b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
Size

184KB
MD5

5d8629b4b6859c00364d917c7cc614b2
SHA1

8489bdc644014539c014afe6e7fa6af4399a0dbf
SHA256

b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28
SHA512

1888459aff79c1c25a88fe4b6809adba29cc6a21eb4d371eedd7a983a1bfe3d5687b6011e48696e928ed4363b2335b4497d44908830873262820573182d1257b
SSDEEP

3072:kJaRoiov7GW0jAQWeVwLwNsOhlnViFans:kJiovOAQkLQsOhlnViFa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-50114.exeUnicorn-45540.exeUnicorn-41133.exeUnicorn-33583.exeUnicorn-37990.exeUnicorn-42766.exeUnicorn-60328.exeUnicorn-45061.exeUnicorn-25195.exeUnicorn-22218.exeUnicorn-53162.exeUnicorn-50894.exeUnicorn-5222.exeUnicorn-18413.exeUnicorn-38279.exeUnicorn-11403.exeUnicorn-57075.exeUnicorn-45420.exeUnicorn-34127.exeUnicorn-39302.exeUnicorn-34895.exeUnicorn-52493.exeUnicorn-22281.exeUnicorn-4683.exeUnicorn-22281.exeUnicorn-3949.exeUnicorn-19409.exeUnicorn-1681.exeUnicorn-45771.exeUnicorn-58770.exeUnicorn-44043.exeUnicorn-8910.exeUnicorn-62024.exeUnicorn-24945.exeUnicorn-47141.exeUnicorn-42734.exeUnicorn-62600.exeUnicorn-58194.exeUnicorn-12522.exeUnicorn-5740.exeUnicorn-51604.exeUnicorn-53514.exeUnicorn-49108.exeUnicorn-36493.exeUnicorn-5200.exeUnicorn-43623.exeUnicorn-56814.exeUnicorn-56814.exeUnicorn-8262.exeUnicorn-8262.exeUnicorn-25860.exeUnicorn-41319.exeUnicorn-56778.exeUnicorn-21645.exeUnicorn-59108.exeUnicorn-9030.exeUnicorn-6762.exeUnicorn-8021.exeUnicorn-45484.exeUnicorn-59059.exeUnicorn-63667.exeUnicorn-23497.exeUnicorn-41094.exeUnicorn-8805.exe

pid	process
2304	Unicorn-50114.exe
2788	Unicorn-45540.exe
2780	Unicorn-41133.exe
2704	Unicorn-33583.exe
1848	Unicorn-37990.exe
2292	Unicorn-42766.exe
3036	Unicorn-60328.exe
2060	Unicorn-45061.exe
1292	Unicorn-25195.exe
1656	Unicorn-22218.exe
1580	Unicorn-53162.exe
1632	Unicorn-50894.exe
2328	Unicorn-5222.exe
1696	Unicorn-18413.exe
2044	Unicorn-38279.exe
576	Unicorn-11403.exe
1640	Unicorn-57075.exe
2296	Unicorn-45420.exe
880	Unicorn-34127.exe
2372	Unicorn-39302.exe
2324	Unicorn-34895.exe
944	Unicorn-52493.exe
1876	Unicorn-22281.exe
1800	Unicorn-4683.exe
3040	Unicorn-22281.exe
2876	Unicorn-3949.exe
1856	Unicorn-19409.exe
2240	Unicorn-1681.exe
2308	Unicorn-45771.exe
1604	Unicorn-58770.exe
2424	Unicorn-44043.exe
1036	Unicorn-8910.exe
1372	Unicorn-62024.exe
2672	Unicorn-24945.exe
2548	Unicorn-47141.exe
1912	Unicorn-42734.exe
2580	Unicorn-62600.exe
2556	Unicorn-58194.exe
2440	Unicorn-12522.exe
1148	Unicorn-5740.exe
2512	Unicorn-51604.exe
308	Unicorn-53514.exe
1684	Unicorn-49108.exe
1828	Unicorn-36493.exe
2916	Unicorn-5200.exe
1728	Unicorn-43623.exe
1648	Unicorn-56814.exe
580	Unicorn-56814.exe
2096	Unicorn-8262.exe
1988	Unicorn-8262.exe
1840	Unicorn-25860.exe
372	Unicorn-41319.exe
2268	Unicorn-56778.exe
1156	Unicorn-21645.exe
744	Unicorn-59108.exe
1084	Unicorn-9030.exe
320	Unicorn-6762.exe
2656	Unicorn-8021.exe
1416	Unicorn-45484.exe
2700	Unicorn-59059.exe
3024	Unicorn-63667.exe
1220	Unicorn-23497.exe
2584	Unicorn-41094.exe
1316	Unicorn-8805.exe

