a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
Size

184KB
MD5

035a4b6244cf818c548ccc4a3eab51d3
SHA1

3760dabaf730b387716e6646252bf9ed93eabab9
SHA256

a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917
SHA512

e63fc6f9b5b799d8ef9d6a865ac35455075503e9820cb7320b669ba2d7abb7d4109d1f86c863b6081cace1dd4fe1e9652a2d0e5c9cd52eaf5c906ee618f29811
SSDEEP

1536:47UBHjZlK3/xotxdhJWAlawMZ2syvZcl9mddS3LR2TCtZJl5hjuniBpvo:WU+3/xoTXJWTdZhWe33LRIAZJln+iDA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-48144.exeUnicorn-56987.exeUnicorn-56665.exeUnicorn-60716.exeUnicorn-30051.exeUnicorn-48568.exeUnicorn-50478.exeUnicorn-50478.exeUnicorn-30612.exeUnicorn-55289.exeUnicorn-45074.exeUnicorn-55743.exeUnicorn-12209.exeUnicorn-38721.exeUnicorn-58587.exeUnicorn-42874.exeUnicorn-55873.exeUnicorn-59532.exeUnicorn-6994.exeUnicorn-15869.exeUnicorn-27628.exeUnicorn-27436.exeUnicorn-62308.exeUnicorn-16637.exeUnicorn-56278.exeUnicorn-59444.exeUnicorn-55038.exeUnicorn-9366.exeUnicorn-18926.exeUnicorn-45054.exeUnicorn-32439.exeUnicorn-32116.exeUnicorn-51982.exeUnicorn-150.exeUnicorn-56014.exeUnicorn-3476.exeUnicorn-18935.exeUnicorn-34608.exeUnicorn-19895.exeUnicorn-24110.exeUnicorn-24110.exeUnicorn-3002.exeUnicorn-10677.exeUnicorn-56157.exeUnicorn-43350.exeUnicorn-24060.exeUnicorn-34907.exeUnicorn-3806.exeUnicorn-22136.exeUnicorn-20251.exeUnicorn-31477.exeUnicorn-14455.exeUnicorn-16786.exeUnicorn-32245.exeUnicorn-32245.exeUnicorn-47320.exeUnicorn-65301.exeUnicorn-30168.exeUnicorn-50034.exeUnicorn-45244.exeUnicorn-65109.exeUnicorn-10075.exeUnicorn-10075.exeUnicorn-10075.exe

pid	process
2192	Unicorn-48144.exe
3048	Unicorn-56987.exe
2608	Unicorn-56665.exe
2812	Unicorn-60716.exe
2800	Unicorn-30051.exe
2236	Unicorn-48568.exe
2828	Unicorn-50478.exe
2804	Unicorn-50478.exe
2796	Unicorn-30612.exe
2004	Unicorn-55289.exe
2992	Unicorn-45074.exe
268	Unicorn-55743.exe
1056	Unicorn-12209.exe
2188	Unicorn-38721.exe
1652	Unicorn-58587.exe
2312	Unicorn-42874.exe
2292	Unicorn-55873.exe
2880	Unicorn-59532.exe
2132	Unicorn-6994.exe
2176	Unicorn-15869.exe
2196	Unicorn-27628.exe
996	Unicorn-27436.exe
1988	Unicorn-62308.exe
1880	Unicorn-16637.exe
1884	Unicorn-56278.exe
2180	Unicorn-59444.exe
2396	Unicorn-55038.exe
1664	Unicorn-9366.exe
2032	Unicorn-18926.exe
1752	Unicorn-45054.exe
3052	Unicorn-32439.exe
2840	Unicorn-32116.exe
1096	Unicorn-51982.exe
2584	Unicorn-150.exe
2764	Unicorn-56014.exe
2508	Unicorn-3476.exe
3024	Unicorn-18935.exe
3004	Unicorn-34608.exe
2956	Unicorn-19895.exe
2780	Unicorn-24110.exe
1804	Unicorn-24110.exe
2268	Unicorn-3002.exe
2240	Unicorn-10677.exe
1692	Unicorn-56157.exe
704	Unicorn-43350.exe
2688	Unicorn-24060.exe
1048	Unicorn-34907.exe
3064	Unicorn-3806.exe
3040	Unicorn-22136.exe
648	Unicorn-20251.exe
1132	Unicorn-31477.exe
2156	Unicorn-14455.exe
1556	Unicorn-16786.exe
944	Unicorn-32245.exe
1628	Unicorn-32245.exe
1672	Unicorn-47320.exe
2324	Unicorn-65301.exe
1824	Unicorn-30168.exe
992	Unicorn-50034.exe
2360	Unicorn-45244.exe
916	Unicorn-65109.exe
2836	Unicorn-10075.exe
2116	Unicorn-10075.exe
1888	Unicorn-10075.exe

