a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
Size

184KB
MD5

ae5245a7ca220b517cc3d7b77c5b770b
SHA1

0b70db1c746895c39303149af4a2bde2bada5862
SHA256

a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd
SHA512

150a22090726535e5ade460c55dc75f5351a7ec5a218fbb27ec94ffbd0a5f6186deef0ab8127d17b7306ee02d2c2ac9ce95fc5adf1694b035d4cb99beb0a69f4
SSDEEP

1536:FBZY6jC5ufP8ofx1l4zXSHwMnE9yvZc86mddjwL42ZQitzhl5hj5nizpvq:PZdfP8opz4zQdniWe8wL4tgzhlnViFC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-35982.exeUnicorn-49197.exeUnicorn-44791.exeUnicorn-24434.exeUnicorn-54454.exeUnicorn-8782.exeUnicorn-64465.exeUnicorn-64273.exeUnicorn-60251.exeUnicorn-60251.exeUnicorn-14579.exeUnicorn-15122.exeUnicorn-28313.exeUnicorn-28313.exeUnicorn-48179.exeUnicorn-32912.exeUnicorn-48755.exeUnicorn-31027.exeUnicorn-40437.exeUnicorn-37784.exeUnicorn-20763.exeUnicorn-38133.exeUnicorn-7982.exeUnicorn-51900.exeUnicorn-44687.exeUnicorn-59954.exeUnicorn-57686.exeUnicorn-12014.exeUnicorn-12014.exeUnicorn-40664.exeUnicorn-65079.exeUnicorn-29946.exeUnicorn-29911.exeUnicorn-62775.exeUnicorn-63351.exeUnicorn-43485.exeUnicorn-1654.exeUnicorn-49464.exeUnicorn-52308.exeUnicorn-36657.exeUnicorn-32250.exeUnicorn-2256.exeUnicorn-52142.exeUnicorn-63579.exeUnicorn-20046.exeUnicorn-15255.exeUnicorn-35121.exeUnicorn-65525.exeUnicorn-19854.exeUnicorn-40150.exeUnicorn-10933.exeUnicorn-41337.exeUnicorn-26201.exeUnicorn-24124.exeUnicorn-13647.exeUnicorn-9433.exeUnicorn-44758.exeUnicorn-59667.exeUnicorn-54877.exeUnicorn-26995.exeUnicorn-36528.exeUnicorn-49911.exeUnicorn-21453.exeUnicorn-37296.exe

pid	process
2376	Unicorn-35982.exe
2648	Unicorn-49197.exe
2744	Unicorn-44791.exe
2556	Unicorn-24434.exe
808	Unicorn-54454.exe
2692	Unicorn-8782.exe
3032	Unicorn-64465.exe
2860	Unicorn-64273.exe
2984	Unicorn-60251.exe
3028	Unicorn-60251.exe
2728	Unicorn-14579.exe
2704	Unicorn-15122.exe
592	Unicorn-28313.exe
576	Unicorn-28313.exe
1368	Unicorn-48179.exe
2328	Unicorn-32912.exe
2108	Unicorn-48755.exe
2616	Unicorn-31027.exe
1836	Unicorn-40437.exe
652	Unicorn-37784.exe
1092	Unicorn-20763.exe
2280	Unicorn-38133.exe
1012	Unicorn-7982.exe
1560	Unicorn-51900.exe
1396	Unicorn-44687.exe
2268	Unicorn-59954.exe
1052	Unicorn-57686.exe
1720	Unicorn-12014.exe
768	Unicorn-12014.exe
3064	Unicorn-40664.exe
1748	Unicorn-65079.exe
1280	Unicorn-29946.exe
1984	Unicorn-29911.exe
2740	Unicorn-62775.exe
2676	Unicorn-63351.exe
1932	Unicorn-43485.exe
2776	Unicorn-1654.exe
2516	Unicorn-49464.exe
2764	Unicorn-52308.exe
2592	Unicorn-36657.exe
2376	Unicorn-32250.exe
2880	Unicorn-2256.exe
1032	Unicorn-52142.exe
3024	Unicorn-63579.exe
3016	Unicorn-20046.exe
1768	Unicorn-15255.exe
772	Unicorn-35121.exe
344	Unicorn-65525.exe
2716	Unicorn-19854.exe
2068	Unicorn-40150.exe
2380	Unicorn-10933.exe
1576	Unicorn-41337.exe
852	Unicorn-26201.exe
292	Unicorn-24124.exe
960	Unicorn-13647.exe
2928	Unicorn-9433.exe
916	Unicorn-44758.exe
2324	Unicorn-59667.exe
2136	Unicorn-54877.exe
2808	Unicorn-26995.exe
2916	Unicorn-36528.exe
2664	Unicorn-49911.exe
2636	Unicorn-21453.exe
2564	Unicorn-37296.exe