Loads dropped DLL 64 IoCs

Processes:

b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exeUnicorn-50114.exeUnicorn-45540.exeWerFault.exeUnicorn-41133.exeUnicorn-37990.exeUnicorn-33583.exeWerFault.exeWerFault.exeUnicorn-42766.exeUnicorn-60328.exeUnicorn-25195.exeUnicorn-45061.exeWerFault.exeWerFault.exeUnicorn-22218.exeUnicorn-53162.exeUnicorn-5222.exe

pid	process
1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
2304	Unicorn-50114.exe
2304	Unicorn-50114.exe
1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
2304	Unicorn-50114.exe
2788	Unicorn-45540.exe
2304	Unicorn-50114.exe
2788	Unicorn-45540.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2780	Unicorn-41133.exe
2780	Unicorn-41133.exe
1848	Unicorn-37990.exe
2788	Unicorn-45540.exe
1848	Unicorn-37990.exe
2788	Unicorn-45540.exe
2704	Unicorn-33583.exe
2704	Unicorn-33583.exe
2156	WerFault.exe
556	WerFault.exe
2156	WerFault.exe
556	WerFault.exe
2156	WerFault.exe
556	WerFault.exe
2156	WerFault.exe
556	WerFault.exe
556	WerFault.exe
2156	WerFault.exe
2292	Unicorn-42766.exe
2292	Unicorn-42766.exe
3036	Unicorn-60328.exe
3036	Unicorn-60328.exe
1848	Unicorn-37990.exe
1848	Unicorn-37990.exe
1292	Unicorn-25195.exe
1292	Unicorn-25195.exe
2060	Unicorn-45061.exe
2704	Unicorn-33583.exe
2060	Unicorn-45061.exe
2704	Unicorn-33583.exe
772	WerFault.exe
772	WerFault.exe
772	WerFault.exe
772	WerFault.exe
812	WerFault.exe
812	WerFault.exe
812	WerFault.exe
812	WerFault.exe
772	WerFault.exe
812	WerFault.exe
1656	Unicorn-22218.exe
1656	Unicorn-22218.exe
2292	Unicorn-42766.exe
2292	Unicorn-42766.exe
1580	Unicorn-53162.exe
1580	Unicorn-53162.exe
3036	Unicorn-60328.exe
3036	Unicorn-60328.exe
2328	Unicorn-5222.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2276	1760	WerFault.exe	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
2600	2304	WerFault.exe	Unicorn-50114.exe
556	2780	WerFault.exe	Unicorn-41133.exe
2156	2788	WerFault.exe	Unicorn-45540.exe
772	1848	WerFault.exe	Unicorn-37990.exe
812	2704	WerFault.exe	Unicorn-33583.exe
940	2292	WerFault.exe	Unicorn-42766.exe
2396	3036	WerFault.exe	Unicorn-60328.exe
292	1292	WerFault.exe	Unicorn-25195.exe
2500	2060	WerFault.exe	Unicorn-45061.exe
3000	880	WerFault.exe	Unicorn-34127.exe
1424	1656	WerFault.exe	Unicorn-22218.exe
2344	1580	WerFault.exe	Unicorn-53162.exe
2824	2328	WerFault.exe	Unicorn-5222.exe
2004	2044	WerFault.exe	Unicorn-38279.exe
892	1632	WerFault.exe	Unicorn-50894.exe
1408	1696	WerFault.exe	Unicorn-18413.exe
1532	1640	WerFault.exe	Unicorn-57075.exe
1712	576	WerFault.exe	Unicorn-11403.exe
268	2296	WerFault.exe	Unicorn-45420.exe
1676	2324	WerFault.exe	Unicorn-34895.exe
2120	2372	WerFault.exe	Unicorn-39302.exe
2768	1876	WerFault.exe	Unicorn-22281.exe
2716	1800	WerFault.exe	Unicorn-4683.exe
