10⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
8⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
7⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
6⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
7⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-44228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44228.exe
9⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
10⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
11⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
11⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 236
10⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
9⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
8⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
7⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
6⤵
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
5⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-15154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15154.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
11⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
12⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
13⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 236
13⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
12⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
9⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-35382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35382.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
11⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
12⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
8⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
7⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
11⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
12⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
11⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
9⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
8⤵
- Program crash
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
7⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
10⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
11⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 216
12⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
11⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
10⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
8⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
9⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
10⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
11⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 216
11⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
10⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
9⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
7⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 240
6⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-2323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2323.exe
7⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
9⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 224
10⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
8⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
9⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
10⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
11⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
11⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
10⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
9⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
8⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
7⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
6⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
7⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
9⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
10⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
11⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 220
11⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
10⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
9⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
8⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 216
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
5⤵
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
7⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13280.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
10⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
7⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
8⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
9⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
10⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
11⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
11⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
10⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 220
9⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
8⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
7⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
6⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
7⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
8⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
9⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
10⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
11⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 220
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
10⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
9⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
7⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
6⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
6⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
8⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
9⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
10⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
11⤵
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 236
11⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
10⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
9⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
8⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
7⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
6⤵
- Program crash
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
5⤵
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
4⤵
- Program crash
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
2⤵
- Program crash
PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe

Filesize
184KB

MD5
ad264fb94bb3852132f17655a1c15853

SHA1
a93b145582ad5eaed76f8326c952da423991917e

SHA256
5999a1a0441383213579299802e7b2d67add934c0ef479cd1fa6f61c3011576b

SHA512
53d6ae9f6a0ba527af581abcc321d71e3efa70d30131eead55115c9fc0ae505287cbc901db89b60a4c130cae04f48fb3964b137a141d18fc3c2de9e40a7e5080

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe

Filesize
184KB

MD5
4db8db0094b64a3e6a44be2753a86f7e

SHA1
eb51e9dce876b981173eb3ba5f2ff5fffbabae78

SHA256
f3c3e799fb81979abe812a42f3c4aaecf26bbe5bf5ab0ca573016109b3d2b1bb

SHA512
7e58669851e9481572c9fdc343ae59e75a4a0c0e5657fde8e24a824b46c2d8ef3df28775c9119b3b86045ec6a094f03df84bc8ec441349dda877a583adbcbfc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe

Filesize
184KB

MD5
4c9e967ce8d424714a628a1e98dc2e42

SHA1
35f688da0556597a33916fd39eea4254add3d499

SHA256
4759fb39537c7b990a88417522d63dc6a84d271c58cc869daf720f8eb6c66c2a

SHA512
b9f886676dcc2f2fcf079726cd507425eaeb56c4d0b1e864111933fb9a21b6dcfade8c35e64aed38bb80bd6de9158758275fb8a742d7b8bad7508f9a026e52f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe

Filesize
184KB

MD5
f13853f8a67cf00d2165fa11bd341b48

SHA1
7ee03cf7fa73a0aff687f81b6b5616eb003c2865

SHA256
0341ac486102cce9920eaa9bf102d6e892f927db20aeb39d8d612178b6940fbc

SHA512
73975359155abbad20d5b4b76c6a1ecf466d0075b4fa3ae75c77cd5552f539a1e182540aafc6d0a3f201c2481f7594d45ee8354776869247136006a7ee59184a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe

Filesize
184KB

MD5
7340cef1f54df99cb87990875dd1b8ab

SHA1
b840f55a411021291ab28b1e46712d32e237267c

SHA256
16a1dcea3c9b8488b590d1b881b68fb6172fcc03b81499423216f35ac908d3bf

SHA512
de257c064d6089c47dea815ebe79cbcc96bf22460a8f255e346cefcd89215505c6fe5885edd0bcb875b3b024ec835c78f3fa4efa29d30f81939ebbf9a67b02a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe

Filesize
184KB

MD5
40e15ba26346c673f438063f15db610b

SHA1
cb5681c74d58c39cf1cdb618b5a694a3770aaf53

SHA256
2c3ec23147135aa61e7405f682f3fd7aafe5d91cd1d9efb2d0016d3dc7a801aa

SHA512
fba240609cc1d230863248d00c3c2bd6f1c44a7a5c3d04141d9b9f41f7b41b7e64ffa5eb084eecf4e1c9f4b66d2580438cd3a35268ef43d53f54b660cdca4964

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe

Filesize
184KB

MD5
64bf1c59e514a4ab39a5506c31d6eb95

SHA1
c85b7d98ec84713a41c0a53ecf3d70b69552c8e8

SHA256
f429bc5942e4fbbdca9c943caff4a477c6618f654b04ca81870014622b6418f9

SHA512
7364025ac397e4f2fa0f59b33f055fd05df89d03289dc27192495e172c4f48318aab1dbf19a8a98f17922294fb057f52d6d7a07700a1f47ae2a0cce47b978264

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe

Filesize
184KB

MD5
e2d7b02c0e1f25b4636a3c6b7046e31d

SHA1
3df580c0b52af09f018698470f02c208ec226670

SHA256
271999c759470277625ab587320a58f738167ef8f3900f6b24ae902481eb7b79

SHA512
808ab6ac6fa7cd0e0bf79cfa052a0b95a3349c58cf461ae8de64cb20907c55b2df7e9f2eaae2f6fb3884020aed36d4dd7b4e170cc11880d77cf167dd527b9634