Loads dropped DLL 64 IoCs

Processes:

a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exeUnicorn-48144.exeUnicorn-56665.exeWerFault.exeUnicorn-56987.exeUnicorn-30051.exeUnicorn-60716.exeWerFault.exeWerFault.exeUnicorn-48568.exeUnicorn-50478.exeUnicorn-50478.exeUnicorn-30612.exeWerFault.exeWerFault.exeUnicorn-55289.exeUnicorn-45074.exeUnicorn-55743.exe

pid	process
2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
2192	Unicorn-48144.exe
2192	Unicorn-48144.exe
2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
2192	Unicorn-48144.exe
2608	Unicorn-56665.exe
2608	Unicorn-56665.exe
2192	Unicorn-48144.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3048	Unicorn-56987.exe
3048	Unicorn-56987.exe
2800	Unicorn-30051.exe
2812	Unicorn-60716.exe
2800	Unicorn-30051.exe
2608	Unicorn-56665.exe
2812	Unicorn-60716.exe
2608	Unicorn-56665.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1340	WerFault.exe
2236	Unicorn-48568.exe
2236	Unicorn-48568.exe
2828	Unicorn-50478.exe
2828	Unicorn-50478.exe
2812	Unicorn-60716.exe
2812	Unicorn-60716.exe
2804	Unicorn-50478.exe
2804	Unicorn-50478.exe
2800	Unicorn-30051.exe
2800	Unicorn-30051.exe
2796	Unicorn-30612.exe
2796	Unicorn-30612.exe
2280	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
2280	WerFault.exe
1508	WerFault.exe
2004	Unicorn-55289.exe
2004	Unicorn-55289.exe
2236	Unicorn-48568.exe
2236	Unicorn-48568.exe
2992	Unicorn-45074.exe
2992	Unicorn-45074.exe
2828	Unicorn-50478.exe
2828	Unicorn-50478.exe
268	Unicorn-55743.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2592	2368	WerFault.exe	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
3028	2192	WerFault.exe	Unicorn-48144.exe
1960	2608	WerFault.exe	Unicorn-56665.exe
1340	3048	WerFault.exe	Unicorn-56987.exe
1508	2812	WerFault.exe	Unicorn-60716.exe
2280	2800	WerFault.exe	Unicorn-30051.exe
924	2236	WerFault.exe	Unicorn-48568.exe
1800	2828	WerFault.exe	Unicorn-50478.exe
3020	2804	WerFault.exe	Unicorn-50478.exe
2792	2796	WerFault.exe	Unicorn-30612.exe
2908	2004	WerFault.exe	Unicorn-55289.exe
544	2992	WerFault.exe	Unicorn-45074.exe
2716	268	WerFault.exe	Unicorn-55743.exe
2056	2188	WerFault.exe	Unicorn-38721.exe
2500	1056	WerFault.exe	Unicorn-12209.exe
596	1652	WerFault.exe	Unicorn-58587.exe
1704	2584	WerFault.exe	Unicorn-150.exe
2732	2312	WerFault.exe	Unicorn-42874.exe
2464	2292	WerFault.exe	Unicorn-55873.exe
2948	2880	WerFault.exe	Unicorn-59532.exe
3000	2176	WerFault.exe	Unicorn-15869.exe
2996	2132	WerFault.exe	Unicorn-6994.exe
1028	996	WerFault.exe	Unicorn-27436.exe
604	2196	WerFault.exe	Unicorn-27628.exe
2296	1880	WerFault.exe	Unicorn-16637.exe
1816	1988	WerFault.exe	Unicorn-62308.exe
2140	1884	WerFault.exe	Unicorn-56278.exe
1972	2396	WerFault.exe	Unicorn-55038.exe
2816	2180	WerFault.exe	Unicorn-59444.exe
2060	1664	WerFault.exe	Unicorn-9366.exe
860	2032	WerFault.exe	Unicorn-18926.exe
960	1752	WerFault.exe	Unicorn-45054.exe
2232	2508	WerFault.exe	Unicorn-3476.exe
2348	2840	WerFault.exe	Unicorn-32116.exe
1812	3004	WerFault.exe	Unicorn-34608.exe
1864	3024	WerFault.exe	Unicorn-18935.exe
1288	3052	WerFault.exe	Unicorn-32439.exe
1764	1804	WerFault.exe	Unicorn-24110.exe
2224	2764	WerFault.exe	Unicorn-56014.exe
2616	2780	WerFault.exe	Unicorn-24110.exe
2484	1096	WerFault.exe	Unicorn-51982.exe
876	2956	WerFault.exe	Unicorn-19895.exe
3388	2268	WerFault.exe	Unicorn-3002.exe
3616	1692	WerFault.exe	Unicorn-56157.exe
3644	2156	WerFault.exe	Unicorn-14455.exe
3680	1048	WerFault.exe	Unicorn-34907.exe
3692	704	WerFault.exe	Unicorn-43350.exe
3760	2240	WerFault.exe	Unicorn-10677.exe
3800	3064	WerFault.exe	Unicorn-3806.exe
3984	2688	WerFault.exe	Unicorn-24060.exe
4084	852	WerFault.exe	Unicorn-56303.exe
3252	2604	WerFault.exe	Unicorn-29941.exe
3164	2640	WerFault.exe	Unicorn-58685.exe
3288	2928	WerFault.exe	Unicorn-6723.exe
3328	2588	WerFault.exe	Unicorn-20777.exe
3384	1628	WerFault.exe	Unicorn-32245.exe
3512	1312	WerFault.exe	Unicorn-15182.exe
3528	1020	WerFault.exe	Unicorn-23631.exe
3568	2076	WerFault.exe	Unicorn-10075.exe
3744	1132	WerFault.exe	Unicorn-31477.exe
3376	1616	WerFault.exe	Unicorn-8716.exe
3548	1672	WerFault.exe	Unicorn-47320.exe
4056	640	WerFault.exe	Unicorn-29542.exe
4104	944	WerFault.exe	Unicorn-32245.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exeUnicorn-48144.exeUnicorn-56665.exeUnicorn-56987.exeUnicorn-60716.exeUnicorn-30051.exeUnicorn-48568.exeUnicorn-50478.exeUnicorn-30612.exeUnicorn-50478.exeUnicorn-55289.exeUnicorn-45074.exeUnicorn-55743.exeUnicorn-12209.exeUnicorn-38721.exeUnicorn-58587.exeUnicorn-42874.exeUnicorn-55873.exeUnicorn-59532.exeUnicorn-6994.exeUnicorn-15869.exeUnicorn-27628.exeUnicorn-27436.exeUnicorn-62308.exeUnicorn-16637.exeUnicorn-56278.exeUnicorn-59444.exeUnicorn-55038.exeUnicorn-9366.exeUnicorn-18926.exeUnicorn-45054.exeUnicorn-32439.exeUnicorn-32116.exeUnicorn-51982.exeUnicorn-56014.exeUnicorn-150.exeUnicorn-3476.exeUnicorn-18935.exeUnicorn-34608.exeUnicorn-24110.exeUnicorn-19895.exeUnicorn-24110.exeUnicorn-3002.exeUnicorn-10677.exeUnicorn-56157.exeUnicorn-43350.exeUnicorn-24060.exeUnicorn-34907.exeUnicorn-3806.exeUnicorn-22136.exeUnicorn-20251.exeUnicorn-31477.exeUnicorn-14455.exeUnicorn-32245.exeUnicorn-16786.exeUnicorn-32245.exeUnicorn-65301.exeUnicorn-47320.exeUnicorn-50034.exeUnicorn-30168.exeUnicorn-65109.exeUnicorn-45244.exeUnicorn-10075.exeUnicorn-10075.exe

