a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
Size

184KB
MD5

ccbf5d963212f6ba4282571f119a5645
SHA1

7c9a79a8705bad99fc21a67e2c32279aa95a0196
SHA256

a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5
SHA512

ea0689ef08185afaadd446e53ea3f713d81608ab52a2be3207717f190bdf0024544024e29d1555b1534bc6f5ada762564739890be26d98e0ae812517dbd859c6
SSDEEP

3072:3b6P4god2uEudR4oepjLpsJAIKYNeDjng+XCq585UAeglnVOFDnZ:3bioqqR4hLSJAIqfAGglnVOFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-50589.exeUnicorn-21742.exeUnicorn-52146.exeUnicorn-30393.exeUnicorn-10335.exeUnicorn-63065.exeUnicorn-49690.exeUnicorn-31469.exeUnicorn-17786.exeUnicorn-17786.exeUnicorn-30784.exeUnicorn-7521.exeUnicorn-53193.exeUnicorn-55461.exeUnicorn-18539.exeUnicorn-48943.exeUnicorn-53157.exeUnicorn-48751.exeUnicorn-36732.exeUnicorn-56598.exeUnicorn-21081.exeUnicorn-8850.exeUnicorn-37500.exeUnicorn-39769.exeUnicorn-20479.exeUnicorn-55098.exeUnicorn-9426.exeUnicorn-31417.exeUnicorn-31417.exeUnicorn-8775.exeUnicorn-29601.exeUnicorn-9543.exeUnicorn-27463.exeUnicorn-12579.exeUnicorn-20961.exeUnicorn-64686.exeUnicorn-36804.exeUnicorn-36804.exeUnicorn-64577.exeUnicorn-20359.exeUnicorn-4707.exeUnicorn-50343.exeUnicorn-50343.exeUnicorn-35076.exeUnicorn-15210.exeUnicorn-62273.exeUnicorn-48994.exeUnicorn-61801.exeUnicorn-16130.exeUnicorn-40546.exeUnicorn-40546.exeUnicorn-53545.exeUnicorn-3083.exeUnicorn-7873.exeUnicorn-56389.exeUnicorn-20872.exeUnicorn-40738.exeUnicorn-3851.exeUnicorn-3851.exeUnicorn-23717.exeUnicorn-57157.exeUnicorn-39010.exeUnicorn-17198.exeUnicorn-6145.exe

pid	process
972	Unicorn-50589.exe
2884	Unicorn-21742.exe
2612	Unicorn-52146.exe
2572	Unicorn-30393.exe
2860	Unicorn-10335.exe
2584	Unicorn-63065.exe
1576	Unicorn-49690.exe
1484	Unicorn-31469.exe
1040	Unicorn-17786.exe
1044	Unicorn-17786.exe
1892	Unicorn-30784.exe
1236	Unicorn-7521.exe
856	Unicorn-53193.exe
2060	Unicorn-55461.exe
2252	Unicorn-18539.exe
268	Unicorn-48943.exe
624	Unicorn-53157.exe
1456	Unicorn-48751.exe
724	Unicorn-36732.exe
452	Unicorn-56598.exe
2392	Unicorn-21081.exe
1776	Unicorn-8850.exe
1652	Unicorn-37500.exe
920	Unicorn-39769.exe
1952	Unicorn-20479.exe
2292	Unicorn-55098.exe
2800	Unicorn-9426.exe
2948	Unicorn-31417.exe
2232	Unicorn-31417.exe
2216	Unicorn-8775.exe
1712	Unicorn-29601.exe
2560	Unicorn-9543.exe
2564	Unicorn-27463.exe
2516	Unicorn-12579.exe
2456	Unicorn-20961.exe
2440	Unicorn-64686.exe
2740	Unicorn-36804.exe
2576	Unicorn-36804.exe
1972	Unicorn-64577.exe
1496	Unicorn-20359.exe
1784	Unicorn-4707.exe
2196	Unicorn-50343.exe
2340	Unicorn-50343.exe
2180	Unicorn-35076.exe
2156	Unicorn-15210.exe
108	Unicorn-62273.exe
2168	Unicorn-48994.exe
592	Unicorn-61801.exe
2256	Unicorn-16130.exe
888	Unicorn-40546.exe
1772	Unicorn-40546.exe
2380	Unicorn-53545.exe
2896	Unicorn-3083.exe
1700	Unicorn-7873.exe
1352	Unicorn-56389.exe
1256	Unicorn-20872.exe
1080	Unicorn-40738.exe
2772	Unicorn-3851.exe
2780	Unicorn-3851.exe
1644	Unicorn-23717.exe
828	Unicorn-57157.exe
1536	Unicorn-39010.exe
2504	Unicorn-17198.exe
2656	Unicorn-6145.exe