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe

Filesize
184KB

MD5
caeb212ff63c0608e91f0bbc70c70b3b

SHA1
8a58d5cc17ec87bb3832a942486560a2407a5f72

SHA256
2d2231d78dfde6c325b7750da5bf8afddba3cf7c020efb205ba7cf5c5d14fc17

SHA512
ffe6a930f8cd828c6c9172d13b917a4b764e801488839ec29fc1260650ceb4f59e01d285755f25741a619749d34038cf52e27ee80a56ecf02092fc790dec311a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe

Filesize
184KB

MD5
1f78ac6962627500b4fbc1128583b49f

SHA1
4de5bd14d15acc5b7bbd6a0b1bb05830b51bf9f7

SHA256
ae61a8b5454b5206bde764b394461b39bb25ed2b751f0880bcd74c4b7b318a3e

SHA512
519f2e9cc164eee6494dd82a1ee2de3e71b0b2367955c933e8f732309800c6e609c64023a4633300ba7a5c0ee34e3981c1eb89a66eca10c3be6ddf20267018d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe

Filesize
184KB

MD5
c8783d818364f9d775d905647911b4bc

SHA1
4cc6546faff8c8007c26665ba678c0ceefd8452d

SHA256
1c62aeba03ee19cf190183b70aee0c69dacc9b3d234d718fb89a222b23b7aeca

SHA512
9cdc419a87d7470a08fd1b54a07535f6ca09caddfe91a87fa99913507e12bb5964c320e6fe75fc11202f06cb1e2140b82ede261f88d22012e78d446b18037e1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe

Filesize
184KB

MD5
b1d16ecf3d40a75ff564cd84576a5541

SHA1
dee45864f3d615cd8a5cabb69077dd1853291235

SHA256
f81988b2a681a877c35338e9b99747836a78c9838cdb61aa32fe62c3a705680d

SHA512
f04eb803e984ba8a3ae11570537eabe98b93892606621dd5353e755ea8e1a97ce8f616468e3bae36dec4939640e788320147d8f3d9b41a15c3af7d05b8c4a043

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe

Filesize
184KB

MD5
4236f4c8faaaa86f55c7eaccbb4bb518

SHA1
a59cf07dc4be6bef6a80e5bab93e92f071a69f98

SHA256
63cded403419124a77de5d909cd143f41945005bede1e0f2ce00e4aebada3a16

SHA512
df31209b024579d35a7ae0c7237fc004827280a104558d5a88644ce78d7a8ee0897c31b9ca9befb0e18f9a96737ed30d923f5e55bb2bb75721488d2f3fc9fea0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe

Filesize
184KB

MD5
fb47f0219662f2b2b7e070760283d431

SHA1
51f61bc5cd4a2676e183276c04d2134256f5ae93

SHA256
224bb2f576be6589780d63a10a653e04739825572cdde8a8d628299faaa7eb7d

SHA512
55b1c395126c21e1146542a7a23073539e77d42cfbcaee41baa86a5a89b78b8035d55ad3d5990adce23276fc348a9a45ed18b9e6b0893fdc6432f84790815506

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe

Filesize
184KB

MD5
9add41adc6041ac86ad7537b8b888290

SHA1
2d098a1f9314ad93c1f64f3c60be9e21589c8066

SHA256
26e65258a0ba6fd66dd1e7df25b8fa5c3a069af6acda767eab9fa98513c3e56d

SHA512
2262501dd6cf2ed5e5b351025194468035418b1aa4fa1117ceeec4faf874a166c6973d91fc1a7e079f919ff78f10d9092068ce7ce9715972f37a4d0420ba7c95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe

Filesize
184KB

MD5
9e1f61ab068c08f6c110545112ad7280

SHA1
826fb29ae0d56f1710438ea039ef50490514396c

SHA256
d42a57e509b3f03e72d2850e5448ff4e2da777d540b8167b67e99a289973ecc8

SHA512
e2ef26c3a88060fec66f6ba4981411c5a359eb5d8d541e35a3cbe2b54df3ccf78479b2cd68dbbfd979b634610baf4d59ab20fa25172cc4428aaa2b32f68b1f5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe

Filesize
184KB

MD5
c152a63d62b16dc95f4d1fb6bb3b873f

SHA1
ebbfcddbb4a3d383bf656561fbc86a5886653e5e

SHA256
51bcf2a29b834a15bdf70c374ae8b3647a1f3f56d8aa8431a3c6334b9348bbde

SHA512
9b02302fa669ca05446b04555c922b2e97a3c07305ce12f81e87ce69afd79d24ddec05da415be6f177c6ec0eae7da191bf4a22622982bb1b73566caf30a25303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe

Filesize
184KB

MD5
94e6fb97b696f205d7e4b396b3a47380

SHA1
3f8d747ca86a03edee71b2ee7a59fef7b4200c80

SHA256
578e846f50bd1ee1990c40117b2e5f3122d37169117c9e07f9604f697f10550e

SHA512
e61c70c7b8c616ac05a39c4e1683ce01b8b6ec264159955c296153fce777f9622461dbe4330fd3ce14e2a6688fcec047452d091e05431da669247b084cf33fd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe

Filesize
184KB

MD5
6790b0501ca80497cdc548b4a166749e

SHA1
51a1402fcd7ec7ad6bf53455defb211902760c00

SHA256
a234cf11427a6f776e8c8ca057f35e452e0900c3f8b6228362c15a9ee0c79bc3

SHA512
8ac69e15986848546c14d682ce2df383d68ea6fee890a61b3c785b5edd11aa57a33a6ad89d7b157a5a9f743247de8523c6935c057f008f43c2d36800012a124a

Download Submit