2592	944	WerFault.exe	Unicorn-52493.exe
2236	2876	WerFault.exe	Unicorn-3949.exe
1616	1856	WerFault.exe	Unicorn-19409.exe
856	2240	WerFault.exe	Unicorn-1681.exe
3052	1604	WerFault.exe	Unicorn-58770.exe
2528	2424	WerFault.exe	Unicorn-44043.exe
2944	2672	WerFault.exe	Unicorn-24945.exe
1444	1036	WerFault.exe	Unicorn-8910.exe
1236	2548	WerFault.exe	Unicorn-47141.exe
2956	2440	WerFault.exe	Unicorn-12522.exe
2504	2556	WerFault.exe	Unicorn-58194.exe
704	2308	WerFault.exe	Unicorn-45771.exe
2164	2580	WerFault.exe	Unicorn-62600.exe
2952	1372	WerFault.exe	Unicorn-62024.exe
1816	1912	WerFault.exe	Unicorn-42734.exe
3408	1148	WerFault.exe	Unicorn-5740.exe
3104	2512	WerFault.exe	Unicorn-51604.exe
3136	2916	WerFault.exe	Unicorn-5200.exe
3204	1828	WerFault.exe	Unicorn-36493.exe
3248	1156	WerFault.exe	Unicorn-21645.exe
3388	1988	WerFault.exe	Unicorn-8262.exe
3292	372	WerFault.exe	Unicorn-41319.exe
3432	308	WerFault.exe	Unicorn-53514.exe
4068	1840	WerFault.exe	Unicorn-25860.exe
3132	2584	WerFault.exe	Unicorn-41094.exe
3608	580	WerFault.exe	Unicorn-56814.exe
3784	1612	WerFault.exe	Unicorn-21996.exe
3812	1316	WerFault.exe	Unicorn-8805.exe
3900	320	WerFault.exe	Unicorn-6762.exe
3960	1124	WerFault.exe	Unicorn-48224.exe
4000	380	WerFault.exe	Unicorn-30243.exe
4024	3008	WerFault.exe	Unicorn-44612.exe
4060	448	WerFault.exe	Unicorn-63491.exe
4072	1084	WerFault.exe	Unicorn-9030.exe
3120	744	WerFault.exe	Unicorn-59108.exe
3256	2700	WerFault.exe	Unicorn-59059.exe
3316	2624	WerFault.exe	Unicorn-14399.exe
3688	2096	WerFault.exe	Unicorn-8262.exe
3692	2784	WerFault.exe	Unicorn-13631.exe
3100	2180	WerFault.exe	Unicorn-43651.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exeUnicorn-50114.exeUnicorn-41133.exeUnicorn-45540.exeUnicorn-37990.exeUnicorn-33583.exeUnicorn-42766.exeUnicorn-60328.exeUnicorn-25195.exeUnicorn-45061.exeUnicorn-22218.exeUnicorn-53162.exeUnicorn-50894.exeUnicorn-5222.exeUnicorn-18413.exeUnicorn-38279.exeUnicorn-57075.exeUnicorn-11403.exeUnicorn-45420.exeUnicorn-34127.exeUnicorn-39302.exeUnicorn-34895.exeUnicorn-52493.exeUnicorn-22281.exeUnicorn-4683.exeUnicorn-3949.exeUnicorn-19409.exeUnicorn-1681.exeUnicorn-58770.exeUnicorn-8910.exeUnicorn-44043.exeUnicorn-62024.exeUnicorn-24945.exeUnicorn-47141.exeUnicorn-42734.exeUnicorn-12522.exeUnicorn-58194.exeUnicorn-62600.exeUnicorn-5740.exeUnicorn-51604.exeUnicorn-53514.exeUnicorn-49108.exeUnicorn-36493.exeUnicorn-54474.exeUnicorn-5200.exeUnicorn-43623.exeUnicorn-56814.exeUnicorn-8262.exeUnicorn-56814.exeUnicorn-25860.exeUnicorn-8262.exeUnicorn-41319.exeUnicorn-56778.exeUnicorn-59108.exeUnicorn-21645.exeUnicorn-9030.exeUnicorn-6762.exeUnicorn-8021.exeUnicorn-45484.exeUnicorn-59059.exeUnicorn-63667.exeUnicorn-23497.exeUnicorn-41094.exeUnicorn-8805.exe