Loads dropped DLL 64 IoCs

Processes:

a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exeUnicorn-35982.exeUnicorn-44791.exeUnicorn-49197.exeUnicorn-54454.exeUnicorn-24434.exeUnicorn-8782.exeWerFault.exeWerFault.exeUnicorn-64273.exeUnicorn-64465.exeUnicorn-60251.exeUnicorn-60251.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-15122.exe

pid	process
2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
2376	Unicorn-35982.exe
2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
2376	Unicorn-35982.exe
2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
2744	Unicorn-44791.exe
2744	Unicorn-44791.exe
2376	Unicorn-35982.exe
2648	Unicorn-49197.exe
2648	Unicorn-49197.exe
2376	Unicorn-35982.exe
808	Unicorn-54454.exe
808	Unicorn-54454.exe
2556	Unicorn-24434.exe
2556	Unicorn-24434.exe
2648	Unicorn-49197.exe
2744	Unicorn-44791.exe
2648	Unicorn-49197.exe
2744	Unicorn-44791.exe
2692	Unicorn-8782.exe
2692	Unicorn-8782.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
2204	WerFault.exe
672	WerFault.exe
2860	Unicorn-64273.exe
2860	Unicorn-64273.exe
2556	Unicorn-24434.exe
808	Unicorn-54454.exe
2556	Unicorn-24434.exe
808	Unicorn-54454.exe
3032	Unicorn-64465.exe
3032	Unicorn-64465.exe
2984	Unicorn-60251.exe
2984	Unicorn-60251.exe
3028	Unicorn-60251.exe
3028	Unicorn-60251.exe
2692	Unicorn-8782.exe
2692	Unicorn-8782.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
2140	WerFault.exe
2140	WerFault.exe
2140	WerFault.exe
2140	WerFault.exe
2220	WerFault.exe
2140	WerFault.exe
2704	Unicorn-15122.exe
2704	Unicorn-15122.exe
2860	Unicorn-64273.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2904	2156	WerFault.exe	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
2204	2744	WerFault.exe	Unicorn-44791.exe
672	2648	WerFault.exe	Unicorn-49197.exe
2320	808	WerFault.exe	Unicorn-54454.exe
2220	2556	WerFault.exe	Unicorn-24434.exe
2140	2692	WerFault.exe	Unicorn-8782.exe
1728	2860	WerFault.exe	Unicorn-64273.exe
2196	3032	WerFault.exe	Unicorn-64465.exe
1776	2984	WerFault.exe	Unicorn-60251.exe
2072	2728	WerFault.exe	Unicorn-14579.exe
2036	3028	WerFault.exe	Unicorn-60251.exe
636	2704	WerFault.exe	Unicorn-15122.exe
1088	576	WerFault.exe	Unicorn-28313.exe
2104	2328	WerFault.exe	Unicorn-32912.exe
2368	592	WerFault.exe	Unicorn-28313.exe
2504	1368	WerFault.exe	Unicorn-48179.exe
2820	2616	WerFault.exe	Unicorn-31027.exe
1852	2108	WerFault.exe	Unicorn-48755.exe
1656	1836	WerFault.exe	Unicorn-40437.exe
924	652	WerFault.exe	Unicorn-37784.exe
1712	1092	WerFault.exe	Unicorn-20763.exe
1448	2280	WerFault.exe	Unicorn-38133.exe
2464	1012	WerFault.exe	Unicorn-7982.exe
2408	1560	WerFault.exe	Unicorn-51900.exe
2660	1396	WerFault.exe	Unicorn-44687.exe
2656	1052	WerFault.exe	Unicorn-57686.exe
