c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
Size

184KB
MD5

48d5054fc33da4cc3d335c3935ae6873
SHA1

102ab4416ec85cad8acc4dd6581f4c8d9499602d
SHA256

c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10
SHA512

2c2e92e2cfa8fa13ca31cdf7a81e0cf489f703d66f5834fab80f8785e161fc56d35bbc6643a63aaa5ab544a54a572981f95d9c8dd87ea6b44af4315b291f0843
SSDEEP

1536:V7St6j5Zu3Rxot04tQjAoYwMUVIyGZcoOmd8S0La2RzeH0hlShj5mizpvm:VPm3RxouqQjmdUifeq0LaWq0hlowiFO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-50556.exeUnicorn-12445.exeUnicorn-34489.exeUnicorn-46034.exeUnicorn-27979.exeUnicorn-31509.exeUnicorn-64835.exeUnicorn-19164.exeUnicorn-2443.exeUnicorn-31778.exeUnicorn-52521.exeUnicorn-36128.exeUnicorn-31529.exeUnicorn-51395.exeUnicorn-34675.exeUnicorn-18147.exeUnicorn-63818.exeUnicorn-47482.exeUnicorn-39735.exeUnicorn-14161.exeUnicorn-43304.exeUnicorn-26968.exeUnicorn-321.exeUnicorn-29656.exeUnicorn-49330.exeUnicorn-49330.exeUnicorn-62137.exeUnicorn-48069.exeUnicorn-28203.exeUnicorn-16466.exeUnicorn-63113.exeUnicorn-26911.exeUnicorn-4504.exeUnicorn-4312.exeUnicorn-33263.exeUnicorn-15282.exeUnicorn-18620.exeUnicorn-19497.exeUnicorn-14898.exeUnicorn-4971.exeUnicorn-17778.exeUnicorn-4779.exeUnicorn-21308.exeUnicorn-34114.exeUnicorn-1250.exeUnicorn-37452.exeUnicorn-21116.exeUnicorn-19811.exeUnicorn-3474.exeUnicorn-49146.exeUnicorn-32425.exeUnicorn-16089.exeUnicorn-52291.exeUnicorn-35763.exeUnicorn-64906.exeUnicorn-35571.exeUnicorn-51331.exeUnicorn-38752.exeUnicorn-2550.exeUnicorn-5695.exeUnicorn-51367.exeUnicorn-54896.exeUnicorn-5119.exeUnicorn-55944.exe

pid	process
2972	Unicorn-50556.exe
2516	Unicorn-12445.exe
2836	Unicorn-34489.exe
2432	Unicorn-46034.exe
2408	Unicorn-27979.exe
2488	Unicorn-31509.exe
2776	Unicorn-64835.exe
2796	Unicorn-19164.exe
1668	Unicorn-2443.exe
1464	Unicorn-31778.exe
1852	Unicorn-52521.exe
2508	Unicorn-36128.exe
2036	Unicorn-31529.exe
1740	Unicorn-51395.exe
600	Unicorn-34675.exe
1424	Unicorn-18147.exe
1124	Unicorn-63818.exe
580	Unicorn-47482.exe
2008	Unicorn-39735.exe
1220	Unicorn-14161.exe
2832	Unicorn-43304.exe
1556	Unicorn-26968.exe
1212	Unicorn-321.exe
2232	Unicorn-29656.exe
2336	Unicorn-49330.exe
1056	Unicorn-49330.exe
568	Unicorn-62137.exe
2496	Unicorn-48069.exe
1896	Unicorn-28203.exe
800	Unicorn-16466.exe
2684	Unicorn-63113.exe
2544	Unicorn-26911.exe
2552	Unicorn-4504.exe
108	Unicorn-4312.exe
2692	Unicorn-33263.exe
2352	Unicorn-15282.exe
2676	Unicorn-18620.exe
648	Unicorn-19497.exe
2772	Unicorn-14898.exe
2152	Unicorn-4971.exe
1456	Unicorn-17778.exe
1532	Unicorn-4779.exe
1696	Unicorn-21308.exe
2664	Unicorn-34114.exe
1376	Unicorn-1250.exe
1296	Unicorn-37452.exe
3060	Unicorn-21116.exe
1792	Unicorn-19811.exe
300	Unicorn-3474.exe
1160	Unicorn-49146.exe
1592	Unicorn-32425.exe
912	Unicorn-16089.exe
2860	Unicorn-52291.exe
1588	Unicorn-35763.exe
1992	Unicorn-64906.exe
1664	Unicorn-35571.exe
2556	Unicorn-51331.exe
2528	Unicorn-38752.exe
2704	Unicorn-2550.exe
2988	Unicorn-5695.exe
2348	Unicorn-51367.exe
1628	Unicorn-54896.exe
2956	Unicorn-5119.exe
1084	Unicorn-55944.exe