pid	process
1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
2304	Unicorn-50114.exe
2780	Unicorn-41133.exe
2788	Unicorn-45540.exe
1848	Unicorn-37990.exe
2704	Unicorn-33583.exe
2292	Unicorn-42766.exe
3036	Unicorn-60328.exe
1292	Unicorn-25195.exe
2060	Unicorn-45061.exe
1656	Unicorn-22218.exe
1580	Unicorn-53162.exe
1632	Unicorn-50894.exe
2328	Unicorn-5222.exe
1696	Unicorn-18413.exe
2044	Unicorn-38279.exe
1640	Unicorn-57075.exe
576	Unicorn-11403.exe
2296	Unicorn-45420.exe
880	Unicorn-34127.exe
2372	Unicorn-39302.exe
2324	Unicorn-34895.exe
944	Unicorn-52493.exe
1876	Unicorn-22281.exe
1800	Unicorn-4683.exe
2876	Unicorn-3949.exe
1856	Unicorn-19409.exe
2240	Unicorn-1681.exe
1604	Unicorn-58770.exe
1036	Unicorn-8910.exe
2424	Unicorn-44043.exe
1372	Unicorn-62024.exe
2672	Unicorn-24945.exe
2548	Unicorn-47141.exe
1912	Unicorn-42734.exe
2440	Unicorn-12522.exe
2556	Unicorn-58194.exe
2580	Unicorn-62600.exe
1148	Unicorn-5740.exe
2512	Unicorn-51604.exe
308	Unicorn-53514.exe
1684	Unicorn-49108.exe
1828	Unicorn-36493.exe
1900	Unicorn-54474.exe
2916	Unicorn-5200.exe
1728	Unicorn-43623.exe
580	Unicorn-56814.exe
2096	Unicorn-8262.exe
1648	Unicorn-56814.exe
1840	Unicorn-25860.exe
1988	Unicorn-8262.exe
372	Unicorn-41319.exe
2268	Unicorn-56778.exe
744	Unicorn-59108.exe
1156	Unicorn-21645.exe
1084	Unicorn-9030.exe
320	Unicorn-6762.exe
2656	Unicorn-8021.exe
1416	Unicorn-45484.exe
2700	Unicorn-59059.exe
3024	Unicorn-63667.exe
1220	Unicorn-23497.exe
2584	Unicorn-41094.exe
1316	Unicorn-8805.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exeUnicorn-50114.exeUnicorn-45540.exeUnicorn-41133.exeUnicorn-37990.exeUnicorn-33583.exeUnicorn-42766.exeUnicorn-60328.exe