2632	1720	WerFault.exe	Unicorn-12014.exe
2332	3064	WerFault.exe	Unicorn-40664.exe
2124	2268	WerFault.exe	Unicorn-59954.exe
3020	768	WerFault.exe	Unicorn-12014.exe
2800	1576	WerFault.exe	Unicorn-41337.exe
3224	1748	WerFault.exe	Unicorn-65079.exe
3216	1280	WerFault.exe	Unicorn-29946.exe
3248	1984	WerFault.exe	Unicorn-29911.exe
3588	1932	WerFault.exe	Unicorn-43485.exe
3596	2676	WerFault.exe	Unicorn-63351.exe
3724	2716	WerFault.exe	Unicorn-19854.exe
3848	2740	WerFault.exe	Unicorn-62775.exe
3864	2376	WerFault.exe	Unicorn-32250.exe
3928	2764	WerFault.exe	Unicorn-52308.exe
3948	1032	WerFault.exe	Unicorn-52142.exe
3972	772	WerFault.exe	Unicorn-35121.exe
3980	2592	WerFault.exe	Unicorn-36657.exe
4000	344	WerFault.exe	Unicorn-65525.exe
4084	2776	WerFault.exe	Unicorn-1654.exe
3100	2068	WerFault.exe	Unicorn-40150.exe
3164	2380	WerFault.exe	Unicorn-10933.exe
3240	2544	WerFault.exe	Unicorn-33979.exe
3380	1768	WerFault.exe	Unicorn-15255.exe
3704	2808	WerFault.exe	Unicorn-26995.exe
3708	916	WerFault.exe	Unicorn-44758.exe
3720	2516	WerFault.exe	Unicorn-49464.exe
3748	3016	WerFault.exe	Unicorn-20046.exe
3856	1688	WerFault.exe	Unicorn-52589.exe
3888	2636	WerFault.exe	Unicorn-21453.exe
3116	2848	WerFault.exe	Unicorn-50705.exe
3172	1944	WerFault.exe	Unicorn-34992.exe
3436	2720	WerFault.exe	Unicorn-14934.exe
3468	1632	WerFault.exe	Unicorn-49992.exe
3472	2564	WerFault.exe	Unicorn-37296.exe
3504	3008	WerFault.exe	Unicorn-32915.exe
3488	2548	WerFault.exe	Unicorn-15702.exe
3584	1704	WerFault.exe	Unicorn-52589.exe
3736	1976	WerFault.exe	Unicorn-2703.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exeUnicorn-35982.exeUnicorn-44791.exeUnicorn-49197.exeUnicorn-24434.exeUnicorn-54454.exeUnicorn-8782.exeUnicorn-64465.exeUnicorn-64273.exeUnicorn-60251.exeUnicorn-14579.exeUnicorn-60251.exeUnicorn-15122.exeUnicorn-28313.exeUnicorn-28313.exeUnicorn-48179.exeUnicorn-32912.exeUnicorn-48755.exeUnicorn-31027.exeUnicorn-40437.exeUnicorn-37784.exeUnicorn-20763.exeUnicorn-38133.exeUnicorn-7982.exeUnicorn-51900.exeUnicorn-44687.exeUnicorn-57686.exeUnicorn-12014.exeUnicorn-59954.exeUnicorn-40664.exeUnicorn-12014.exeUnicorn-65079.exeUnicorn-29946.exeUnicorn-29911.exeUnicorn-62775.exeUnicorn-43485.exeUnicorn-63351.exeUnicorn-49464.exeUnicorn-1654.exeUnicorn-32250.exeUnicorn-36657.exeUnicorn-52308.exeUnicorn-2256.exeUnicorn-52142.exeUnicorn-63579.exeUnicorn-15255.exeUnicorn-35121.exeUnicorn-20046.exeUnicorn-65525.exeUnicorn-19854.exeUnicorn-40150.exeUnicorn-10933.exeUnicorn-26201.exeUnicorn-41337.exeUnicorn-24124.exeUnicorn-13647.exeUnicorn-9433.exeUnicorn-59667.exeUnicorn-44758.exeUnicorn-54877.exeUnicorn-26995.exeUnicorn-36528.exeUnicorn-49911.exeUnicorn-21453.exe