pid	process
2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
2192	Unicorn-48144.exe
2608	Unicorn-56665.exe
3048	Unicorn-56987.exe
2812	Unicorn-60716.exe
2800	Unicorn-30051.exe
2236	Unicorn-48568.exe
2828	Unicorn-50478.exe
2796	Unicorn-30612.exe
2804	Unicorn-50478.exe
2004	Unicorn-55289.exe
2992	Unicorn-45074.exe
268	Unicorn-55743.exe
1056	Unicorn-12209.exe
2188	Unicorn-38721.exe
1652	Unicorn-58587.exe
2312	Unicorn-42874.exe
2292	Unicorn-55873.exe
2880	Unicorn-59532.exe
2132	Unicorn-6994.exe
2176	Unicorn-15869.exe
2196	Unicorn-27628.exe
996	Unicorn-27436.exe
1988	Unicorn-62308.exe
1880	Unicorn-16637.exe
1884	Unicorn-56278.exe
2180	Unicorn-59444.exe
2396	Unicorn-55038.exe
1664	Unicorn-9366.exe
2032	Unicorn-18926.exe
1752	Unicorn-45054.exe
3052	Unicorn-32439.exe
2840	Unicorn-32116.exe
1096	Unicorn-51982.exe
2764	Unicorn-56014.exe
2584	Unicorn-150.exe
2508	Unicorn-3476.exe
3024	Unicorn-18935.exe
3004	Unicorn-34608.exe
2780	Unicorn-24110.exe
2956	Unicorn-19895.exe
1804	Unicorn-24110.exe
2268	Unicorn-3002.exe
2240	Unicorn-10677.exe
1692	Unicorn-56157.exe
704	Unicorn-43350.exe
2688	Unicorn-24060.exe
1048	Unicorn-34907.exe
3064	Unicorn-3806.exe
3040	Unicorn-22136.exe
648	Unicorn-20251.exe
1132	Unicorn-31477.exe
2156	Unicorn-14455.exe
944	Unicorn-32245.exe
1556	Unicorn-16786.exe
1628	Unicorn-32245.exe
2324	Unicorn-65301.exe
1672	Unicorn-47320.exe
992	Unicorn-50034.exe
1824	Unicorn-30168.exe
916	Unicorn-65109.exe
2360	Unicorn-45244.exe
2116	Unicorn-10075.exe
2836	Unicorn-10075.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exeUnicorn-48144.exeUnicorn-56665.exeUnicorn-56987.exeUnicorn-30051.exeUnicorn-60716.exeUnicorn-48568.exeUnicorn-50478.exe