Loads dropped DLL 64 IoCs

Processes:

c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exeUnicorn-50556.exeUnicorn-12445.exeUnicorn-34489.exeWerFault.exeUnicorn-46034.exeUnicorn-31509.exeUnicorn-27979.exeWerFault.exeWerFault.exeUnicorn-64835.exeUnicorn-19164.exeUnicorn-31778.exeUnicorn-52521.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
2972	Unicorn-50556.exe
2972	Unicorn-50556.exe
2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
2516	Unicorn-12445.exe
2516	Unicorn-12445.exe
2972	Unicorn-50556.exe
2972	Unicorn-50556.exe
2836	Unicorn-34489.exe
2836	Unicorn-34489.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2516	Unicorn-12445.exe
2432	Unicorn-46034.exe
2516	Unicorn-12445.exe
2432	Unicorn-46034.exe
2488	Unicorn-31509.exe
2488	Unicorn-31509.exe
2836	Unicorn-34489.exe
2836	Unicorn-34489.exe
2408	Unicorn-27979.exe
2408	Unicorn-27979.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2776	Unicorn-64835.exe
2776	Unicorn-64835.exe
2432	Unicorn-46034.exe
2432	Unicorn-46034.exe
2796	Unicorn-19164.exe
2796	Unicorn-19164.exe
1464	Unicorn-31778.exe
1464	Unicorn-31778.exe
2488	Unicorn-31509.exe
1852	Unicorn-52521.exe
2408	Unicorn-27979.exe
2488	Unicorn-31509.exe
1852	Unicorn-52521.exe
2408	Unicorn-27979.exe
656	WerFault.exe
656	WerFault.exe
656	WerFault.exe
656	WerFault.exe
656	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
412	WerFault.exe
412	WerFault.exe
412	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2720	2192	WerFault.exe	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
2240	2972	WerFault.exe	Unicorn-50556.exe
2460	2516	WerFault.exe	Unicorn-12445.exe
2928	2836	WerFault.exe	Unicorn-34489.exe
656	2432	WerFault.exe	Unicorn-46034.exe
2356	2488	WerFault.exe	Unicorn-31509.exe
412	2408	WerFault.exe	Unicorn-27979.exe
1912	2776	WerFault.exe	Unicorn-64835.exe
1548	2796	WerFault.exe	Unicorn-19164.exe
3020	1464	WerFault.exe	Unicorn-31778.exe
3040	1668	WerFault.exe	Unicorn-2443.exe
2504	1852	WerFault.exe	Unicorn-52521.exe
2920	1212	WerFault.exe	Unicorn-321.exe
1884	2036	WerFault.exe	Unicorn-31529.exe
608	2508	WerFault.exe	Unicorn-36128.exe
1412	1740	WerFault.exe	Unicorn-51395.exe
1716	1124	WerFault.exe	Unicorn-63818.exe
1624	600	WerFault.exe	Unicorn-34675.exe
1304	1424	WerFault.exe	Unicorn-18147.exe
552	580	WerFault.exe	Unicorn-47482.exe
2064	2008	WerFault.exe	Unicorn-39735.exe
2168	2832	WerFault.exe	Unicorn-43304.exe
904	1556	WerFault.exe	Unicorn-26968.exe
3068	1220	WerFault.exe	Unicorn-14161.exe
2476	2232	WerFault.exe	Unicorn-29656.exe
2424	1056	WerFault.exe	Unicorn-49330.exe
2640	2336	WerFault.exe	Unicorn-49330.exe
2892	1896	WerFault.exe	Unicorn-28203.exe
2768	2496	WerFault.exe	Unicorn-48069.exe
1516	568	WerFault.exe	Unicorn-62137.exe
2672	800	WerFault.exe	Unicorn-16466.exe
2288	2684	WerFault.exe	Unicorn-63113.exe
3012	2544	WerFault.exe	Unicorn-26911.exe
2680	2552	WerFault.exe	Unicorn-4504.exe
2716	108	WerFault.exe	Unicorn-4312.exe
3080	2692	WerFault.exe	Unicorn-33263.exe
3224	2352	WerFault.exe	Unicorn-15282.exe
3260	2676	WerFault.exe	Unicorn-18620.exe
3452	1532	WerFault.exe	Unicorn-4779.exe
3472	2664	WerFault.exe	Unicorn-34114.exe
3508	1376	WerFault.exe	Unicorn-1250.exe
3576	648	WerFault.exe	Unicorn-19497.exe
3908	2772	WerFault.exe	Unicorn-14898.exe
3948	1296	WerFault.exe	Unicorn-37452.exe
3104	2152	WerFault.exe	Unicorn-4971.exe
3120	1456	WerFault.exe	Unicorn-17778.exe
3300	3060	WerFault.exe	Unicorn-21116.exe
3372	1696	WerFault.exe	Unicorn-21308.exe
3928	1592	WerFault.exe	Unicorn-32425.exe
3944	2704	WerFault.exe	Unicorn-2550.exe
3984	1084	WerFault.exe	Unicorn-55944.exe
3116	2256	WerFault.exe	Unicorn-21072.exe
3824	2936	WerFault.exe	Unicorn-6359.exe
3268	2120	WerFault.exe	Unicorn-9696.exe
3384	1736	WerFault.exe	Unicorn-60672.exe
3336	2396	WerFault.exe	Unicorn-50407.exe
3332	2264	WerFault.exe	Unicorn-42561.exe
3320	604	WerFault.exe	Unicorn-40806.exe
3416	2912	WerFault.exe	Unicorn-4735.exe
3620	2784	WerFault.exe	Unicorn-55368.exe
3896	2944	WerFault.exe	Unicorn-423.exe
3868	1992	WerFault.exe	Unicorn-64906.exe
4112	2088	WerFault.exe	Unicorn-423.exe
4200	2560	WerFault.exe	Unicorn-26795.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exeUnicorn-50556.exeUnicorn-12445.exeUnicorn-34489.exeUnicorn-46034.exeUnicorn-27979.exeUnicorn-31509.exeUnicorn-64835.exeUnicorn-19164.exeUnicorn-2443.exeUnicorn-52521.exeUnicorn-31778.exeUnicorn-36128.exeUnicorn-31529.exeUnicorn-51395.exeUnicorn-18147.exeUnicorn-34675.exeUnicorn-47482.exeUnicorn-63818.exeUnicorn-39735.exeUnicorn-43304.exeUnicorn-14161.exeUnicorn-26968.exeUnicorn-321.exeUnicorn-29656.exeUnicorn-49330.exeUnicorn-49330.exeUnicorn-62137.exeUnicorn-48069.exeUnicorn-28203.exeUnicorn-16466.exeUnicorn-63113.exeUnicorn-26911.exeUnicorn-4504.exeUnicorn-4312.exeUnicorn-33263.exeUnicorn-15282.exeUnicorn-18620.exeUnicorn-19497.exeUnicorn-14898.exeUnicorn-4971.exeUnicorn-4779.exeUnicorn-17778.exeUnicorn-21308.exeUnicorn-34114.exeUnicorn-1250.exeUnicorn-37452.exeUnicorn-21116.exeUnicorn-19811.exeUnicorn-3474.exeUnicorn-49146.exeUnicorn-16089.exeUnicorn-32425.exeUnicorn-52291.exeUnicorn-35763.exeUnicorn-64906.exeUnicorn-35571.exeUnicorn-51331.exeUnicorn-38752.exeUnicorn-2550.exeUnicorn-51367.exeUnicorn-5695.exeUnicorn-54896.exeUnicorn-5119.exe