Loads dropped DLL 64 IoCs

Processes:

a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exeUnicorn-50589.exeUnicorn-21742.exeUnicorn-52146.exeWerFault.exeUnicorn-30393.exeUnicorn-10335.exeUnicorn-63065.exeWerFault.exeWerFault.exeUnicorn-49690.exeUnicorn-31469.exeUnicorn-30784.exeUnicorn-17786.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
972	Unicorn-50589.exe
972	Unicorn-50589.exe
2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
2884	Unicorn-21742.exe
2884	Unicorn-21742.exe
972	Unicorn-50589.exe
972	Unicorn-50589.exe
2612	Unicorn-52146.exe
2612	Unicorn-52146.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2572	Unicorn-30393.exe
2572	Unicorn-30393.exe
2884	Unicorn-21742.exe
2884	Unicorn-21742.exe
2860	Unicorn-10335.exe
2584	Unicorn-63065.exe
2584	Unicorn-63065.exe
2860	Unicorn-10335.exe
2612	Unicorn-52146.exe
2612	Unicorn-52146.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
1576	Unicorn-49690.exe
2572	Unicorn-30393.exe
1576	Unicorn-49690.exe
2572	Unicorn-30393.exe
1484	Unicorn-31469.exe
1484	Unicorn-31469.exe
1892	Unicorn-30784.exe
1892	Unicorn-30784.exe
2584	Unicorn-63065.exe
2584	Unicorn-63065.exe
1040	Unicorn-17786.exe
1040	Unicorn-17786.exe
2860	Unicorn-10335.exe
2860	Unicorn-10335.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2556	2024	WerFault.exe	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
2812	972	WerFault.exe	Unicorn-50589.exe
1924	2884	WerFault.exe	Unicorn-21742.exe
2336	2612	WerFault.exe	Unicorn-52146.exe
1752	2572	WerFault.exe	Unicorn-30393.exe
1812	2584	WerFault.exe	Unicorn-63065.exe
1088	2860	WerFault.exe	Unicorn-10335.exe
892	1576	WerFault.exe	Unicorn-49690.exe
2492	1484	WerFault.exe	Unicorn-31469.exe
2368	1892	WerFault.exe	Unicorn-30784.exe
1768	1044	WerFault.exe	Unicorn-17786.exe
1284	1040	WerFault.exe	Unicorn-17786.exe
1540	1236	WerFault.exe	Unicorn-7521.exe
2700	856	WerFault.exe	Unicorn-53193.exe
2448	2060	WerFault.exe	Unicorn-55461.exe
2280	2252	WerFault.exe	Unicorn-18539.exe
1180	624	WerFault.exe	Unicorn-53157.exe
1444	1456	WerFault.exe	Unicorn-48751.exe
1168	268	WerFault.exe	Unicorn-48943.exe
2084	452	WerFault.exe	Unicorn-56598.exe
1604	724	WerFault.exe	Unicorn-36732.exe
2768	2392	WerFault.exe	Unicorn-21081.exe
1724	1776	WerFault.exe	Unicorn-8850.exe
964	920	WerFault.exe	Unicorn-39769.exe
2104	1652	WerFault.exe	Unicorn-37500.exe
1008	1952	WerFault.exe	Unicorn-20479.exe
2228	2292	WerFault.exe	Unicorn-55098.exe
2264	2948	WerFault.exe	Unicorn-31417.exe
2624	2800	WerFault.exe	Unicorn-9426.exe
2092	2232	WerFault.exe	Unicorn-31417.exe
112	2216	WerFault.exe	Unicorn-8775.exe
2096	1712	WerFault.exe	Unicorn-29601.exe
1888	2564	WerFault.exe	Unicorn-27463.exe
1592	2560	WerFault.exe	Unicorn-9543.exe
2604	2516	WerFault.exe	Unicorn-12579.exe
608	2456	WerFault.exe	Unicorn-20961.exe
2824	2440	WerFault.exe	Unicorn-64686.exe
1500	2576	WerFault.exe	Unicorn-36804.exe
296	1972	WerFault.exe	Unicorn-64577.exe
3184	108	WerFault.exe	Unicorn-62273.exe
3200	2340	WerFault.exe	Unicorn-50343.exe
3224	2156	WerFault.exe	Unicorn-15210.exe
3280	1784	WerFault.exe	Unicorn-4707.exe
3292	1496	WerFault.exe	Unicorn-20359.exe
3360	2740	WerFault.exe	Unicorn-36804.exe
3760	2196	WerFault.exe	Unicorn-50343.exe
3752	2180	WerFault.exe	Unicorn-35076.exe
3876	2168	WerFault.exe	Unicorn-48994.exe
3968	592	WerFault.exe	Unicorn-61801.exe
4064	2256	WerFault.exe	Unicorn-16130.exe
3288	2656	WerFault.exe	Unicorn-6145.exe
2472	2896	WerFault.exe	Unicorn-3083.exe
3484	2712	WerFault.exe	Unicorn-4391.exe
3512	2772	WerFault.exe	Unicorn-3851.exe
3580	2780	WerFault.exe	Unicorn-3851.exe
3624	900	WerFault.exe	Unicorn-37832.exe
3716	2152	WerFault.exe	Unicorn-2891.exe
3872	1080	WerFault.exe	Unicorn-40738.exe
3744	1644	WerFault.exe	Unicorn-23717.exe
4112	1772	WerFault.exe	Unicorn-40546.exe
4184	360	WerFault.exe	Unicorn-22757.exe
4200	2396	WerFault.exe	Unicorn-35755.exe
4248	1404	WerFault.exe	Unicorn-63875.exe
4328	888	WerFault.exe	Unicorn-40546.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exeUnicorn-50589.exeUnicorn-21742.exeUnicorn-52146.exeUnicorn-30393.exeUnicorn-10335.exeUnicorn-63065.exeUnicorn-49690.exeUnicorn-31469.exeUnicorn-30784.exeUnicorn-17786.exeUnicorn-17786.exeUnicorn-53193.exeUnicorn-7521.exeUnicorn-55461.exeUnicorn-18539.exeUnicorn-48943.exeUnicorn-53157.exeUnicorn-48751.exeUnicorn-36732.exeUnicorn-56598.exeUnicorn-21081.exeUnicorn-8850.exeUnicorn-37500.exeUnicorn-39769.exeUnicorn-20479.exeUnicorn-9426.exeUnicorn-55098.exeUnicorn-31417.exeUnicorn-31417.exeUnicorn-8775.exeUnicorn-29601.exeUnicorn-9543.exeUnicorn-27463.exeUnicorn-12579.exeUnicorn-20961.exeUnicorn-64686.exeUnicorn-36804.exeUnicorn-36804.exeUnicorn-64577.exeUnicorn-20359.exeUnicorn-4707.exeUnicorn-50343.exeUnicorn-50343.exeUnicorn-35076.exeUnicorn-15210.exeUnicorn-62273.exeUnicorn-48994.exeUnicorn-61801.exeUnicorn-16130.exeUnicorn-40546.exeUnicorn-40546.exeUnicorn-53545.exeUnicorn-7873.exeUnicorn-3083.exeUnicorn-20872.exeUnicorn-56389.exeUnicorn-40738.exeUnicorn-3851.exeUnicorn-23717.exeUnicorn-3851.exeUnicorn-57157.exeUnicorn-39010.exeUnicorn-17198.exe