description	pid	process	target process
PID 2368 wrote to memory of 2192	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-48144.exe
PID 2368 wrote to memory of 2192	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-48144.exe
PID 2368 wrote to memory of 2192	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-48144.exe
PID 2368 wrote to memory of 2192	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-48144.exe
PID 2192 wrote to memory of 3048	2192	Unicorn-48144.exe	Unicorn-56987.exe
PID 2192 wrote to memory of 3048	2192	Unicorn-48144.exe	Unicorn-56987.exe
PID 2192 wrote to memory of 3048	2192	Unicorn-48144.exe	Unicorn-56987.exe
PID 2192 wrote to memory of 3048	2192	Unicorn-48144.exe	Unicorn-56987.exe
PID 2368 wrote to memory of 2608	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-56665.exe
PID 2368 wrote to memory of 2608	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-56665.exe
PID 2368 wrote to memory of 2608	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-56665.exe
PID 2368 wrote to memory of 2608	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	Unicorn-56665.exe
PID 2368 wrote to memory of 2592	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	WerFault.exe
PID 2368 wrote to memory of 2592	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	WerFault.exe
PID 2368 wrote to memory of 2592	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	WerFault.exe
PID 2368 wrote to memory of 2592	2368	a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe	WerFault.exe
PID 2608 wrote to memory of 2812	2608	Unicorn-56665.exe	Unicorn-60716.exe
PID 2608 wrote to memory of 2812	2608	Unicorn-56665.exe	Unicorn-60716.exe
PID 2608 wrote to memory of 2812	2608	Unicorn-56665.exe	Unicorn-60716.exe
PID 2608 wrote to memory of 2812	2608	Unicorn-56665.exe	Unicorn-60716.exe
PID 2192 wrote to memory of 2800	2192	Unicorn-48144.exe	Unicorn-30051.exe
PID 2192 wrote to memory of 2800	2192	Unicorn-48144.exe	Unicorn-30051.exe
PID 2192 wrote to memory of 2800	2192	Unicorn-48144.exe	Unicorn-30051.exe
PID 2192 wrote to memory of 2800	2192	Unicorn-48144.exe	Unicorn-30051.exe
PID 2192 wrote to memory of 3028	2192	Unicorn-48144.exe	WerFault.exe
PID 2192 wrote to memory of 3028	2192	Unicorn-48144.exe	WerFault.exe
PID 2192 wrote to memory of 3028	2192	Unicorn-48144.exe	WerFault.exe
PID 2192 wrote to memory of 3028	2192	Unicorn-48144.exe	WerFault.exe
PID 3048 wrote to memory of 2236	3048	Unicorn-56987.exe	Unicorn-48568.exe
PID 3048 wrote to memory of 2236	3048	Unicorn-56987.exe	Unicorn-48568.exe
PID 3048 wrote to memory of 2236	3048	Unicorn-56987.exe	Unicorn-48568.exe
PID 3048 wrote to memory of 2236	3048	Unicorn-56987.exe	Unicorn-48568.exe
PID 2800 wrote to memory of 2804	2800	Unicorn-30051.exe	Unicorn-50478.exe
PID 2800 wrote to memory of 2804	2800	Unicorn-30051.exe	Unicorn-50478.exe
PID 2800 wrote to memory of 2804	2800	Unicorn-30051.exe	Unicorn-50478.exe
PID 2800 wrote to memory of 2804	2800	Unicorn-30051.exe	Unicorn-50478.exe
PID 2812 wrote to memory of 2828	2812	Unicorn-60716.exe	Unicorn-50478.exe
PID 2812 wrote to memory of 2828	2812	Unicorn-60716.exe	Unicorn-50478.exe
PID 2812 wrote to memory of 2828	2812	Unicorn-60716.exe	Unicorn-50478.exe
PID 2812 wrote to memory of 2828	2812	Unicorn-60716.exe	Unicorn-50478.exe
PID 2608 wrote to memory of 2796	2608	Unicorn-56665.exe	Unicorn-30612.exe
PID 2608 wrote to memory of 2796	2608	Unicorn-56665.exe	Unicorn-30612.exe
PID 2608 wrote to memory of 2796	2608	Unicorn-56665.exe	Unicorn-30612.exe
PID 2608 wrote to memory of 2796	2608	Unicorn-56665.exe	Unicorn-30612.exe
PID 2608 wrote to memory of 1960	2608	Unicorn-56665.exe	WerFault.exe
PID 3048 wrote to memory of 1340	3048	Unicorn-56987.exe	WerFault.exe
PID 2608 wrote to memory of 1960	2608	Unicorn-56665.exe	WerFault.exe
PID 2608 wrote to memory of 1960	2608	Unicorn-56665.exe	WerFault.exe
PID 3048 wrote to memory of 1340	3048	Unicorn-56987.exe	WerFault.exe
PID 2608 wrote to memory of 1960	2608	Unicorn-56665.exe	WerFault.exe
PID 3048 wrote to memory of 1340	3048	Unicorn-56987.exe	WerFault.exe
PID 3048 wrote to memory of 1340	3048	Unicorn-56987.exe	WerFault.exe
PID 2236 wrote to memory of 2004	2236	Unicorn-48568.exe	Unicorn-55289.exe
PID 2236 wrote to memory of 2004	2236	Unicorn-48568.exe	Unicorn-55289.exe
PID 2236 wrote to memory of 2004	2236	Unicorn-48568.exe	Unicorn-55289.exe
PID 2236 wrote to memory of 2004	2236	Unicorn-48568.exe	Unicorn-55289.exe
PID 2828 wrote to memory of 2992	2828	Unicorn-50478.exe	Unicorn-45074.exe
PID 2828 wrote to memory of 2992	2828	Unicorn-50478.exe	Unicorn-45074.exe
PID 2828 wrote to memory of 2992	2828	Unicorn-50478.exe	Unicorn-45074.exe
PID 2828 wrote to memory of 2992	2828	Unicorn-50478.exe	Unicorn-45074.exe
PID 2812 wrote to memory of 268	2812	Unicorn-60716.exe	Unicorn-55743.exe
PID 2812 wrote to memory of 268	2812	Unicorn-60716.exe	Unicorn-55743.exe
PID 2812 wrote to memory of 268	2812	Unicorn-60716.exe	Unicorn-55743.exe
PID 2812 wrote to memory of 268	2812	Unicorn-60716.exe	Unicorn-55743.exe