pid	process
2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
2376	Unicorn-35982.exe
2744	Unicorn-44791.exe
2648	Unicorn-49197.exe
2556	Unicorn-24434.exe
808	Unicorn-54454.exe
2692	Unicorn-8782.exe
3032	Unicorn-64465.exe
2860	Unicorn-64273.exe
2984	Unicorn-60251.exe
2728	Unicorn-14579.exe
3028	Unicorn-60251.exe
2704	Unicorn-15122.exe
576	Unicorn-28313.exe
592	Unicorn-28313.exe
1368	Unicorn-48179.exe
2328	Unicorn-32912.exe
2108	Unicorn-48755.exe
2616	Unicorn-31027.exe
1836	Unicorn-40437.exe
652	Unicorn-37784.exe
1092	Unicorn-20763.exe
2280	Unicorn-38133.exe
1012	Unicorn-7982.exe
1560	Unicorn-51900.exe
1396	Unicorn-44687.exe
1052	Unicorn-57686.exe
1720	Unicorn-12014.exe
2268	Unicorn-59954.exe
3064	Unicorn-40664.exe
768	Unicorn-12014.exe
1748	Unicorn-65079.exe
1280	Unicorn-29946.exe
1984	Unicorn-29911.exe
2740	Unicorn-62775.exe
1932	Unicorn-43485.exe
2676	Unicorn-63351.exe
2516	Unicorn-49464.exe
2776	Unicorn-1654.exe
2376	Unicorn-32250.exe
2592	Unicorn-36657.exe
2764	Unicorn-52308.exe
2880	Unicorn-2256.exe
1032	Unicorn-52142.exe
3024	Unicorn-63579.exe
1768	Unicorn-15255.exe
772	Unicorn-35121.exe
3016	Unicorn-20046.exe
344	Unicorn-65525.exe
2716	Unicorn-19854.exe
2068	Unicorn-40150.exe
2380	Unicorn-10933.exe
852	Unicorn-26201.exe
1576	Unicorn-41337.exe
292	Unicorn-24124.exe
960	Unicorn-13647.exe
2928	Unicorn-9433.exe
2324	Unicorn-59667.exe
916	Unicorn-44758.exe
2136	Unicorn-54877.exe
2808	Unicorn-26995.exe
2916	Unicorn-36528.exe
2664	Unicorn-49911.exe
2636	Unicorn-21453.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exeUnicorn-35982.exeUnicorn-44791.exeUnicorn-49197.exeUnicorn-54454.exeUnicorn-24434.exeUnicorn-8782.exeUnicorn-64273.exe