pid	process
2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
972	Unicorn-50589.exe
2884	Unicorn-21742.exe
2612	Unicorn-52146.exe
2572	Unicorn-30393.exe
2860	Unicorn-10335.exe
2584	Unicorn-63065.exe
1576	Unicorn-49690.exe
1484	Unicorn-31469.exe
1892	Unicorn-30784.exe
1040	Unicorn-17786.exe
1044	Unicorn-17786.exe
856	Unicorn-53193.exe
1236	Unicorn-7521.exe
2060	Unicorn-55461.exe
2252	Unicorn-18539.exe
268	Unicorn-48943.exe
624	Unicorn-53157.exe
1456	Unicorn-48751.exe
724	Unicorn-36732.exe
452	Unicorn-56598.exe
2392	Unicorn-21081.exe
1776	Unicorn-8850.exe
1652	Unicorn-37500.exe
920	Unicorn-39769.exe
1952	Unicorn-20479.exe
2800	Unicorn-9426.exe
2292	Unicorn-55098.exe
2948	Unicorn-31417.exe
2232	Unicorn-31417.exe
2216	Unicorn-8775.exe
1712	Unicorn-29601.exe
2560	Unicorn-9543.exe
2564	Unicorn-27463.exe
2516	Unicorn-12579.exe
2456	Unicorn-20961.exe
2440	Unicorn-64686.exe
2576	Unicorn-36804.exe
2740	Unicorn-36804.exe
1972	Unicorn-64577.exe
1496	Unicorn-20359.exe
1784	Unicorn-4707.exe
2196	Unicorn-50343.exe
2340	Unicorn-50343.exe
2180	Unicorn-35076.exe
2156	Unicorn-15210.exe
108	Unicorn-62273.exe
2168	Unicorn-48994.exe
592	Unicorn-61801.exe
2256	Unicorn-16130.exe
888	Unicorn-40546.exe
1772	Unicorn-40546.exe
2380	Unicorn-53545.exe
1700	Unicorn-7873.exe
2896	Unicorn-3083.exe
1256	Unicorn-20872.exe
1352	Unicorn-56389.exe
1080	Unicorn-40738.exe
2772	Unicorn-3851.exe
1644	Unicorn-23717.exe
2780	Unicorn-3851.exe
828	Unicorn-57157.exe
1536	Unicorn-39010.exe
2504	Unicorn-17198.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exeUnicorn-50589.exeUnicorn-21742.exeUnicorn-52146.exeUnicorn-30393.exeUnicorn-63065.exeUnicorn-10335.exeUnicorn-49690.exe