pid	process
2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
2972	Unicorn-50556.exe
2516	Unicorn-12445.exe
2836	Unicorn-34489.exe
2432	Unicorn-46034.exe
2408	Unicorn-27979.exe
2488	Unicorn-31509.exe
2776	Unicorn-64835.exe
2796	Unicorn-19164.exe
1668	Unicorn-2443.exe
1852	Unicorn-52521.exe
1464	Unicorn-31778.exe
2508	Unicorn-36128.exe
2036	Unicorn-31529.exe
1740	Unicorn-51395.exe
1424	Unicorn-18147.exe
600	Unicorn-34675.exe
580	Unicorn-47482.exe
1124	Unicorn-63818.exe
2008	Unicorn-39735.exe
2832	Unicorn-43304.exe
1220	Unicorn-14161.exe
1556	Unicorn-26968.exe
1212	Unicorn-321.exe
2232	Unicorn-29656.exe
1056	Unicorn-49330.exe
2336	Unicorn-49330.exe
568	Unicorn-62137.exe
2496	Unicorn-48069.exe
1896	Unicorn-28203.exe
800	Unicorn-16466.exe
2684	Unicorn-63113.exe
2544	Unicorn-26911.exe
2552	Unicorn-4504.exe
108	Unicorn-4312.exe
2692	Unicorn-33263.exe
2352	Unicorn-15282.exe
2676	Unicorn-18620.exe
648	Unicorn-19497.exe
2772	Unicorn-14898.exe
2152	Unicorn-4971.exe
1532	Unicorn-4779.exe
1456	Unicorn-17778.exe
1696	Unicorn-21308.exe
2664	Unicorn-34114.exe
1376	Unicorn-1250.exe
1296	Unicorn-37452.exe
3060	Unicorn-21116.exe
1792	Unicorn-19811.exe
300	Unicorn-3474.exe
1160	Unicorn-49146.exe
912	Unicorn-16089.exe
1592	Unicorn-32425.exe
2860	Unicorn-52291.exe
1588	Unicorn-35763.exe
1992	Unicorn-64906.exe
1664	Unicorn-35571.exe
2556	Unicorn-51331.exe
2528	Unicorn-38752.exe
2704	Unicorn-2550.exe
2348	Unicorn-51367.exe
2988	Unicorn-5695.exe
1628	Unicorn-54896.exe
2956	Unicorn-5119.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exeUnicorn-50556.exeUnicorn-12445.exeUnicorn-34489.exeUnicorn-46034.exeUnicorn-31509.exeUnicorn-27979.exeUnicorn-64835.exe