description	pid	process	target process
PID 2156 wrote to memory of 2376	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-35982.exe
PID 2156 wrote to memory of 2376	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-35982.exe
PID 2156 wrote to memory of 2376	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-35982.exe
PID 2156 wrote to memory of 2376	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-35982.exe
PID 2376 wrote to memory of 2648	2376	Unicorn-35982.exe	Unicorn-49197.exe
PID 2376 wrote to memory of 2648	2376	Unicorn-35982.exe	Unicorn-49197.exe
PID 2376 wrote to memory of 2648	2376	Unicorn-35982.exe	Unicorn-49197.exe
PID 2376 wrote to memory of 2648	2376	Unicorn-35982.exe	Unicorn-49197.exe
PID 2156 wrote to memory of 2744	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-44791.exe
PID 2156 wrote to memory of 2744	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-44791.exe
PID 2156 wrote to memory of 2744	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-44791.exe
PID 2156 wrote to memory of 2744	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	Unicorn-44791.exe
PID 2156 wrote to memory of 2904	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	WerFault.exe
PID 2156 wrote to memory of 2904	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	WerFault.exe
PID 2156 wrote to memory of 2904	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	WerFault.exe
PID 2156 wrote to memory of 2904	2156	a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe	WerFault.exe
PID 2744 wrote to memory of 2556	2744	Unicorn-44791.exe	Unicorn-24434.exe
PID 2744 wrote to memory of 2556	2744	Unicorn-44791.exe	Unicorn-24434.exe
PID 2744 wrote to memory of 2556	2744	Unicorn-44791.exe	Unicorn-24434.exe
PID 2744 wrote to memory of 2556	2744	Unicorn-44791.exe	Unicorn-24434.exe
PID 2648 wrote to memory of 2692	2648	Unicorn-49197.exe	Unicorn-8782.exe
PID 2648 wrote to memory of 2692	2648	Unicorn-49197.exe	Unicorn-8782.exe
PID 2648 wrote to memory of 2692	2648	Unicorn-49197.exe	Unicorn-8782.exe
PID 2648 wrote to memory of 2692	2648	Unicorn-49197.exe	Unicorn-8782.exe
PID 2376 wrote to memory of 808	2376	Unicorn-35982.exe	Unicorn-54454.exe
PID 2376 wrote to memory of 808	2376	Unicorn-35982.exe	Unicorn-54454.exe
PID 2376 wrote to memory of 808	2376	Unicorn-35982.exe	Unicorn-54454.exe
PID 2376 wrote to memory of 808	2376	Unicorn-35982.exe	Unicorn-54454.exe
PID 808 wrote to memory of 3032	808	Unicorn-54454.exe	Unicorn-64465.exe
PID 808 wrote to memory of 3032	808	Unicorn-54454.exe	Unicorn-64465.exe
PID 808 wrote to memory of 3032	808	Unicorn-54454.exe	Unicorn-64465.exe
PID 808 wrote to memory of 3032	808	Unicorn-54454.exe	Unicorn-64465.exe
PID 2556 wrote to memory of 2860	2556	Unicorn-24434.exe	Unicorn-64273.exe
PID 2556 wrote to memory of 2860	2556	Unicorn-24434.exe	Unicorn-64273.exe
PID 2556 wrote to memory of 2860	2556	Unicorn-24434.exe	Unicorn-64273.exe
PID 2556 wrote to memory of 2860	2556	Unicorn-24434.exe	Unicorn-64273.exe
PID 2648 wrote to memory of 3028	2648	Unicorn-49197.exe	Unicorn-60251.exe
PID 2648 wrote to memory of 3028	2648	Unicorn-49197.exe	Unicorn-60251.exe
PID 2648 wrote to memory of 3028	2648	Unicorn-49197.exe	Unicorn-60251.exe
PID 2648 wrote to memory of 3028	2648	Unicorn-49197.exe	Unicorn-60251.exe
PID 2744 wrote to memory of 2984	2744	Unicorn-44791.exe	Unicorn-60251.exe
PID 2744 wrote to memory of 2984	2744	Unicorn-44791.exe	Unicorn-60251.exe
PID 2744 wrote to memory of 2984	2744	Unicorn-44791.exe	Unicorn-60251.exe
PID 2744 wrote to memory of 2984	2744	Unicorn-44791.exe	Unicorn-60251.exe
PID 2692 wrote to memory of 2728	2692	Unicorn-8782.exe	Unicorn-14579.exe
PID 2692 wrote to memory of 2728	2692	Unicorn-8782.exe	Unicorn-14579.exe
PID 2692 wrote to memory of 2728	2692	Unicorn-8782.exe	Unicorn-14579.exe
PID 2692 wrote to memory of 2728	2692	Unicorn-8782.exe	Unicorn-14579.exe
PID 2744 wrote to memory of 2204	2744	Unicorn-44791.exe	WerFault.exe
PID 2744 wrote to memory of 2204	2744	Unicorn-44791.exe	WerFault.exe
PID 2744 wrote to memory of 2204	2744	Unicorn-44791.exe	WerFault.exe
PID 2744 wrote to memory of 2204	2744	Unicorn-44791.exe	WerFault.exe
PID 2648 wrote to memory of 672	2648	Unicorn-49197.exe	WerFault.exe
PID 2648 wrote to memory of 672	2648	Unicorn-49197.exe	WerFault.exe
PID 2648 wrote to memory of 672	2648	Unicorn-49197.exe	WerFault.exe
PID 2648 wrote to memory of 672	2648	Unicorn-49197.exe	WerFault.exe
PID 2860 wrote to memory of 2704	2860	Unicorn-64273.exe	Unicorn-15122.exe
PID 2860 wrote to memory of 2704	2860	Unicorn-64273.exe	Unicorn-15122.exe
PID 2860 wrote to memory of 2704	2860	Unicorn-64273.exe	Unicorn-15122.exe
PID 2860 wrote to memory of 2704	2860	Unicorn-64273.exe	Unicorn-15122.exe
PID 2556 wrote to memory of 592	2556	Unicorn-24434.exe	Unicorn-28313.exe
PID 2556 wrote to memory of 592	2556	Unicorn-24434.exe	Unicorn-28313.exe
PID 2556 wrote to memory of 592	2556	Unicorn-24434.exe	Unicorn-28313.exe
PID 2556 wrote to memory of 592	2556	Unicorn-24434.exe	Unicorn-28313.exe