description	pid	process	target process
PID 2024 wrote to memory of 972	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-50589.exe
PID 2024 wrote to memory of 972	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-50589.exe
PID 2024 wrote to memory of 972	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-50589.exe
PID 2024 wrote to memory of 972	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-50589.exe
PID 972 wrote to memory of 2884	972	Unicorn-50589.exe	Unicorn-21742.exe
PID 972 wrote to memory of 2884	972	Unicorn-50589.exe	Unicorn-21742.exe
PID 972 wrote to memory of 2884	972	Unicorn-50589.exe	Unicorn-21742.exe
PID 972 wrote to memory of 2884	972	Unicorn-50589.exe	Unicorn-21742.exe
PID 2024 wrote to memory of 2612	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-52146.exe
PID 2024 wrote to memory of 2612	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-52146.exe
PID 2024 wrote to memory of 2612	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-52146.exe
PID 2024 wrote to memory of 2612	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	Unicorn-52146.exe
PID 2024 wrote to memory of 2556	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	WerFault.exe
PID 2024 wrote to memory of 2556	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	WerFault.exe
PID 2024 wrote to memory of 2556	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	WerFault.exe
PID 2024 wrote to memory of 2556	2024	a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe	WerFault.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-21742.exe	Unicorn-30393.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-21742.exe	Unicorn-30393.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-21742.exe	Unicorn-30393.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-21742.exe	Unicorn-30393.exe
PID 972 wrote to memory of 2860	972	Unicorn-50589.exe	Unicorn-10335.exe
PID 972 wrote to memory of 2860	972	Unicorn-50589.exe	Unicorn-10335.exe
PID 972 wrote to memory of 2860	972	Unicorn-50589.exe	Unicorn-10335.exe
PID 972 wrote to memory of 2860	972	Unicorn-50589.exe	Unicorn-10335.exe
PID 2612 wrote to memory of 2584	2612	Unicorn-52146.exe	Unicorn-63065.exe
PID 2612 wrote to memory of 2584	2612	Unicorn-52146.exe	Unicorn-63065.exe
PID 2612 wrote to memory of 2584	2612	Unicorn-52146.exe	Unicorn-63065.exe
PID 2612 wrote to memory of 2584	2612	Unicorn-52146.exe	Unicorn-63065.exe
PID 972 wrote to memory of 2812	972	Unicorn-50589.exe	WerFault.exe
PID 972 wrote to memory of 2812	972	Unicorn-50589.exe	WerFault.exe
PID 972 wrote to memory of 2812	972	Unicorn-50589.exe	WerFault.exe
PID 972 wrote to memory of 2812	972	Unicorn-50589.exe	WerFault.exe
PID 2572 wrote to memory of 1576	2572	Unicorn-30393.exe	Unicorn-49690.exe
PID 2572 wrote to memory of 1576	2572	Unicorn-30393.exe	Unicorn-49690.exe
PID 2572 wrote to memory of 1576	2572	Unicorn-30393.exe	Unicorn-49690.exe
PID 2572 wrote to memory of 1576	2572	Unicorn-30393.exe	Unicorn-49690.exe
PID 2884 wrote to memory of 1484	2884	Unicorn-21742.exe	Unicorn-31469.exe
PID 2884 wrote to memory of 1484	2884	Unicorn-21742.exe	Unicorn-31469.exe
PID 2884 wrote to memory of 1484	2884	Unicorn-21742.exe	Unicorn-31469.exe
PID 2884 wrote to memory of 1484	2884	Unicorn-21742.exe	Unicorn-31469.exe
PID 2584 wrote to memory of 1044	2584	Unicorn-63065.exe	Unicorn-17786.exe
PID 2584 wrote to memory of 1044	2584	Unicorn-63065.exe	Unicorn-17786.exe
PID 2584 wrote to memory of 1044	2584	Unicorn-63065.exe	Unicorn-17786.exe
PID 2584 wrote to memory of 1044	2584	Unicorn-63065.exe	Unicorn-17786.exe
PID 2860 wrote to memory of 1040	2860	Unicorn-10335.exe	Unicorn-17786.exe
PID 2860 wrote to memory of 1040	2860	Unicorn-10335.exe	Unicorn-17786.exe
PID 2860 wrote to memory of 1040	2860	Unicorn-10335.exe	Unicorn-17786.exe
PID 2860 wrote to memory of 1040	2860	Unicorn-10335.exe	Unicorn-17786.exe
PID 2612 wrote to memory of 1892	2612	Unicorn-52146.exe	Unicorn-30784.exe
PID 2612 wrote to memory of 1892	2612	Unicorn-52146.exe	Unicorn-30784.exe
PID 2612 wrote to memory of 1892	2612	Unicorn-52146.exe	Unicorn-30784.exe
PID 2612 wrote to memory of 1892	2612	Unicorn-52146.exe	Unicorn-30784.exe
PID 2884 wrote to memory of 1924	2884	Unicorn-21742.exe	WerFault.exe
PID 2884 wrote to memory of 1924	2884	Unicorn-21742.exe	WerFault.exe
PID 2884 wrote to memory of 1924	2884	Unicorn-21742.exe	WerFault.exe
PID 2884 wrote to memory of 1924	2884	Unicorn-21742.exe	WerFault.exe
PID 2612 wrote to memory of 2336	2612	Unicorn-52146.exe	WerFault.exe
PID 2612 wrote to memory of 2336	2612	Unicorn-52146.exe	WerFault.exe
PID 2612 wrote to memory of 2336	2612	Unicorn-52146.exe	WerFault.exe
PID 2612 wrote to memory of 2336	2612	Unicorn-52146.exe	WerFault.exe
PID 1576 wrote to memory of 1236	1576	Unicorn-49690.exe	Unicorn-7521.exe
PID 1576 wrote to memory of 1236	1576	Unicorn-49690.exe	Unicorn-7521.exe
PID 1576 wrote to memory of 1236	1576	Unicorn-49690.exe	Unicorn-7521.exe
PID 1576 wrote to memory of 1236	1576	Unicorn-49690.exe	Unicorn-7521.exe