description	pid	process	target process
PID 2192 wrote to memory of 2972	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-50556.exe
PID 2192 wrote to memory of 2972	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-50556.exe
PID 2192 wrote to memory of 2972	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-50556.exe
PID 2192 wrote to memory of 2972	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-50556.exe
PID 2972 wrote to memory of 2516	2972	Unicorn-50556.exe	Unicorn-12445.exe
PID 2972 wrote to memory of 2516	2972	Unicorn-50556.exe	Unicorn-12445.exe
PID 2972 wrote to memory of 2516	2972	Unicorn-50556.exe	Unicorn-12445.exe
PID 2972 wrote to memory of 2516	2972	Unicorn-50556.exe	Unicorn-12445.exe
PID 2192 wrote to memory of 2836	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-34489.exe
PID 2192 wrote to memory of 2836	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-34489.exe
PID 2192 wrote to memory of 2836	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-34489.exe
PID 2192 wrote to memory of 2836	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	Unicorn-34489.exe
PID 2192 wrote to memory of 2720	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe	WerFault.exe
PID 2516 wrote to memory of 2432	2516	Unicorn-12445.exe	Unicorn-46034.exe
PID 2516 wrote to memory of 2432	2516	Unicorn-12445.exe	Unicorn-46034.exe
PID 2516 wrote to memory of 2432	2516	Unicorn-12445.exe	Unicorn-46034.exe
PID 2516 wrote to memory of 2432	2516	Unicorn-12445.exe	Unicorn-46034.exe
PID 2972 wrote to memory of 2408	2972	Unicorn-50556.exe	Unicorn-27979.exe
PID 2972 wrote to memory of 2408	2972	Unicorn-50556.exe	Unicorn-27979.exe
PID 2972 wrote to memory of 2408	2972	Unicorn-50556.exe	Unicorn-27979.exe
PID 2972 wrote to memory of 2408	2972	Unicorn-50556.exe	Unicorn-27979.exe
PID 2836 wrote to memory of 2488	2836	Unicorn-34489.exe	Unicorn-31509.exe
PID 2836 wrote to memory of 2488	2836	Unicorn-34489.exe	Unicorn-31509.exe
PID 2836 wrote to memory of 2488	2836	Unicorn-34489.exe	Unicorn-31509.exe
PID 2836 wrote to memory of 2488	2836	Unicorn-34489.exe	Unicorn-31509.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-50556.exe	WerFault.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-50556.exe	WerFault.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-50556.exe	WerFault.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-50556.exe	WerFault.exe
PID 2516 wrote to memory of 2776	2516	Unicorn-12445.exe	Unicorn-64835.exe
PID 2516 wrote to memory of 2776	2516	Unicorn-12445.exe	Unicorn-64835.exe
PID 2516 wrote to memory of 2776	2516	Unicorn-12445.exe	Unicorn-64835.exe
PID 2516 wrote to memory of 2776	2516	Unicorn-12445.exe	Unicorn-64835.exe
PID 2432 wrote to memory of 2796	2432	Unicorn-46034.exe	Unicorn-19164.exe
PID 2432 wrote to memory of 2796	2432	Unicorn-46034.exe	Unicorn-19164.exe
PID 2432 wrote to memory of 2796	2432	Unicorn-46034.exe	Unicorn-19164.exe
PID 2432 wrote to memory of 2796	2432	Unicorn-46034.exe	Unicorn-19164.exe
PID 2488 wrote to memory of 1668	2488	Unicorn-31509.exe	Unicorn-2443.exe
PID 2488 wrote to memory of 1668	2488	Unicorn-31509.exe	Unicorn-2443.exe
PID 2488 wrote to memory of 1668	2488	Unicorn-31509.exe	Unicorn-2443.exe
PID 2488 wrote to memory of 1668	2488	Unicorn-31509.exe	Unicorn-2443.exe
PID 2836 wrote to memory of 1464	2836	Unicorn-34489.exe	Unicorn-31778.exe
PID 2836 wrote to memory of 1464	2836	Unicorn-34489.exe	Unicorn-31778.exe
PID 2836 wrote to memory of 1464	2836	Unicorn-34489.exe	Unicorn-31778.exe
PID 2836 wrote to memory of 1464	2836	Unicorn-34489.exe	Unicorn-31778.exe
PID 2408 wrote to memory of 1852	2408	Unicorn-27979.exe	Unicorn-52521.exe
PID 2408 wrote to memory of 1852	2408	Unicorn-27979.exe	Unicorn-52521.exe
PID 2408 wrote to memory of 1852	2408	Unicorn-27979.exe	Unicorn-52521.exe
PID 2408 wrote to memory of 1852	2408	Unicorn-27979.exe	Unicorn-52521.exe
PID 2516 wrote to memory of 2460	2516	Unicorn-12445.exe	WerFault.exe
PID 2516 wrote to memory of 2460	2516	Unicorn-12445.exe	WerFault.exe
PID 2516 wrote to memory of 2460	2516	Unicorn-12445.exe	WerFault.exe
PID 2516 wrote to memory of 2460	2516	Unicorn-12445.exe	WerFault.exe
PID 2836 wrote to memory of 2928	2836	Unicorn-34489.exe	WerFault.exe
PID 2836 wrote to memory of 2928	2836	Unicorn-34489.exe	WerFault.exe
PID 2836 wrote to memory of 2928	2836	Unicorn-34489.exe	WerFault.exe
PID 2836 wrote to memory of 2928	2836	Unicorn-34489.exe	WerFault.exe
PID 2776 wrote to memory of 2508	2776	Unicorn-64835.exe	Unicorn-36128.exe
PID 2776 wrote to memory of 2508	2776	Unicorn-64835.exe	Unicorn-36128.exe
PID 2776 wrote to memory of 2508	2776	Unicorn-64835.exe	Unicorn-36128.exe
PID 2776 wrote to memory of 2508	2776	Unicorn-64835.exe	Unicorn-36128.exe