C:\Users\Admin\AppData\Local\Temp\a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe
"C:\Users\Admin\AppData\Local\Temp\a8c295ab3d35662c0007cbb2d2ab07162e3181419c3f0184151a8a82f6380dbd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
9⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
10⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
11⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
12⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
13⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
13⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 220
12⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
11⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
10⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 220
12⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 220
11⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
12⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
10⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
11⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
12⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
13⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
10⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
11⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
12⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 236
12⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
8⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
7⤵
- Program crash
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
6⤵
- Program crash
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
8⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
9⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
11⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
12⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
13⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 220
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 220
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
10⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
9⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
11⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
9⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
10⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-47350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47350.exe
11⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 220
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 216
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
7⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
7⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
8⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
10⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20558.exe
11⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 220
12⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
11⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
8⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
9⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
10⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
12⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
10⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
7⤵
- Program crash
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
6⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
8⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
9⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
12⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
13⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 204
13⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
11⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
11⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
12⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
13⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
11⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
12⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 236
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
8⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
7⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
11⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
12⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
13⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
8⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
- Program crash
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
7⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
8⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
12⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
13⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
12⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 216
9⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
7⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
9⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
11⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 220
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
10⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 216
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
6⤵
- Program crash
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
7⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
10⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
12⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
12⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 220
11⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
9⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
10⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
11⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
12⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
11⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
10⤵
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
8⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
7⤵
- Program crash
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
6⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
10⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
10⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
8⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
7⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
5⤵
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
9⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
10⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
11⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
12⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
13⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
13⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
12⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
11⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
11⤵
PID:328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 220
12⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
8⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
11⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
12⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 220
12⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 220
11⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 216
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 236
12⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
8⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
7⤵
- Program crash
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-37296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37296.exe
7⤵
- Executes dropped EXE
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
8⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
10⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
12⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
12⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
9⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
8⤵
- Program crash
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
7⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
10⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
11⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
12⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
11⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 220
10⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
8⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
7⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
6⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
7⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
8⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
11⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
12⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 220
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 216
9⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
8⤵
- Program crash
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
9⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
10⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
11⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 236
11⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
10⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
9⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
8⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
7⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
6⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
7⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
10⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
12⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
8⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
7⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
6⤵
- Program crash
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
5⤵
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
8⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
11⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
12⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
12⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
9⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
11⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
10⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
7⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
9⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
10⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
11⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 220
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
8⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
7⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
7⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
9⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
10⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
10⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
9⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
8⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
7⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
6⤵
- Program crash
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
7⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
10⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
11⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
11⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
10⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 216
8⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
7⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
6⤵
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
7⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
6⤵
- Program crash
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
5⤵
- Program crash
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
9⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
10⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
11⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
12⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
13⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
14⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
14⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 220
13⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
11⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
11⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
12⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
13⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
13⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
11⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
9⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
10⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62714.exe
11⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
12⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
13⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
13⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
12⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
10⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
9⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
8⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
8⤵
- Program crash
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
7⤵
- Program crash
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
8⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
11⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 220
13⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 220
12⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
10⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
10⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
11⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
12⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
11⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
9⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
11⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
12⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 220
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
8⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
7⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
10⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
11⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
12⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 236
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 236
11⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
8⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
7⤵
- Program crash
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
6⤵
- Program crash
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
10⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
11⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
12⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
13⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
10⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
10⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
11⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
12⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
8⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
11⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
12⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
8⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
7⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
7⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
10⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
11⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
11⤵
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
9⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
8⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
9⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
10⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
10⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
9⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
7⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
6⤵
- Program crash
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 220
5⤵
- Program crash
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
7⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
12⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
13⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
9⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
8⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
7⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
9⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
10⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
11⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
11⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
10⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
8⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
6⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
6⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
7⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
9⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
10⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
11⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 236
11⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
10⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
8⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
6⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-63826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63826.exe
7⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
8⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
9⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
10⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
10⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
9⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
8⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
7⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
6⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 220
5⤵
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-7982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7982.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
7⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
8⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
11⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
12⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
13⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
12⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
11⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
9⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
8⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
7⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
10⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
11⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 216
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
7⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
6⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
9⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
11⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
12⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 220
11⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
10⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
8⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
7⤵
- Program crash
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
6⤵
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
7⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
10⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
11⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
12⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 236
12⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
11⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
8⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
7⤵
- Program crash
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
6⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
7⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
8⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
9⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
10⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 236
10⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
9⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
8⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 216
7⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
6⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
5⤵
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
7⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
8⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
10⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
11⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
8⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
7⤵
- Program crash
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
6⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
7⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
6⤵
- Program crash
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
5⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
6⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
7⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
8⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
9⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
10⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
10⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
9⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
7⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
6⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
5⤵
- Program crash
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
4⤵
- Program crash
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
2⤵
- Program crash
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe

Filesize
184KB

MD5
61ea316e621bd19360e363fefe8e5e18

SHA1
7ca18cd388e9b9c116113bbcb05781b11932cc2d

SHA256
333de52face306344b632d5c3e3908435aee63faa0cbc7bc1275fb55174c9d11

SHA512
8e087fc2cff8dde22d973836230c695811d3a9f4c131557787b3736a7f77c374552194ecf10193d07ffe9dbb7d6950769696780dc5a3c8d8a63e4f1a94c5a35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe

Filesize
184KB

MD5
c256d28ae7cc19faca9c842cb7e7b429

SHA1
07fb0bd447391c7336c1bb5e826641c38af9c68b

SHA256
534dea268837853e2a8f89c9dde4608eb102478898c992c81569db63cef111d4

SHA512
487c405669171732ee4b2577b5999848d2c8b4763c28b1243f0503f6d691735cab675a058442a18f5adfa23d9a31655278dc8ad2e755748bb93493d63bed6bc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe

Filesize
184KB

MD5
56ebfded856b5621375907da796c1d7d

SHA1
1ffe9574c18b38ff494bd49eb269211f948a3e99

SHA256
8c2de4b7039706e4dd102218e8216b61666e14225c060a4180f8a33cfe44da6f

SHA512
68f75b19d364b66eeb6f605b8c133723d00c1bb1906898557f0364ba50729852c3ec07259531501f1a2f6febc1391f86b10d777d8daa8a6cbdf3f548aa1c5baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe

Filesize
184KB

MD5
944d7b7fca0c780c48f3ba5caa135783

SHA1
1430b7e568eff199c69dcd81aaa84ff3023b8cc8

SHA256
03f206cc8558dc4deb6396015ed60b286f6eafa42fe63aebda5b268fedcd92b3

SHA512
a1eab3f9e9f4f29719d63293252629bd25b9ded0509ca1b402a3db80a546bfeae5ffdf3da6c9131e74a25dab56bcbc0ce33941581a785a5eec010e0f8301031f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe

Filesize
184KB

MD5
d47fdcc856115fc2cef39fb18da63f48

SHA1
71b5ac748ef96013d6c3da0007d51eb62b45c7a2

SHA256
e7ff2c88f8aba5a567930d80f30df244ed2e290dbb15e305e74a324c39ca0e98

SHA512
f9fbc91e9d9c0c48c0aa821a11ac0e90740ff8d078285c70752e3a3335224ccc6d421ecc04d726b4a64144d2ff9bad73766d92bd014b9863a0e45a2a54722af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe

Filesize
184KB

MD5
fa2b3d796b8b6408e224f0748104100c

SHA1
01e0e5bc8bd2a925a86586e85cc4e8be6dd643c6

SHA256
c4ad845976d8cbfd007cf7a5282ee83218b0edcd6f5d273a33440aa0b26cd251

SHA512
e0aa2f574741e57541cb9da0f22fe06d88d9338a6cf1d4f7edf6088f68a19d313bf304cacc1180d336d690fcf7fcd8827e84861b044e0b2ca6320405d20f55e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe

Filesize
184KB

MD5
f6e9e3a6423c1127f60c3667c8a84e14

SHA1
443526007a9662337e590355c568a0850c5d04fd

SHA256
880933c141a36f56a1189c746ab45e6409afcf01807586616a6111d7bf3389b7

SHA512
12f6eaf975681974115015dbb9f43c07081508cd1b4dd36409d62502aedfe2461f8b3da4f594b6bc2bafdd6c997b88925ac8d829eb49f3fe29915c9f9ecf9182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe

Filesize
184KB

MD5
34a9dcb88d239681c0c2aa98761f02e2

SHA1
a5aa42cea3b125745b5295b9d308d61d76bd47cc

SHA256
1f0b7fd4cf402d920b47d146b51dfe257c66a1f50713eb4583582e17211c5e29

SHA512
b06883b743aacadc9d991a57c21989e9c082bb21226a3517502fce8b2ad15cbddf97e023a07baa9ef08349b4c478d5f5f6e7f38f0367eb5fa5fd9b9f4a8cd965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe

Filesize
184KB

MD5
f041c3ad15db1d00d536c4c9be5569ae

SHA1
90360a09656a30c2ebd039351b6e4db88f2cf07a

SHA256
10bfe003c08d4cc61e38b4529169cebcf0d3d68e1c6cc3d9e01a1f6ade9e1896

SHA512
d6dc07ba9dd0f344329f750db5e3f4c78fa59abfff7cd0149001160f250b59c300bc7b54c8f683a649bc521d5ef3f8c6a4be86ddec8273df83335821137b0e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe

Filesize
184KB

MD5
92bc29abcce8e0448d4f3a15a451bdd7

SHA1
5918581e032f02ad9c399c979ac19aa57fe3acb5

SHA256
8ee78536304e71c8f0d28678ec92f2db69dbe4fb03370d17c7079368cf073f9a

SHA512
2a2379807b013395e3a3030920b2d8568bf76d64bbf54062503f0670b38cb48186d4c263d083e4d95373b6248a15cd1eab9c83e73767224616db7d8a1f0acc9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe

Filesize
184KB

MD5
f6c543b521a3477165bf71d8f6acd98b

SHA1
aecc977dc8d017e40af3784fc49d95ef5eea86ea

SHA256
2c62841a35fdaced898e3b60ce2a2a8ef48e105b6b7f8abf37fb56774a318ac0

SHA512
4d6166900d2453361ba90961d335612ca4a221030347062077b9d8a4ac5509552d995469b14c5d4f31a8dcfeb7e55401cb7d29a0621113a76cb322657fd916bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe

Filesize
184KB

MD5
b3e0bb065686217278086dc047454648

SHA1
e795af5a3d858033dd8426fefb211b57bcfac07e

SHA256
31e703eb61d63e5a965026820b3a08eb022decf01652c47cf8a2767d069454d9

SHA512
a89a835576ff2cb962d035d29925bbe12ec8f6cc8639ed8d60aa25e331833209cacb327e8c8c0b6808c8bab4addeb7a02972f9a958d12ee37874d95d66e82457

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe

Filesize
184KB

MD5
cde2ef25060b7ca50d5643dbef37ee59

SHA1
cfcd783ec987ae8ba9a3499a7bafdad683addaf8

SHA256
10d470c1efb0057ffe4030c9a21c9fb343ab2ef3a4b7e487bb8639dbaff2a3f4

SHA512
c5b11f9073eb450fae74d1c721202e4ddff0a84a6c275a8b3253f2b08e9e9c349ec4f5361f5aa72d6055141e6eb968b6b18f4ae28c7027ed9e329dbb50f19647

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe

Filesize
184KB

MD5
779ef8fd7be71ba3488462817fb60bcd

SHA1
97cb810434c973b2ea860b3279a8c23115434b83

SHA256
b6d41c30c7a257b1aa409639c3c7bacb55e2b48775d8da33b69d69de56c5800c

SHA512
f769f51d354287c57c6fc29da41d56b34f27bb8c8595b8858b86e691576f33f49dc6357497dec6a5c571374a56524f8735ded53562b2d9ea1a0ec4e930d3addc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe

Filesize
184KB

MD5
7865f34bfeeb3e0f5047038c6e319e34

SHA1
35fcf66e9514834e0700de3b719f084665bd43c8

SHA256
1992ae6e7a8bc3dd3a498fcfbc19b9ad52a60813f1a9fa09cf20bf94a2827d42

SHA512
516d6219ebacfeff2e5ab5140e3e1ab112def273b4b12445ccfc49b51537d53f005452214c80c165cc075d4396bf89a0bf51439554d100df08abec5d07b5863b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe

Filesize
184KB

MD5
d1856c6dd5d904aa2f85a22d2248014e

SHA1
54edc1ae61c415378f7167ce94ac174b1253fca0

SHA256
818b1c1522b7d643721b7ca351c4956a44f9f1cf188c858bdf58a25d7ee37edb

SHA512
908b53a79a98ab5ce450dbdd9a738bef749bad148bd8ab25d85bc099965115f743cf76474ffa3fa7c18e53c6eb4b647f16feb8729783018d57f622d729b63b5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe

Filesize
184KB

MD5
f01d8103323e36a5cf72095e405a347b

SHA1
15b8b4d11d2dcf889a2d6f6d735de6d0924aa950

SHA256
969a4b54245996c3bac4c00739ca580618077bf85f99a02f9e1ede0009447768

SHA512
50acd8ee12476c56847c5baf773a0d96028f4f340c8bfbad82226ac298f552e02accd5224cfe8fe2cbe2f58c61ac74ffd5c46016329f22f3710bd11e9bd5b297

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe

Filesize
184KB

MD5
a3e895759519c6cc20383653c36ac20a

SHA1
4d63f07e5bb8b52360800525df071986212d0f54

SHA256
2bd45968348cb29268c993e877f9e35ac7de2e2c02bc5ef8922ab957c9b37cfa

SHA512
4da11a5c06546bba0de50cddcaea387b3418f6dab1f68cfd7cfdf11c4f52af2e2d326ebcb2d2fa45737e8364c6ef038854c42aa4438e04a0a9f40c35a2f00cce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe

Filesize
184KB

MD5
1b9eed059577e0e001dfed3e10e67e7d

SHA1
5bd214ebc4ee961412fe327978046efa2fd55d2e

SHA256
eb3be994e96a9d1c2cb27a5dd1bb99b9f0be6951535062e98faea163a82d85f3

SHA512
061c6ab0b8d42023984171f50aa1e85305e436e53cc16aae153c01d44fc13fe9289774324b433adb2d926f4392a6b12047d6916afb163eb1ce0c325269b774e4

Download Submit