C:\Users\Admin\AppData\Local\Temp\a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe
"C:\Users\Admin\AppData\Local\Temp\a786f8efcc227e751ae5f340185e2c8ac3205dccfc1888cad5d7d30ff8035fa5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
10⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
11⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
12⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
13⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
14⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
15⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
15⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
14⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
13⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
12⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
11⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
12⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
13⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
14⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
14⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
13⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
12⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
11⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
11⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
12⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
13⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
14⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
13⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
12⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 240
11⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
10⤵
- Program crash
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
9⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
11⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
12⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
13⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
14⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 236
14⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
13⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
12⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
11⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
10⤵
- Program crash
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
9⤵
- Program crash
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
9⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
10⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
11⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
12⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
13⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exe
14⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 236
14⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
13⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
12⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
11⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
10⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
11⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
12⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
13⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 216
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
12⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
11⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
12⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
13⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 236
13⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
11⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
10⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
9⤵
- Program crash
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
8⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
9⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
11⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
12⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
13⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
13⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
12⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
11⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
10⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
11⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
12⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
12⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
10⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
9⤵
- Program crash
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
8⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
10⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
11⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
12⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
13⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
12⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
11⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
9⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
8⤵
- Program crash
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
7⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
9⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
10⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
11⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
12⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
13⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
13⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
12⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
11⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
11⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
12⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 220
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
8⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
11⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
12⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
13⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
12⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
9⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
8⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
8⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
9⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
11⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
12⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 220
8⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
7⤵
- Program crash
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
6⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
9⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
10⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
11⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
12⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
13⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
13⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
11⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
11⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
12⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
11⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
8⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
11⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
12⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
11⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
9⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
8⤵
- Program crash
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
7⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
11⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
11⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
10⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
11⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
10⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
9⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 240
8⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
7⤵
- Program crash
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
6⤵
- Program crash
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-56389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56389.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
9⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
11⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
12⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
13⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 220
13⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
11⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-2382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2382.exe
11⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
12⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
13⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 220
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
8⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
11⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
12⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 236
11⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
10⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
8⤵
- Program crash
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
8⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
11⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
12⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 220
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
10⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
11⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
12⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
11⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
10⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
8⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
7⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
8⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 216
8⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
7⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
10⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
11⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
11⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
10⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
6⤵
- Program crash
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
11⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
12⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
11⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
10⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
10⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
11⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
12⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
11⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 220
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
7⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
11⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
8⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
8⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
9⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
10⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
11⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
10⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
9⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
8⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
7⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
6⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
5⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
10⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
11⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
12⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
13⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
13⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 236
12⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
9⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
11⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-18033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18033.exe
12⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 236
12⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
8⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
8⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
10⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
11⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
12⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
7⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
11⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
12⤵
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 236
12⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 216
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
7⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
11⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 236
12⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
8⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
7⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
6⤵
- Program crash
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
7⤵
- Executes dropped EXE
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
11⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
12⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
11⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
8⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
7⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
10⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
11⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
12⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 220
11⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
8⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
6⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
11⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 236
12⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
11⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
9⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
9⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
10⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 220
10⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
8⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 220
7⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
6⤵
- Program crash
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
5⤵
- Program crash
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
7⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
9⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
12⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
13⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
8⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
7⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
6⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 236
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
7⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
6⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
6⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
10⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
7⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
8⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
9⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
10⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 220
10⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
7⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
6⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
9⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
10⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
10⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
9⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
8⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
7⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
6⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
5⤵
- Program crash
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
8⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
11⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
12⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
13⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2320.exe
10⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 220
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
10⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
8⤵
- Program crash
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
7⤵
- Program crash
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
10⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
11⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
8⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
9⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
10⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
10⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
9⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 220
7⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 240
6⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
5⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
7⤵
PID:360