C:\Users\Admin\AppData\Local\Temp\a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe
"C:\Users\Admin\AppData\Local\Temp\a7e62a0d1c132ebc97139a7c88f378da70e4dbe4ea4a23fa30be6fb03a398917.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
9⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
10⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
11⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
12⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
13⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
14⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 200
15⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 236
14⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
13⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
12⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
11⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
10⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
11⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
12⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
13⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
14⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
14⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
13⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
12⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
11⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
10⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
9⤵
PID:504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
10⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
11⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
12⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
13⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
14⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
14⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 236
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 236
12⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
11⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 504 -s 236
10⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
9⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
11⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
12⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
13⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
13⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
10⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
9⤵
- Program crash
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 220
8⤵
- Program crash
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
8⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
11⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
12⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
13⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
13⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
12⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 236
11⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
8⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
8⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
9⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
10⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
11⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
12⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
13⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
14⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
14⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
13⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
12⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
11⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
10⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
10⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 200
11⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
10⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
11⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
10⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
9⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
8⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
7⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
8⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
11⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
12⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
13⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 236
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 236
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
10⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
11⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
10⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
8⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
7⤵
- Program crash
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
6⤵
- Program crash
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
11⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
12⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
13⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 236
12⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
11⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
10⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
9⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
8⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
10⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
11⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
12⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
7⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
7⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
10⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
11⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 216
12⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
10⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
8⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
8⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
9⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
9⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
10⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
11⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
10⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 220
9⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
8⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
7⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
6⤵
- Program crash
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
5⤵
- Program crash
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
8⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
8⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
12⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
13⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 236
13⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 220
12⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
9⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 240
11⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
10⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
7⤵
- Program crash
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-3476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3476.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
10⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
11⤵
PID:9540