C:\Users\Admin\AppData\Local\Temp\c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe
"C:\Users\Admin\AppData\Local\Temp\c1af617044bb8c85461762930b56d70769bc43d6c505b9b975c841f30f1c0e10.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
8⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-50418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50418.exe
9⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
10⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
11⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
12⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
13⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
14⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
14⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 236
13⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
12⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
11⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 236
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
9⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-24044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24044.exe
11⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 236
12⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
8⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
11⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 236
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
11⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
9⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
8⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
7⤵
- Program crash
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
9⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
10⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
11⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
12⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 236
13⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 236
12⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
10⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-666.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
11⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
12⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
8⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
10⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
12⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 236
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
10⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
9⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
10⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
11⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
10⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
11⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
12⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
10⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
7⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
6⤵
- Program crash
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
9⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
10⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
12⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
13⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
14⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
14⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 236
13⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
12⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
11⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
11⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
12⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
13⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
13⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
12⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
11⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 220
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
11⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
12⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
13⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
12⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
11⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 220
11⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
10⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
9⤵
- Program crash
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
8⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
12⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
10⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
11⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
11⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
7⤵
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
8⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
10⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
12⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
11⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
10⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
11⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 236
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
10⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
7⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
10⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
- Program crash
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
6⤵
- Program crash
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:656