description	pid	process	target process
PID 1760 wrote to memory of 2304	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-50114.exe
PID 1760 wrote to memory of 2304	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-50114.exe
PID 1760 wrote to memory of 2304	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-50114.exe
PID 1760 wrote to memory of 2304	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-50114.exe
PID 2304 wrote to memory of 2788	2304	Unicorn-50114.exe	Unicorn-45540.exe
PID 2304 wrote to memory of 2788	2304	Unicorn-50114.exe	Unicorn-45540.exe
PID 2304 wrote to memory of 2788	2304	Unicorn-50114.exe	Unicorn-45540.exe
PID 2304 wrote to memory of 2788	2304	Unicorn-50114.exe	Unicorn-45540.exe
PID 1760 wrote to memory of 2780	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-41133.exe
PID 1760 wrote to memory of 2780	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-41133.exe
PID 1760 wrote to memory of 2780	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-41133.exe
PID 1760 wrote to memory of 2780	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	Unicorn-41133.exe
PID 1760 wrote to memory of 2276	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	WerFault.exe
PID 1760 wrote to memory of 2276	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	WerFault.exe
PID 1760 wrote to memory of 2276	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	WerFault.exe
PID 1760 wrote to memory of 2276	1760	b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe	WerFault.exe
PID 2304 wrote to memory of 2704	2304	Unicorn-50114.exe	Unicorn-33583.exe
PID 2304 wrote to memory of 2704	2304	Unicorn-50114.exe	Unicorn-33583.exe
PID 2304 wrote to memory of 2704	2304	Unicorn-50114.exe	Unicorn-33583.exe
PID 2304 wrote to memory of 2704	2304	Unicorn-50114.exe	Unicorn-33583.exe
PID 2788 wrote to memory of 1848	2788	Unicorn-45540.exe	Unicorn-37990.exe
PID 2788 wrote to memory of 1848	2788	Unicorn-45540.exe	Unicorn-37990.exe
PID 2788 wrote to memory of 1848	2788	Unicorn-45540.exe	Unicorn-37990.exe
PID 2788 wrote to memory of 1848	2788	Unicorn-45540.exe	Unicorn-37990.exe
PID 2304 wrote to memory of 2600	2304	Unicorn-50114.exe	WerFault.exe
PID 2304 wrote to memory of 2600	2304	Unicorn-50114.exe	WerFault.exe
PID 2304 wrote to memory of 2600	2304	Unicorn-50114.exe	WerFault.exe
PID 2304 wrote to memory of 2600	2304	Unicorn-50114.exe	WerFault.exe
PID 2780 wrote to memory of 2292	2780	Unicorn-41133.exe	Unicorn-42766.exe
PID 2780 wrote to memory of 2292	2780	Unicorn-41133.exe	Unicorn-42766.exe
PID 2780 wrote to memory of 2292	2780	Unicorn-41133.exe	Unicorn-42766.exe
PID 2780 wrote to memory of 2292	2780	Unicorn-41133.exe	Unicorn-42766.exe
PID 1848 wrote to memory of 3036	1848	Unicorn-37990.exe	Unicorn-60328.exe
PID 1848 wrote to memory of 3036	1848	Unicorn-37990.exe	Unicorn-60328.exe
PID 1848 wrote to memory of 3036	1848	Unicorn-37990.exe	Unicorn-60328.exe
PID 1848 wrote to memory of 3036	1848	Unicorn-37990.exe	Unicorn-60328.exe
PID 2788 wrote to memory of 1292	2788	Unicorn-45540.exe	Unicorn-25195.exe
PID 2788 wrote to memory of 1292	2788	Unicorn-45540.exe	Unicorn-25195.exe
PID 2788 wrote to memory of 1292	2788	Unicorn-45540.exe	Unicorn-25195.exe
PID 2788 wrote to memory of 1292	2788	Unicorn-45540.exe	Unicorn-25195.exe
PID 2704 wrote to memory of 2060	2704	Unicorn-33583.exe	Unicorn-45061.exe
PID 2704 wrote to memory of 2060	2704	Unicorn-33583.exe	Unicorn-45061.exe
PID 2704 wrote to memory of 2060	2704	Unicorn-33583.exe	Unicorn-45061.exe
PID 2704 wrote to memory of 2060	2704	Unicorn-33583.exe	Unicorn-45061.exe
PID 2788 wrote to memory of 2156	2788	Unicorn-45540.exe	WerFault.exe
PID 2780 wrote to memory of 556	2780	Unicorn-41133.exe	WerFault.exe
PID 2788 wrote to memory of 2156	2788	Unicorn-45540.exe	WerFault.exe
PID 2788 wrote to memory of 2156	2788	Unicorn-45540.exe	WerFault.exe
PID 2788 wrote to memory of 2156	2788	Unicorn-45540.exe	WerFault.exe
PID 2780 wrote to memory of 556	2780	Unicorn-41133.exe	WerFault.exe
PID 2780 wrote to memory of 556	2780	Unicorn-41133.exe	WerFault.exe
PID 2780 wrote to memory of 556	2780	Unicorn-41133.exe	WerFault.exe
PID 2292 wrote to memory of 1656	2292	Unicorn-42766.exe	Unicorn-22218.exe
PID 2292 wrote to memory of 1656	2292	Unicorn-42766.exe	Unicorn-22218.exe
PID 2292 wrote to memory of 1656	2292	Unicorn-42766.exe	Unicorn-22218.exe
PID 2292 wrote to memory of 1656	2292	Unicorn-42766.exe	Unicorn-22218.exe
PID 3036 wrote to memory of 1580	3036	Unicorn-60328.exe	Unicorn-53162.exe
PID 3036 wrote to memory of 1580	3036	Unicorn-60328.exe	Unicorn-53162.exe
PID 3036 wrote to memory of 1580	3036	Unicorn-60328.exe	Unicorn-53162.exe
PID 3036 wrote to memory of 1580	3036	Unicorn-60328.exe	Unicorn-53162.exe
PID 1848 wrote to memory of 1632	1848	Unicorn-37990.exe	Unicorn-50894.exe
PID 1848 wrote to memory of 1632	1848	Unicorn-37990.exe	Unicorn-50894.exe
PID 1848 wrote to memory of 1632	1848	Unicorn-37990.exe	Unicorn-50894.exe
PID 1848 wrote to memory of 1632	1848	Unicorn-37990.exe	Unicorn-50894.exe