C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 216
12⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
7⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
10⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
11⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 220
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 236
11⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
8⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
7⤵
- Program crash
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
6⤵
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
10⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
11⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-35164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35164.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
11⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
12⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
11⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
8⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
7⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
11⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 220
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
9⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
8⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 220
7⤵
- Program crash
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
6⤵
- Executes dropped EXE
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
7⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
12⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 236
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 236
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
9⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
10⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
11⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 236
11⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 236
10⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
9⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
8⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
7⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
6⤵
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
5⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
8⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
12⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
12⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
11⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
9⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
11⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
12⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 236
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
8⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
7⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
9⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
11⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 236
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
7⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
10⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
11⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
8⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-14495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14495.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
8⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-27373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27373.exe
9⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
10⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 236
11⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
10⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
9⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
6⤵
- Program crash
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
7⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
10⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
11⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
11⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 236
10⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 236
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
8⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
7⤵
- Program crash
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
6⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
7⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
8⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
9⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
10⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
11⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 220
11⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
10⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
9⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
8⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 216
7⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
6⤵
- Program crash
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
5⤵
- Program crash
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
9⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
11⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
12⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
13⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
14⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
14⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
13⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
11⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
10⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
9⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
11⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
13⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
13⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
12⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
10⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 220
9⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
8⤵
- Program crash
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
8⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
12⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
13⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
13⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
12⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
9⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
11⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 216
12⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
8⤵
- Program crash
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
8⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
10⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
11⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53627.exe
12⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
13⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 220
12⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
11⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
9⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
10⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
11⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 220
12⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
11⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 236
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
11⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
12⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
11⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
7⤵
- Program crash
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
6⤵
- Program crash
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
8⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
11⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 236
13⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
10⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
9⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
11⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
12⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
10⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
7⤵
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
7⤵
- Program crash
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
6⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
7⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10960.exe
8⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
9⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
10⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
10⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
9⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
7⤵
- Program crash
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
6⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
5⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
8⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
11⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
12⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
13⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 220
13⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
12⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
10⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
11⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
12⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 236
11⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
8⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
9⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 200
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
8⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 220
7⤵
- Program crash
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
7⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
10⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
11⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
11⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
7⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
9⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
10⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
11⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 236
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 236
10⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
9⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
8⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
7⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
6⤵
- Program crash
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
7⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
6⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
7⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
9⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
10⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
11⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 236
10⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
9⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
8⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
7⤵
- Program crash
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
6⤵
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
5⤵
- Program crash
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
8⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
11⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
12⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
13⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
13⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
12⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
11⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
10⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
9⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
11⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
12⤵
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
9⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
8⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
11⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
12⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
11⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
7⤵
- Program crash
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
7⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
10⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
12⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 236
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 236
10⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
7⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
8⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
10⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
11⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
10⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
9⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
8⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
7⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
6⤵
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
6⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
9⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
10⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
11⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
10⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
8⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
7⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
6⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
7⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
9⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
10⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
11⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
10⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
8⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
7⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
6⤵
- Program crash
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
5⤵
- Program crash
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
9⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
10⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
11⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
12⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
11⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
8⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
7⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
8⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
9⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
10⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
11⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
10⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
6⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
8⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
9⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
10⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
11⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 236
10⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
9⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
8⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
6⤵
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
6⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
7⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
8⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
9⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
10⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
11⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 236
11⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
9⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
8⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
7⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
6⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
7⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
8⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
9⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
10⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
10⤵
PID:476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 220
9⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
8⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
7⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
6⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
5⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
4⤵
- Program crash
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
2⤵
- Program crash
PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe

Filesize
184KB

MD5
f75a3f8dace8fca661330dec94cc4fbb

SHA1
4c96e428ca1e3d98256a0e8550554ff33bac2e8d

SHA256
4cf93cbb5c8b8012f1396ddb5ea572ea1f5be784e51cccb03b8cf3ef90e4c392

SHA512
9821e592e5551cf4aff356344df1ca0d5bbc8fc9df657f2a19dbc24304e5d3e67eb592bb3ccadfabdfbe595ef4166613fe88aaec5b5ee4966ebcb490085918b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe

Filesize
184KB

MD5
a2d29aaa4455cd00416aa4f89f2f6a54

SHA1
b55427ae9dc0935f8aff72b659fd94cf8a62e0bd

SHA256
a251536b6f76f84aa02754501667c5ba3a42838decceaa90fe08ab599685996b

SHA512
a8b101291d205ea4b628629c5b4f969d64bb223c7d9f8f89dd72f2425f702b64312ad3da727ae152fa30c6bca30481050050befa62697cbee18f39c582abf18a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe

Filesize
184KB

MD5
ce5bb7d38cdaa8e39cfa8663ebee8557

SHA1
8ad6e53c41b046c973a71326c2da18e3d791386a

SHA256
3ce907250eaf81519d205de346d8bdcf7b0c2219dfe2c37d569e033dea550b9c

SHA512
6d4f1cd6574209f9e0288443bdbe37bf5c5399182fb4379124eebcbe21aaf039f4943d26574ef1be91731845ac4a82c1e9939e37ae28f626a4b6d1a3ebd9aa81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe

Filesize
184KB

MD5
271cdb4cbb1ad8de969be97c8dfb6261

SHA1
0efd674951eccadad8e69a7ce329b64b5d5cee13

SHA256
869108ffcda214d4096339395d2c9b7caf951ec05f631acfa7c62e0df3b7098c

SHA512
4a7698ff1e600a4c6fc067d02d571080d34a213f45d81b3665e4c7c6a7fa4bbb56abc6726e8cf83890c85a3c78570ae525c3612253ebb80d03b9df7aa6ead2de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe

Filesize
184KB

MD5
d804e9f4540be690cae7a12e66788725

SHA1
4882da659a2bf6d22ab6d7993d6745c24c04cfcc

SHA256
ede8734c0fb6ab5a93218da73b54afbccd6b11cb77bd40e0a206bc3528d8406f

SHA512
7c8a727db811aca073fa3aebc71ab92825e6a074c5d64974955ac7062edfb01bdae32428af23474bf693333441859ba3a0c0511f32a45964fc88bef88f9ac7d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe

Filesize
184KB

MD5
6f6858e0d0d53c21925e946e69d5fb57

SHA1
221150b21fd90afa8a922db82fa196624781b743

SHA256
6f1ebbab133d15cd0e4783d1e4202260205b6004360921c53f58732694c64021

SHA512
a51bcdcb43f206e24b81860c710cfa75358ea2dd94e949d984e82d539eacea5c1f6a488f0f6a66d21415de2620fda17dffc7dc4802e288e1360cbd13ed594d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe

Filesize
184KB

MD5
0910ee283c237bbf19e5f53cab8f886e

SHA1
e21fae8813f0d0d629c3929b6958fe2e3109accd

SHA256
acde210c4b02b27acc9c133cb1e3e178cd3429e90813086f5b795c89cbf272b0

SHA512
819d12bb07c2bbcf0dd0ffb09f62c19080e1fe0558b8ef31f1e0915f33242073f0559ff8d0cec8d2ff6a420fd559cee2a6bff7ec366434d0c41c52058208ca8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe

Filesize
184KB

MD5
5b9b17f402203dd2e4db7eb99be3ec3c

SHA1
e30b3e8d8ff542f5278063e223855c631444bcff

SHA256
ad0e0edb8c3fd9c408b3aa0804beaa81ad49982e3e20f74d7c5755e9faa31a4d

SHA512
4b84fc4cc28cd274a05d61884ff6245dcb8b3ce8767b4a16023787ed61705490c0df1363fee34ce82742740f0afc4f0581c5114ddea823ff87b9aac5fdf1067b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe

Filesize
184KB

MD5
47a56c402bf5ac8f4b03aabf4cf7f869

SHA1
746730f8d0ec31fac08d883c87bd40c6581233ca

SHA256
29d4f2484d43aa9d3c4b4ad4320d9d9d4aa9664f1682ac0db2e77a796beb8797

SHA512
9cfd68392e8974d96245341dadc84297c0dc85d6b430cc0fb2ba8c1aa6e74205478441cd636bfb8bbe9ae1609df47b5e61a71687902613ea27b120c692a3e6bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe

Filesize
184KB

MD5
e13ae6410e3f4b6049f3ef721393ed53

SHA1
1578064a773bd48a59654f599324035ffae7a2e6

SHA256
e23c24ff13d0c3ce14305e24c8ed66981274d0e2e9ab9ec5d5230f10b51607d3

SHA512
8a814d2d548fc205ef149f5a248512d40ab87d8766aca47537671f500f3dfaf9cfacbdd4eec276450a9cff072d7f41218993594af8303541c5b2aa965a226af1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe

Filesize
184KB

MD5
2121a12e5fb7499ffbba3ca39e8644d8

SHA1
20203669331c3b9edf097f0277200ed3978b240f

SHA256
30d13d247098d9968d353410f803409e86313c50be1d86ac81d6db70bd633265

SHA512
a98d8046166ecf943f135d02d5fceca920e2b9f144995ab41e0fe51585b57c25343dcc75baed7f136cadbe4a71196682d1c6ea571099ebf2db11d2e7c69c0ad4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe

Filesize
184KB

MD5
f7438f8a21a04947fa9385a3a40aac90

SHA1
8e8720c43faa49477d971cba29a04843ef7c2cee

SHA256
1ccd515e137bee16a926d54dc1597a15318c7f10b4bf7e8390063fc362f8ab79

SHA512
27e7dbc0bebf7b59b014e6a9805d4eb08f6f7c5b041cf5a133b8e458531f93cb4e641eb8fca266b7d108f72eb8887de28d05d230ffb21d5a38e3c748c5320909

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe

Filesize
184KB

MD5
5336aeaabb9855d5dbcdda3b6c0f7ab5

SHA1
4d49e1e3e2ca3cd9740b84706ed7dee12d41faeb

SHA256
dc2fa8fec4f047cd74bdba753e2520ea06c76c83361f25b2591b163bbfec66b3

SHA512
0147917f459da4fcf1dfcb35e43866dabb29ad7d257d56d2d4997aca617fd3cc71cfd79b11f297976557fa1d64a76ed5b9ad2e8964518b73bdbfcb76cc97b4d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe

Filesize
184KB

MD5
f59d90b3b7ff687d6f48ee900fd02624

SHA1
e909bebdf2d2fc7b9e7e17e0d6744cb95aa43525

SHA256
69aa1ebe79fdb3d54758b776c0f091a0d59f3a7c37b93ebaaca29223ffcaf1dd

SHA512
2c2ccff537a57f396ff4c525d5ff5486267e793ac0bf64dea88447e208652bd72026efb3e6e19493cecdff93a3398394916d0c6cad13a3a49d2289b9e07c2a66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe

Filesize
184KB

MD5
10b2b3da99851e06999c54cc49e34fdb

SHA1
ccc1bc6ba8b829412a939a602276f25985ad11ea

SHA256
8048c0401fb2b8095a18b80b92cf4987272df0778efd4489389720037bc41b35

SHA512
b0ee43097d310d7ad17b4f1ec52d38dbf9cfb3a85d14e5068d22f6c2faa79ebd61f910626d8c3064899f7da213d5fe229c41891b84e3d5affba57fd946618dd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe

Filesize
184KB

MD5
350a10a990337e3d0db14181e6706428

SHA1
7e70f62dd357ec5e59b5add102de2844cf5fb94e

SHA256
01890b6db65c5ce1bbceac99b1063e55dd2d486592d4d23caa19a99007cd1182

SHA512
c1c93d128274c1de575e677d4f7cd796ba8d45980a8acc1a5831ceefffbba7f945b02d5ff9c70fedc41f4dbb2845bef91be3a9888e587673cc215ee963200bd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe

Filesize
184KB

MD5
fe4a949937d1b4233ebefbed5d50a307

SHA1
d22d106e65a6b1fe59c0e4bf3150c5aef744e953

SHA256
03730e94e09f9cc162c762e44854c47320cb263b10160026e5b6aa99a36f3195

SHA512
ab2a2bb9e90bea03da683b25d133dcb8fd08c80717bf6c55a3900a72253d3aeb68a22e127432875170dbd432d5bff744b91ab6e08277103ec1f48db3e586d940

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe

Filesize
184KB

MD5
e211308eee2120d47dbd7c049e05e327

SHA1
64b03468fdbaed939729f8cb000ba42e62e6be9c

SHA256
03bfc0ac6dc3d6124fdf255a5988054e24437653dc43bea60d067165db3deb84

SHA512
4bdab6ce71b7d3d8fa35287167af6c9617c0fb02c5bcc697e559fc3da199799845cf38ad377ca1ae6a59f9b201f4b5d9e9009c05b47e2334843c5c63c4f33fd5

Download Submit