C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
8⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
13⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 236
13⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 236
11⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-33365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33365.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
11⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
12⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
8⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 216
7⤵
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
11⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
12⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
13⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 236
13⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
12⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
10⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
11⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
12⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
11⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
10⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
11⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 236
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
10⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
7⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-35666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35666.exe
10⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
11⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
8⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
7⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
8⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
11⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
12⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
13⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
12⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
10⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 236
11⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
7⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
11⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
11⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
9⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
7⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64906.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
7⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
9⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
10⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
11⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 236
11⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
10⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
9⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
7⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
8⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
9⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
10⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
11⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
10⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
9⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
8⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
7⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
6⤵
- Program crash
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
5⤵
- Program crash
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
8⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
9⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
10⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
9⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
8⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
10⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
11⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
12⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
12⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 236
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
8⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
7⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
8⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
10⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
11⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
12⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 236
12⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
11⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 216
8⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
7⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
7⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
8⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-47693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47693.exe
10⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
11⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
12⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 236
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
8⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
7⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
12⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
12⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
9⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
10⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
11⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
11⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
10⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
9⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
8⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
7⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 220
6⤵
- Program crash
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
8⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
10⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
11⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
12⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
13⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 220
12⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
10⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
10⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
11⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
12⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 236
11⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
8⤵
- Program crash
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
7⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
10⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
11⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
11⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
10⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
8⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
7⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
6⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
7⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
10⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
11⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
11⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
8⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
7⤵
- Program crash
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
6⤵
- Program crash
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
5⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-47482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47482.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
7⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
10⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 236
8⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
7⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
6⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
9⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
10⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
10⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
9⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
7⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
6⤵
- Program crash
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-34114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34114.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
6⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
9⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
10⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 236
10⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 216
8⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-8695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8695.exe
7⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
8⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
9⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
10⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 236
10⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
9⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
7⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
6⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
5⤵
- Program crash
PID:552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
9⤵
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 220
10⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
10⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
11⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
12⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 236
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
10⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
7⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
10⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
11⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
9⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
8⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
7⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
7⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 236
11⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
8⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
9⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
10⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
11⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 236
11⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
10⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
9⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
8⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 220
7⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
5⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
8⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
11⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
12⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
13⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
13⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
12⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
10⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
10⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
11⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
12⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
11⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 236
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
8⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
7⤵
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
10⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
11⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
11⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
8⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
6⤵
- Executes dropped EXE
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
7⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
9⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
10⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
11⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 236
10⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
9⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
8⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
7⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
6⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
6⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
7⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
10⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
11⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
12⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 236
12⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
11⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
10⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
9⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
9⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
10⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
10⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
9⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 240
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
8⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
9⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
10⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
11⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
11⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 236
10⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
9⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
8⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
7⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
6⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
7⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
8⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
9⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
10⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
10⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
9⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
8⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
7⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
6⤵
- Program crash
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
5⤵
- Program crash
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5695.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-50650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50650.exe
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
10⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
11⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
12⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
11⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
10⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
7⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
11⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
11⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
10⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
8⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
7⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
7⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-54403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54403.exe
10⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 236
11⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
9⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
10⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
11⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
10⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
8⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33936.exe
7⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
7⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
6⤵
- Program crash
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
7⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
9⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
10⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
11⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
10⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
8⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
7⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
8⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
9⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
10⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
10⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 236
9⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
8⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
7⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
6⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
7⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
8⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
9⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
10⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
10⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
9⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
8⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 216
7⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
6⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
5⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
6⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
7⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
8⤵
- Program crash
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
7⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
6⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
9⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
10⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 236
10⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
9⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
8⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
7⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
6⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
5⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
6⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
7⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
8⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
9⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 236
10⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
9⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
8⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
7⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
6⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
5⤵
- Program crash
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
4⤵
- Program crash
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
2⤵
- Program crash
PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe

Filesize
184KB

MD5
01f587aaf84444b507aee3463c9904c0

SHA1
02b15e7309ca81865560ef293a1a17dd8aa75cfc

SHA256
aeded6ea51440a6444c7bf43a6dabe7cb33e56d56742e1112118e2160abbe096

SHA512
22702ebff1a1cd865d3f38c893525a3ec3b37e7fb616652dd32d53c33edf5e9ff5a6246b8c8fb23d2c98e8ad23751cbc38da29922fea870279b42acd4c3c081c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe

Filesize
184KB

MD5
f3548d0a2175eb1ab715de941fb5adc9

SHA1
e15026738878f33daeed49914a490ac7db5758b4

SHA256
db507066c44a19f46008cc4ea2438299b196cddc92e7bbacf79cf9dd0c11b5db

SHA512
97e71318426905aa0e302b5da308754f350547b13c703a92e3550874a0fcde0b97152a6349d83c5cbf5867f62cad504b144e4faf1dfd074bf032e262262640a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe

Filesize
184KB

MD5
2a0f6a6fa304bd7ead4433b14b7d284c

SHA1
4e4bb0e1439a6c8632b52866ef58ebae448c4e35

SHA256
0a75f3710cd9e752a8f8aaddc352899493758a68f380a3102b54795a4b2b18ee

SHA512
bcb63d466ea98c8547f718349cacb012a5867432d2c449225c188d3715b6909e1c698e52ce5e3fd423a5c94f6662b11b2e808f77cf807dc17f7d79995a42ff49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe

Filesize
184KB

MD5
433b6bb6590d5607c249dbb23ce212cd

SHA1
9ebcd5598f06628e439bb2b74ed77951c3126f58

SHA256
9bc58e24976d5a677b179030dea6ebbbd49deea8f1329a07852e04738d17fa7e

SHA512
a9d9d8f459265fac971c370d0a005f0ba1456b332b702376822a53e6e542b420246190e704ee0c76d46812344d654292f4c2e2bfe464c02cd807b5a5fa220c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe

Filesize
184KB

MD5
2052241c3ecf93069624ea1af038b747

SHA1
73e95ca9ef70a59fda023177f363f01fe98526f5

SHA256
7e072b3ce7b9513b46c95e01ae37f91f60e8757c020f56d205abe5d257139332

SHA512
4520b869253382142eb8ed1e4cee2795ef11b4d9bf67746fac05553bcfb03fd73841b0363d1f51f034edbc40f8e398e4b46b61a795f421f1e4cea7700129eb46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe

Filesize
184KB

MD5
d612962b1fbad82d55305abe5db80e33

SHA1
f1fe96a012d455466ed90b314d238799e077505b

SHA256
8016ae46b7aae39d90ee572762ae50af58dff4049a6590f15fe1c523c9678b34

SHA512
7a120070cedfe8feab3de383bcc747332599af816239e06cf59efab96e25c54b910ac6f3384ae16412b79939964663d08cc10ff4b085eb5cb007da9462ebd6f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5695.exe

Filesize
184KB

MD5
91c8ffdd58d4f8327c98ef2eee164ba6

SHA1
c0b1085c7ee1e400066cf0449566d7c54860a964

SHA256
e029e2746a8a8f8891d874c18a269195bb24c222ae639d913a0ad3d4c3718a31

SHA512
19c75daba959142d67e76655b290b5fcb3083b37970399abf40b1f1b5bd07f2fd9f139261fa13ad566f8f7d2f9bd6ab41374dee3318c3f4cac54338291f336e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe

Filesize
184KB

MD5
ebe010fe8d506418850a34c627f7d5bb

SHA1
847c22c05f031c3af8ac15198adf0d7086783e17

SHA256
0aa961f2825d96f7970445c58708732b783d6ebd0904f49c49da9e7274982685

SHA512
af4a1b1c6bcbe3e0084eefe2a15a27e047b8d6bae40b16237120f6f7b9864e27bd26bdd6c847aaefeecd5f72c590ee980005cbe004143a056a52f0c38c80bd87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe

Filesize
184KB

MD5
f4f7b642a8c34dfc5c449746ab78296e

SHA1
0cdc36bd60ab73699d9ba741cb1ca477ce60fae2

SHA256
a216e664c36cadc5664880a85219f288ab2562ae23f0ac90d1396ca84873af92

SHA512
5ac4c84e4b962e79836d70626a70f11c1e3809e9d44e0d4a8122020c67ebc3b0156e36c8b160efe3f17c6c80b47a457cbaefc3a4d74cc38adb293bef39209763

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe

Filesize
184KB

MD5
ccb5a0134a73c23432686cd999c20488

SHA1
9fd50ca56c1081c29102a7a20e9e3a99cde98f64

SHA256
2005708ddb4bc2461b808a0d2c6afdc24f75b9dd0d966cae7228c5aec59f6d21

SHA512
c47ccd1d57c10873f7a96a003d2d5ba3e60bcea6653bbc40bb396ebe89a33be3f1aae83675c6791fc7d981082d46d8907cb264fcb4db93a02cfab737e509be53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe

Filesize
184KB

MD5
f873de01c1377d0b498a8771b784c32c

SHA1
a19110a1ab80459254cdc7d40ea5016908a13d85

SHA256
9bab9ee41768b254d4756a774bb892ce08bb1b953e8a4af92dcce508403cf2eb

SHA512
f606f38a8b982f1775dd4d65ffce5cccda7fdf31c2c9ca79d4533b5985721c820cdbcbbfd9b475326127aecf73b94bbb984181b2200cec55a706048ac1669060

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe

Filesize
184KB

MD5
d249f691c04c0fee00cc644d0a7a8320

SHA1
aae841242c59696bea7e4291b653e7c6cb3d09ba

SHA256
e84c4807843542cd9ffbe148e7354708557fb3ea9fc01892921569c98c7387a9

SHA512
ce62548f107d4a9652a2620e3f484d5df165c7ada0528b1e9b235fdc3fadfd644181386eebb61bcfdd58a0bfc71bca93c362570a97ec131f06a4e1330ceb41cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe

Filesize
184KB

MD5
9cb46c6a92a5fc7529aa27e4d522ecf7

SHA1
f963bea029de28b198fe44cea54a5caf2a51a861

SHA256
5524e76e39b2237badcf6aeb90512adf17a7d38a3a8e676705669de3d3c796fb

SHA512
0d8451a5ed8bc22103c248a6767f85a7e01a78fbd509233e50d9f8778bbefd1b12340f7d0bc286062070cf6d202c49661c756ed843ec53d0dbb8777df9187e9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe

Filesize
184KB

MD5
739961462c4ca494d37e4584f17c4bdb

SHA1
4e3afc6e6290b36791ce701d656738a6fd63ea20

SHA256
ab00f0cbbf3c1a33fd9c9fb6fe936785d8587ffc477a17792f6b988b333fb4c8

SHA512
00b47d7a32b64b0239380b3e4e835e5950a52dcacf41ad3607f778be3d214e856fe8fb7b315a927288966af776fbf882950668ec6c4905cc43fa2ba1781627bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe

Filesize
184KB

MD5
9355e5bc90f6bdc1b6086e78f8705d53

SHA1
855ee6c636aa0e7bacb3574d692f7c470d1c08a5

SHA256
d5b6c40f3af51152f914027ab863e92f2ec181b70c4e11c970aa3104d06f442c

SHA512
9ddf92e8ac4e3bcb469a522ae8b8858e009c2e6cf4e02987d35fb197415fc372f1508b6e2ec8ae821e880922be0512a646e6df805bd2103fd24830ecf9157332

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe

Filesize
184KB

MD5
ff2e1429dfc5c5fed1555a44a39e230f

SHA1
8ec87aa2b5b1d82f209191f41d226deba9014efe

SHA256
da361784c8e34ee5db5c8e6f049be5a535022ea44aefbcfef94d0f4a428e9c52

SHA512
4102cb66773c07b87134ae7d75d5d46a0e9faa83c34b40720cd72c3e9bc34ddcbb6f27dbacb069355841f46dfb906d18e00afd7c1fded396c2848d73a37d92a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe

Filesize
184KB

MD5
f8d121de441f92e4d69a12ad83c1a936

SHA1
3d013a268f95955c83d8dff745b2476d08dabc43

SHA256
ec322ab234f84365593cb329c98a91cfe9ea2691693d2c6b9e3f76e29a0b4e15

SHA512
119de5f742b5576eff5e93b7b57d9ec7496e2b684894cd587748c14fe32b19bdd5c5a69f3a09a938200f04ff4e65103fb19ed7adff5797342fc8939edad429c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe

Filesize
184KB

MD5
8845acdb41d3152dace5516deaabf266

SHA1
1cdc95259d2458d5ec7fd186558e6aebb2ed8e24

SHA256
c5717d3961c353930b38579db8e1300bb7aa4bfc6b044d00cac289bafe82ef41

SHA512
d301c10be5bf2bbb4772789bbf8276252df9d11ec126b1b2d43c2097dbfe03ef738b426cceffe8d046ae684d03462c65fa1d6802b6410294bd70e7c1bffe9ca2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe

Filesize
184KB

MD5
f7c53064ca61cf5d05fbabb0c6d5d123

SHA1
ba0573b2bf0334318acaa6cccba38c13387f4712

SHA256
c922deed2c73f5b0c7a83cbf656293ec0bd3770df0bb72ec0c18466a0ce0183d

SHA512
f068dbf9b9f99c4ade178df443bade519d799de980a257b805b4c928c3520aed5497b081c7c2fe75572246fb202f913d09a4cb864f635fc0270f130a6a3bbf08

Download Submit