C:\Users\Admin\AppData\Local\Temp\b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe
"C:\Users\Admin\AppData\Local\Temp\b424582923b455882b99f2c5451e6dc8a6cff160aa59bc8a81fd15ba97b92b28.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
8⤵
- Executes dropped EXE
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
10⤵
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
11⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
12⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
13⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
14⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
15⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
15⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
14⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
13⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
12⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
11⤵
- Program crash
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
10⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
11⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
12⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
13⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
14⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 220
14⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
13⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
12⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 220
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
9⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
11⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
12⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
13⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
14⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
14⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
13⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
12⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
11⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
10⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
9⤵
- Program crash
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
10⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
11⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
12⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
13⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
14⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exe
15⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
15⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 236
14⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 220
13⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
12⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
11⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
11⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
12⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
13⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
14⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
14⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
13⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
12⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
11⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
10⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
9⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
10⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
11⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
12⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
13⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
14⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 220
14⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
13⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
12⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
11⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
11⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
12⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
12⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
10⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
9⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
8⤵
- Program crash
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
10⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
11⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
12⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
13⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
14⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
15⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
15⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
14⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
13⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
12⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
11⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
10⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
11⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
12⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
13⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
14⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 220
14⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
13⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
12⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
11⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
10⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
10⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
11⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
12⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
13⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
14⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
14⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
13⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
12⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
11⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
10⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
11⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
12⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
13⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
12⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
9⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
9⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
10⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
11⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
12⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
13⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
14⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
12⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-5260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5260.exe
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
11⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
12⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
13⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
14⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
13⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
12⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
11⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
10⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
9⤵
- Program crash
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
8⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
7⤵
- Program crash
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
6⤵
- Executes dropped EXE
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
9⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
11⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
12⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
12⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
8⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
7⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
10⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
11⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
11⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
10⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 220
7⤵
- Program crash
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
6⤵
- Program crash
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
9⤵
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
10⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
11⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
12⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
13⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-39934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39934.exe
14⤵
PID:11836

C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
15⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 220
14⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 220
13⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
11⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
10⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
12⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
13⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 220
12⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
11⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
8⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
11⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
12⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
13⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
13⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 220
12⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
11⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
10⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
9⤵
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
8⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
10⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
11⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 200
12⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
10⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
9⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
11⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
12⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
9⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
8⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
7⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
8⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
11⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
12⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
13⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
12⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 220
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
8⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
10⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
11⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
12⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
12⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
11⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
8⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
6⤵
- Program crash
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
8⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
9⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 220
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
9⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
11⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
11⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
7⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
7⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
12⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
13⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 236
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
10⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
10⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
8⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
8⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
9⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
10⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
11⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 220
11⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
10⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
7⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
6⤵
- Program crash
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
5⤵
- Program crash
PID:292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
9⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
11⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
12⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
13⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
14⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
14⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
13⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
12⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
12⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
13⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 204
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
11⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
9⤵
- Program crash
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
8⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
10⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
11⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
12⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
13⤵
PID:11952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
14⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
12⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
10⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
9⤵
- Program crash
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
8⤵
- Program crash
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-6762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6762.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
12⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
13⤵
PID:11568

C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
14⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
13⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
12⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
9⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
9⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
11⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
9⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
8⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
7⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:744

C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
10⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
11⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
12⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
13⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
12⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
10⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
11⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
10⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-16231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16231.exe
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
10⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
11⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
10⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
- Program crash
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
6⤵
- Program crash
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
8⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
9⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
10⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
11⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
12⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
13⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
14⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
13⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 236
12⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
11⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
11⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
11⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
10⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
10⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
11⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
12⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
13⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
13⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
12⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
11⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
12⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
12⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 240
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
8⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
7⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
10⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 220
11⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
9⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
8⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
6⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
5⤵
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
8⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
11⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
12⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
13⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
12⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
10⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
11⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
12⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
9⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
8⤵
- Program crash
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
7⤵
- Program crash
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
10⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
11⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
12⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
11⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 216
7⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
6⤵
- Program crash
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
7⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
10⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
12⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
11⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
7⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
9⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
10⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
11⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
11⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 236
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
9⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
8⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
6⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
7⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
8⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 208
10⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
9⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 216
8⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
7⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
6⤵
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
5⤵
- Program crash
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-41133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41133.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
10⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
11⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
12⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
13⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
14⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 236
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
12⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
11⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
9⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
11⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
12⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
13⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
10⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
11⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
13⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
8⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
7⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
8⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
10⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
11⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
12⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
13⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
12⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
11⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 220
8⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
7⤵
- Program crash
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
7⤵
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
8⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
7⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
9⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
10⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 236
11⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
10⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
9⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 220
8⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 220
7⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
6⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
9⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
11⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
12⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
7⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
8⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
9⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
10⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
11⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
10⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
9⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
8⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
7⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
6⤵
- Program crash
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
5⤵
- Program crash
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
8⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
11⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
12⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
13⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
11⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 220
12⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
8⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
7⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
10⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
11⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 220
11⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 236
10⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
8⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
7⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
7⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
8⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 240
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
9⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
10⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
11⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
11⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
10⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
9⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
8⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
7⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
9⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-21642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21642.exe
10⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
11⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
11⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
9⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
- Program crash
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
6⤵
- Program crash
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
9⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
10⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
12⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
8⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
8⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
9⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
10⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
11⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
11⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
10⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
9⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
8⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
7⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
6⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
8⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
9⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
10⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 236
10⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
9⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
8⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
7⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
6⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
5⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
4⤵
- Program crash
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
3⤵
- Loads dropped DLL
- Program crash
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
2⤵
- Program crash
PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe

Filesize
184KB

MD5
2a9ab608cbd6ed21d24ec3920a8a1352

SHA1
14ddd580ec13a46a0f4afc84eaf9e769905f63d4

SHA256
d77188ca3a48b7d43857611474f17eb9b39594c21e21115df20bb99a3db59c28

SHA512
cc8ef339039da0cff72039853613fc2c8b636f69e29132577e857016bfb9c5734790da2047ec046addc9b95e10c4c7de0ed60b3108bda55ef20f39223a531fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe

Filesize
184KB

MD5
0dc7151533641b7fef7f5827b90f6ddf

SHA1
6c02070aa7eb762be4eadc126696d31889f2eaf6

SHA256
e4c9966639383c8cfb4e58617cbe10e7ed4fed10feceff3616ec60f273bb3646

SHA512
24ee3147fdaa2d8c50643982d9474b86817bb31f35c7dd98f7d5ec6c52fe7effeb4b15c7c94633bbc23b2f2b4d4e298a9d5c6a81d7af05a2e7222b2e17b0f81b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe

Filesize
184KB

MD5
d774c028844747cb2bfcc025186fcc1e

SHA1
e03d32d15d0daadfee1271306967ad51d11660f9

SHA256
71f7ec75841252457f22843fdfca9c9d7748ec4264a873246e9247e57732edf0

SHA512
258aaf30d469206628f21f78f00dde878b655dd54bf4e4de60056c4014f6e81ca9b6a3ebc5dab64b8705640ee0b3e0ccf77996a0a219d7ee178c6e9d9141ec79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe

Filesize
184KB

MD5
71ec73b32ce95a652f3bc90525ac2936

SHA1
440d50aa9208ae6658c0330dd81d8d0cef7755f9

SHA256
4176f9d69b9f13dc3ee830cd40ed477a0af53e28439663efe6b5b29765a671e3

SHA512
8a76e9cf8c9a8bfdae73efe2aefcafcb138132c47ec0345b38eb5aedeb694595e74bbf3dbc6b77e522f3487517c6e86531b769f58159e9458522cbc6ac8c43a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe

Filesize
184KB

MD5
a512d0c84e85bea3e08c29cd134488e2

SHA1
0d54477ad43b967098e6f8fd886dafdddc2ad9aa

SHA256
2e4f09f622982b98503c5501bab64e06f7df88b45ac8f5a33e82ce2f5932838a

SHA512
5ae54481d4bf334a09f8c05a963861425f4ca9581c02cb8e5ca609ecdc6cf3e7c4459633323d2aa11fc82f07e6454f84b11658e5d0d1ae9e6e0d7cc2c17c8901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe

Filesize
184KB

MD5
e0fe3da1b1ac09b33815070130fd92df

SHA1
514f656575ab3682fcc5d7fd40f066c66170e99b

SHA256
2f1866c867a59472e68e697912bde629bcc9a42a0ed7f39d7f636527e9de7c1e

SHA512
dde695b1eab8c73ab49fa9cef0b4f2fccb9b76fd723da2f78a1f6ef2f92be7c126c63766ed70db3282db51706f7cbdba46a0b4df0fd4ede14c1f5285865e582e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe

Filesize
184KB

MD5
eafd45c4824f4406d5b62fcaa37211bf

SHA1
ce1f472090d8de60205354abe1e1d2efabefb056

SHA256
e6da5f7d0834550e65272a0d4a72e48ee429cf5f64c0549b3bcaf8782889d367

SHA512
e89731b53f82560cce9b5e5a2829658c167d635ac0981bc9e6d727293e0b9c247a8867ff1c0db377b60747bd00754ae97e31ff14347b3f8a271a38f176f96c20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe

Filesize
184KB

MD5
f55db93515b7357bdef900ac3937a35f

SHA1
7ac7191204a6085a75af3f8e093a3c0f7a4196e2

SHA256
63c4571f6925f24de9cf6bd9e0ae0715d5807d319424cce777cbbac76e3e168c

SHA512
11f77b2a3f9bf82abe3b9aae3c7e3303be9e2b08570020e66aa5660301cf8040538160b21cbdcda7fe61de71ad5be1c3f848457090d60aa12ec86081f3946f8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe

Filesize
184KB

MD5
6682612fe468f033a944a00dd143c331

SHA1
ffe2b41792e215bfc8081f1b0d7cb7bf802042f1

SHA256
763f6cc09a024773c23f6723bf7cf68e659dccb1bd87224e83553a5f77c7fa1e

SHA512
12b556b6069d8e39b14864aa2cf4608a1a5281067221c8f3d11855bbf6bc54006fc0c84f06780f7fcd9fc105305452aaba82c5a5090e47a468fdc9837dfcad7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41133.exe

Filesize
184KB

MD5
9d1f38a8da98b41c4403c87fd1932dab

SHA1
0bc4edcd661e34e6b14ec258b40a29bcfd75a6b1

SHA256
53c494cfa3a66dd10e66f7c75fa67f87974f134c59d4ceff17b8fb0c1dbe24dc

SHA512
734efd9c5c63241b210473c6e6d5132771fea8cb582b1d159391a093cfe12ad567422d40043c75d7daf3d894ae77a746bc71826dbc948ff136cc6e1b40911734

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe

Filesize
184KB

MD5
8c118cd828f62b6a2be4a1a97ea8ea32

SHA1
aa86c43d420c68d34fa571f46c65f9d8f9b7dc56

SHA256
d52a0193d128490927abbf6a063146a1c252d563e08ee3258cd2c6ffce4c9dfa

SHA512
5a4a4899b0aea6bc1f242bab35435d14e2d32da2f932dbe90147bc6ad3f13b4e954d831e7c29527bcbb2ba7cd3d2740d82fadd4beec931ce17c76d1394e29803

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe

Filesize
184KB

MD5
982cd33ddd003c8f0b218b04022c525e

SHA1
c60963ef693261e23597002a62cf3bfa6e717dc9

SHA256
9482db9558a784c497f0a08433a4cf8b1f443dc5307e9717840c8fb140bd85cc

SHA512
083001a4aa2aef37788e04096482921d533595ca9c3b17fbfd30e9eef52daa297bbdad006810a9c82df98164faab6970f7eb01200b2c320f2b3503a6bb2f7114

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe

Filesize
184KB

MD5
8ad4e0ba250946a0b5c9d6f8daaa5822

SHA1
7860e86b32c969fedc4f0adabc565ee9ac82725c

SHA256
a4b0421b3afed533173e4cbb551a17ddb043fd7c7774b753812344cad60a684b

SHA512
ab4b7794634ae22903a3647b2c97665edf708364164e07115c8819efe794d14071902955714c6147c20f7d755c4c269353bc5f0f0d4edbaca19c8514930f4b92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe

Filesize
184KB

MD5
7212d57d6ff6b1095c5f5f1254268d99

SHA1
83462453b09e07fc2d239b7b000b674612ab925a

SHA256
58e30cecace59d47e2f7af21c76f98f6c4a6762c8238454902e4f4db49f46abf

SHA512
8d6e9f31f8c37727b5053c9ad169b09326b2b7c745cfefec6424aef3afd9f339b4ab7b9fd412e35a0f0d310d7397ace61cfc0f80bc18e033b90eb3aeb06a9fe7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe

Filesize
184KB

MD5
095f9cb43ffb32b66f29c2bfea3a922a

SHA1
2a89980972b380f7e4518205d82506c37476a2d7

SHA256
57e516479948ca398923b65a7044b2fa06b89f1b9384d55791e8bfecea576dbe

SHA512
885c2bfc34c802f293f283472531fc8cd03d4586e2a2497290968995e254bd07dba2d5ce81c7ed3ece28975714929abb2bc6196fba7c4cd5989356858c0097d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe

Filesize
184KB

MD5
9f087b53a80ef5e9d83ab7df852b17fd

SHA1
5661ab0e7be062c165e9eac9dec49ba2a815652b

SHA256
7123f01420730229432d58634113e3caba7aaa2cdca1d3c9cf030be8eed1f966

SHA512
4b5d075c05b63fa259a9a7c305ef3465d64319ec37c14a8f058f2497d165c37ed06493ff7fc01dcd817c6f093a8e0a0e799e57c48f8ccd4a45275612d4f347e3

Download Submit
memory/2308-709-0x0000000002840000-0x000000000299C000-memory.dmp

Filesize
1.4MB

Download