C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
8⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
11⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
12⤵
PID:11952

C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 220
12⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 220
11⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
10⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
11⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
12⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
12⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 220
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 240
8⤵
- Program crash
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
7⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
10⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
11⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
11⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
8⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
7⤵
- Program crash
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
6⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
11⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
12⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
10⤵
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
10⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
9⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
8⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 220
7⤵
- Program crash
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
6⤵
- Program crash
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
5⤵
- Program crash
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
7⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
11⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
12⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
10⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
10⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 220
8⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 216
7⤵
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
7⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
10⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
11⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
12⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 220
11⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
8⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
7⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 220
6⤵
- Program crash
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
7⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
11⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
12⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
7⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
9⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
10⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
10⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
9⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
8⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 220
7⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
6⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
7⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
9⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
10⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
10⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
9⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
8⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
7⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
6⤵
- Program crash
PID:296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
5⤵
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
7⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
9⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
10⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
11⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
12⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 236
12⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
11⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
8⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
9⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
10⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
11⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
10⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 236
9⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
8⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 220
7⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
6⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
9⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
10⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
10⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
9⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
8⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
7⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
6⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
6⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 220
7⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
6⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
7⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 224
8⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
7⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
5⤵
- Program crash
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 220
4⤵
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
2⤵
- Program crash
PID:2556

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
Filesize
184KB

MD5
1aac846b85cf3f552f02609fc139e0cb

SHA1
d3d6d66a04205e29c0165dd07ace93af998de6e5

SHA256
405a83d3ae7dca06e7252e32ffebbc6a799c9b9a3eda1028f1c2b64829324eb8

SHA512
d5fdf49994b8d42d1cbe167785b4bd213812e23155a841a055952181b2e14b3761212aea301e3e0d7eab2a5df606c93ec113077c2ef462e0bcb71031a5f5ac6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
Filesize
184KB

MD5
b713d2ef49e84407577197cb82f8c6c8

SHA1
046dc9c10a87bad977fda7e71b1945e75423fceb

SHA256
dbcc341444b0fd1c5eba36973b96ed1e9007c36f268e293787786ff59210f16b

SHA512
9d825f15cb54059a80a8c759962908c8dbd3363dc9abfc000c1517d5feb476887a1f257a47555f27e406cd0303006c8d4cc133697f2a7c820bdc6c4fa88f50da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
Filesize
184KB

MD5
c8b791a00e294082ec2fd73afe74a6fa

SHA1
9ef1e75b604de55fd0be5e630dbf1a54cb684447

SHA256
879fb5807533b8abca1c1e8f15b8ca6a7bff7c17fa835eecfcca6351330112d6

SHA512
e8f2ec447de2db72f5b49ee69cf671580c0ea8d5d853158c669e8fcd01169f579fcb0cb321a6def8d7a785d2e31c13be176fbdac85aba69e8018439c7cb079d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
Filesize
184KB

MD5
4a29756e495d3668bcfb7378841c237c

SHA1
75680a1e773bacb7253c50ca9325f9239619a761

SHA256
ee798c4bf9ee97d605aa266a78077ae1d7fdb839bbd83b48f28ef0bdf2146fcb

SHA512
3827ecb254bed29c6afe8442be9fbe128a707ecf0ba0b3ecc65d4ae15fa49fe895ab9ea10ee47bcb436c2415a9d19874ad60c4d6d63642e8194e38ae19cb1ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
Filesize
184KB

MD5
8fa7f6ffb1ab4957876dc1163385cd7d

SHA1
4bf0f5d459fdba27193294a9a1387b4c7eab5843

SHA256
ef90de12065ca9d4cfa19c4b804212764f7aa3d2a7397ee3c4fd9674e995d4df

SHA512
c9919041550797f2ed2651057322baf3138fa4ab6ff4affc8fa5932ad112a9d202f0aef22fd9e65c62d7d0daa9a6ef5b627ca0f22ad5bf888e07899c36cfbc9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
Filesize
184KB

MD5
a6c5d15954b5380745303be25f81c12c

SHA1
2cc8187637da7860776556865013d6010ec80bba

SHA256
4d58cac33c3c947cdff59e568aae214738811f019e61ac27d0deb1239a781ea0

SHA512
e385da4c2b429cac59fe6c909514920ca2814e04349d5ca0ad95d683b8f4dec9a913516a18afded20894400b6b35e0c3f9460cbac4e730183d78748c25bcadf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
Filesize
184KB

MD5
4651d462980f5c38a2afde59721809f2

SHA1
80950f6580bb46664b53fa90e8937d5da9699d25

SHA256
6dd5aeea5e00ee433bba5ffdc4f5b237aeb3eeb69872118a100ac385d0fe63b9

SHA512
f4536f32970cdbd5ad361436bd1404af79ef643c3de8c3f4beb41f31188d85d1146b0d2861b2e8bbdca60f6fb7416a0d453480934f5060300a385c08aad9409d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
Filesize
184KB

MD5
52ddbfec15beaedb9b3653d670717fcc

SHA1
a75984b6d4cd212455d825d47c9510e4936c14f3

SHA256
0a7105323a7477dbf6910f07b5801692d93c01ba8a02e27b2308956b0bbb29f4

SHA512
a36ea0e985605f5001a1c2487746ecdac524849a232b7af68648e3e070e8b8a892eca99d6273e6ec579d05f8c7e0c9ef825f824ddc3ca4261b7de61568db43af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
Filesize
184KB

MD5
4c31c22e0137743fb0393d6e2c54d59e

SHA1
0056af6974a8d3ac56dd47c46b4cb4b574141f25

SHA256
b34a692d792d82e50a17f336572ab450367bc950984f543b607d6c45727ee85d

SHA512
ead58035044367437d96dbfc772b3894c14411fa6c46f5d39f564f10ac12ae688eb570d2714bad17967fa7749cb863c2e8daa3a02290616a458e8a4f5a0b31b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
Filesize
184KB

MD5
17027a08bca46305e6e350f23608b3b0

SHA1
a364c8c2ade51491813bf00d81e0f4f260ba385e

SHA256
b75d496c372f3b49ba00da6d20d9801fd43ef2bd61d53f69ead4b2167a2cbd84

SHA512
b31ecb7217003031491dab214f2dd3b1ccbdcf81ff784147ce2d67494850ce6138ee7438fa50ec2392fb49c2964c590cb77033828300fa2889828efe36110439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
Filesize
184KB

MD5
9f9aaed27e469f89774d989e3749b000

SHA1
ba3fe03b1743f0562f129057c07bad48c21303b7

SHA256
551407e0615d1795b7db551aec6a2f059a5e26333dff722662aa3f6b3f741abb

SHA512
e29182bb151a68b8965d47d72c0a091cdc4eff4fd299d20463625326b068fa2baac882f6241262f440371f5cae3199e6c7d2d6a2e658dac6930984163bc78818

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
Filesize
184KB

MD5
0413d3cc88f0d7a0b4509602ecd39fa4

SHA1
ecf932a94d26a1a4d213e3d69e914a75e2bb1a16

SHA256
dd9595f418b304fe59084fab9c545b9a6599db1002e84074f6ad2945b94d22ba

SHA512
327f7ecf02548476b9836b384672e42ed1ba53841def52cf3a50b88f877148745121bea5557058ac43a61b89b7e93a5e87c5a9eb023ceab3ea973763af098db6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
Filesize
184KB

MD5
91706c74dd9d81443e2b5e43ec3ad775

SHA1
367bd349dd20eb4b2ab1fb3e400abfb10ec7cfe6

SHA256
85b67e8a10b40f145c9bbbb38b1952d34343117f92a0165faa37a7388eab7ace

SHA512
f33af596a92c02e2f8aa52eb61bdd200f915f788afd98eea1408bc70abd653358deaa8855445b46d8f956d4a9b1901b3d802a41bab51658e51839eeddeea9996

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
Filesize
184KB

MD5
79dd2ce1731247dfda190424c34b0706

SHA1
6f9d62e7633578a673462b75b5b872c8cd7758a0

SHA256
022c9f07c70435f53c8cce99017a32f76f9a6702cf855f679b56409d6b028b6d

SHA512
3e98e3478e5ad6c3187b856fc379aaea1ed7a3a60c0a233d3aca58d7e1533918b235d293c14e550e37b2f10d1af36a15a44bacd0aa7c68ccf88a9d2d71ab6303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
Filesize
184KB

MD5
6276fafa44421505bfd4ab45f822ebe1

SHA1
ff38a3a12c701441a648452b0d0b4ff08ed0e094

SHA256
69cf74b1c5afdd7d1ad10b7f69522f13d19b5406283c7489ffe9eba798f166ea

SHA512
94be26421099d00086f8bd34cbcbf6d149c8e1cd2f3dc939c6715ee6845874e592cc1f53dbd4acc78465565e2caf56de8fbeefe92da822273166e503aacb7446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
Filesize
184KB

MD5
f2daba25824ab5ba18bdd88560b9636f

SHA1
ebca2ffc8a8c1620ce14db7f5c9df7bd25a1d104

SHA256
cda503b23b364fb1b6afa49b4d034833cbb6a1042943ec599442b53f9a50a43f

SHA512
c3f74547c0f83709eed160b317adcc2df3c94c97737cc221f2d4afeeaa081bb575540b894fdb8ab8f817f346ff7cc86a83ed3ad66d499996347211055393afd5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
Filesize
184KB

MD5
420fd4b05d2050365e8d279bbb26d00e

SHA1
4aed3d603209c752514fde4d9ab6034d1fa26ee2

SHA256
3b742b87060932730c60fa6b0fb9b44da9eb8dbfe9f71f26d65f199740b1dece

SHA512
7f26849d735fd97842975e43c29e6b2e2daaeffcd19553926f5c19f17b991c432337ea642fb3b2767dd8f6f0d7395c9d7f04d2457238afb94e293d32d9e1961d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
Filesize
184KB

MD5
8dc812e0b151c84b9123141d865ae832

SHA1
8804c1269cc4681ab51d9bc8c386a56cdf099059

SHA256
67973180841a00ed1ed5d62fe8d5a0eab533465bf1e61a6e254af28d3f2e9d68

SHA512
2c7404ae3545805fddfdffa89f8b4440ddd34d4e7a4a9dff1bcd1193147a7735a91946b7050fff4534a314988e128b1b1350aa87add5b0f8e6e0573d02b0f2ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
Filesize
184KB

MD5
c9e7a5da4b33e719183fa73a3586dd2d

SHA1
510afdb6dee3aced4fe3cff650113848ccca70eb

SHA256
e0cbffddd909cd5bf9d55ca9bfcbaf2c8e9c84b15ba61aa4fcec452921da04a0

SHA512
6c3d9cb0b06d47ad5cd8b8ea4a620abb0f47aea76bba05a615070d9280a0d803f4ae3b10711f67906bf405bdacfbfe4be105b42b7fb74af953e8c09829673437

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
Filesize
184KB

MD5
8aa8b8aae6b3ddfe83fdc9497d784a3c

SHA1
5ea1ec7d8bf4a3bd87f6c78d4f0bc691bab22496

SHA256
12602e3aef3f0483b057ff2b4af3fce270d3e12f124d0a9361bd5c86f6df0f2c

SHA512
c653d33b1e5f53f31c6b945d1d2ce2bc6b672a96226361baf8965cdf7e73a0ef720a63b266dacf067384307b029751e01b805967e8642593663f9be56c94beed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads