05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
Size

184KB
MD5

b668f6e1655438aac2ad01ea662ed508
SHA1

1d28e567b0460a736499225f8ddb6883f9eddf82
SHA256

05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8
SHA512

1758e7f4866227c3e9e057676416724b2bccc5d10223e23a32a3d9701ea715e441c5d66204b5bec098320322d47d92f9c96a35488c4317008a51a76e6b2bf6ee
SSDEEP

3072:gVZ3YxoZKjwUdnuWeMYLRFe8clnTiF7n3:gVkozQnujLze8clnTiF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-1547.exeUnicorn-45678.exeUnicorn-60623.exeUnicorn-41677.exeUnicorn-45761.exeUnicorn-60706.exeUnicorn-25388.exeUnicorn-13690.exeUnicorn-37640.exeUnicorn-6913.exeUnicorn-52585.exeUnicorn-3981.exeUnicorn-49653.exeUnicorn-20318.exeUnicorn-59212.exeUnicorn-39346.exeUnicorn-1843.exeUnicorn-36654.exeUnicorn-51599.exeUnicorn-34791.exeUnicorn-38875.exeUnicorn-23093.exeUnicorn-20401.exeUnicorn-35345.exeUnicorn-24485.exeUnicorn-9471.exeUnicorn-64147.exeUnicorn-41589.exeUnicorn-56534.exeUnicorn-45673.exeUnicorn-60618.exeUnicorn-57432.exeUnicorn-10924.exeUnicorn-4147.exeUnicorn-19092.exeUnicorn-38958.exeUnicorn-17168.exeUnicorn-1386.exeUnicorn-40280.exeUnicorn-9554.exeUnicorn-29420.exeUnicorn-33504.exeUnicorn-49840.exeUnicorn-64785.exeUnicorn-53924.exeUnicorn-38142.exeUnicorn-27282.exeUnicorn-62092.exeUnicorn-31366.exeUnicorn-11500.exeUnicorn-1215.exeUnicorn-50971.exeUnicorn-53130.exeUnicorn-65382.exeUnicorn-27042.exeUnicorn-61106.exeUnicorn-14598.exeUnicorn-3737.exeUnicorn-7821.exeUnicorn-57577.exeUnicorn-15990.exeUnicorn-50800.exeUnicorn-58968.exeUnicorn-63052.exe

pid	process
2424	Unicorn-1547.exe
3004	Unicorn-45678.exe
1088	Unicorn-60623.exe
2660	Unicorn-41677.exe
2756	Unicorn-45761.exe
2868	Unicorn-60706.exe
2528	Unicorn-25388.exe
2956	Unicorn-13690.exe
1316	Unicorn-37640.exe
1788	Unicorn-6913.exe
2004	Unicorn-52585.exe
1564	Unicorn-3981.exe
1624	Unicorn-49653.exe
3064	Unicorn-20318.exe
1328	Unicorn-59212.exe
2116	Unicorn-39346.exe
484	Unicorn-1843.exe
1164	Unicorn-36654.exe
920	Unicorn-51599.exe
2888	Unicorn-34791.exe
1392	Unicorn-38875.exe
1524	Unicorn-23093.exe
1608	Unicorn-20401.exe
1596	Unicorn-35345.exe
828	Unicorn-24485.exe
3020	Unicorn-9471.exe
2144	Unicorn-64147.exe
2192	Unicorn-41589.exe
2468	Unicorn-56534.exe
1272	Unicorn-45673.exe
2292	Unicorn-60618.exe
1940	Unicorn-57432.exe
2436	Unicorn-10924.exe
2704	Unicorn-4147.exe
2748	Unicorn-19092.exe
2672	Unicorn-38958.exe
2980	Unicorn-17168.exe
2688	Unicorn-1386.exe
2240	Unicorn-40280.exe
2560	Unicorn-9554.exe
2184	Unicorn-29420.exe
1980	Unicorn-33504.exe
2008	Unicorn-49840.exe
1972	Unicorn-64785.exe
1968	Unicorn-53924.exe
1612	Unicorn-38142.exe
1664	Unicorn-27282.exe
2924	Unicorn-62092.exe
1192	Unicorn-31366.exe
2268	Unicorn-11500.exe
592	Unicorn-1215.exe
2496	Unicorn-50971.exe
1864	Unicorn-53130.exe
1256	Unicorn-65382.exe
1704	Unicorn-27042.exe
2148	Unicorn-61106.exe
1448	Unicorn-14598.exe
1072	Unicorn-3737.exe
2412	Unicorn-7821.exe
2936	Unicorn-57577.exe
2744	Unicorn-15990.exe
2776	Unicorn-50800.exe
1736	Unicorn-58968.exe
2588	Unicorn-63052.exe

Loads dropped DLL 64 IoCs

Processes:

05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exeUnicorn-1547.exeUnicorn-60623.exeUnicorn-45678.exeWerFault.exeUnicorn-41677.exeUnicorn-45761.exeUnicorn-60706.exeWerFault.exeWerFault.exeUnicorn-25388.exeUnicorn-37640.exeUnicorn-13690.exeUnicorn-52585.exeUnicorn-6913.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
2424	Unicorn-1547.exe
2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
2424	Unicorn-1547.exe
2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
1088	Unicorn-60623.exe
1088	Unicorn-60623.exe
3004	Unicorn-45678.exe
3004	Unicorn-45678.exe
2424	Unicorn-1547.exe
2424	Unicorn-1547.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2660	Unicorn-41677.exe
2660	Unicorn-41677.exe
1088	Unicorn-60623.exe
1088	Unicorn-60623.exe
2756	Unicorn-45761.exe
2756	Unicorn-45761.exe
2868	Unicorn-60706.exe
2868	Unicorn-60706.exe
3004	Unicorn-45678.exe
3004	Unicorn-45678.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
2024	WerFault.exe
2528	Unicorn-25388.exe
2528	Unicorn-25388.exe
2660	Unicorn-41677.exe
2660	Unicorn-41677.exe
1316	Unicorn-37640.exe
1316	Unicorn-37640.exe
2956	Unicorn-13690.exe
2756	Unicorn-45761.exe
2956	Unicorn-13690.exe
2756	Unicorn-45761.exe
2004	Unicorn-52585.exe
2004	Unicorn-52585.exe
1788	Unicorn-6913.exe
1788	Unicorn-6913.exe
2868	Unicorn-60706.exe
2868	Unicorn-60706.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
904	WerFault.exe
904	WerFault.exe
904	WerFault.exe
904	WerFault.exe
904	WerFault.exe
1080	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2360	2244	WerFault.exe	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
2652	2424	WerFault.exe	Unicorn-1547.exe
2024	1088	WerFault.exe	Unicorn-60623.exe
1444	3004	WerFault.exe	Unicorn-45678.exe
2604	2660	WerFault.exe	Unicorn-41677.exe
904	2756	WerFault.exe	Unicorn-45761.exe
1080	2868	WerFault.exe	Unicorn-60706.exe
2420	2528	WerFault.exe	Unicorn-25388.exe
2920	1316	WerFault.exe	Unicorn-37640.exe
2984	2956	WerFault.exe	Unicorn-13690.exe
2100	2004	WerFault.exe	Unicorn-52585.exe
3060	1788	WerFault.exe	Unicorn-6913.exe
576	1624	WerFault.exe	Unicorn-49653.exe
356	1564	WerFault.exe	Unicorn-3981.exe
1156	3064	WerFault.exe	Unicorn-20318.exe
1360	1328	WerFault.exe	Unicorn-59212.exe
944	2116	WerFault.exe	Unicorn-39346.exe
1632	920	WerFault.exe	Unicorn-51599.exe
844	1164	WerFault.exe	Unicorn-36654.exe
3008	484	WerFault.exe	Unicorn-1843.exe
1928	2888	WerFault.exe	Unicorn-34791.exe
2600	1392	WerFault.exe	Unicorn-38875.exe
2792	1524	WerFault.exe	Unicorn-23093.exe
2444	1608	WerFault.exe	Unicorn-20401.exe
2084	828	WerFault.exe	Unicorn-24485.exe
2724	3020	WerFault.exe	Unicorn-9471.exe
2520	2144	WerFault.exe	Unicorn-64147.exe
2568	2192	WerFault.exe	Unicorn-41589.exe
2432	2468	WerFault.exe	Unicorn-56534.exe
2952	1256	WerFault.exe	Unicorn-65382.exe
1988	1272	WerFault.exe	Unicorn-45673.exe
800	2292	WerFault.exe	Unicorn-60618.exe
1440	1940	WerFault.exe	Unicorn-57432.exe
1796	2704	WerFault.exe	Unicorn-4147.exe
3100	2672	WerFault.exe	Unicorn-38958.exe
3152	2748	WerFault.exe	Unicorn-19092.exe
3168	2240	WerFault.exe	Unicorn-40280.exe
3240	1612	WerFault.exe	Unicorn-38142.exe
3248	1968	WerFault.exe	Unicorn-53924.exe
3360	1972	WerFault.exe	Unicorn-64785.exe
3496	2268	WerFault.exe	Unicorn-11500.exe
3544	1192	WerFault.exe	Unicorn-31366.exe
3836	2184	WerFault.exe	Unicorn-29420.exe
3900	2560	WerFault.exe	Unicorn-9554.exe
3928	2008	WerFault.exe	Unicorn-49840.exe
3148	1864	WerFault.exe	Unicorn-53130.exe
3180	2688	WerFault.exe	Unicorn-1386.exe
3268	1980	WerFault.exe	Unicorn-33504.exe
3712	2496	WerFault.exe	Unicorn-50971.exe
3832	1664	WerFault.exe	Unicorn-27282.exe
3884	2924	WerFault.exe	Unicorn-62092.exe
3952	2744	WerFault.exe	Unicorn-15990.exe
3976	2588	WerFault.exe	Unicorn-63052.exe
2216	344	WerFault.exe	Unicorn-20628.exe
4084	2060	WerFault.exe	Unicorn-14583.exe
3108	2028	WerFault.exe	Unicorn-5683.exe
3208	332	WerFault.exe	Unicorn-49394.exe
3388	292	WerFault.exe	Unicorn-48003.exe
3460	2848	WerFault.exe	Unicorn-6415.exe
3480	1060	WerFault.exe	Unicorn-40494.exe
3588	2700	WerFault.exe	Unicorn-5683.exe
3312	3812	WerFault.exe	Unicorn-29607.exe
2248	2148	WerFault.exe	Unicorn-61106.exe
3880	1448	WerFault.exe	Unicorn-14598.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exeUnicorn-1547.exeUnicorn-45678.exeUnicorn-60623.exeUnicorn-41677.exeUnicorn-45761.exeUnicorn-60706.exeUnicorn-25388.exeUnicorn-13690.exeUnicorn-37640.exeUnicorn-52585.exeUnicorn-6913.exeUnicorn-49653.exeUnicorn-3981.exeUnicorn-20318.exeUnicorn-59212.exeUnicorn-39346.exeUnicorn-1843.exeUnicorn-51599.exeUnicorn-36654.exeUnicorn-34791.exeUnicorn-38875.exeUnicorn-23093.exeUnicorn-20401.exeUnicorn-24485.exeUnicorn-9471.exeUnicorn-64147.exeUnicorn-56534.exeUnicorn-41589.exeUnicorn-45673.exeUnicorn-60618.exeUnicorn-57432.exeUnicorn-10924.exeUnicorn-4147.exeUnicorn-19092.exeUnicorn-38958.exeUnicorn-17168.exeUnicorn-1386.exeUnicorn-40280.exeUnicorn-9554.exeUnicorn-29420.exeUnicorn-33504.exeUnicorn-49840.exeUnicorn-64785.exeUnicorn-53924.exeUnicorn-27282.exeUnicorn-38142.exeUnicorn-62092.exeUnicorn-31366.exeUnicorn-11500.exeUnicorn-50971.exeUnicorn-53130.exeUnicorn-65382.exeUnicorn-27042.exeUnicorn-61106.exeUnicorn-14598.exeUnicorn-3737.exeUnicorn-7821.exeUnicorn-57577.exeUnicorn-15990.exeUnicorn-50800.exeUnicorn-58968.exeUnicorn-63052.exeUnicorn-36410.exe

pid	process
2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
2424	Unicorn-1547.exe
3004	Unicorn-45678.exe
1088	Unicorn-60623.exe
2660	Unicorn-41677.exe
2756	Unicorn-45761.exe
2868	Unicorn-60706.exe
2528	Unicorn-25388.exe
2956	Unicorn-13690.exe
1316	Unicorn-37640.exe
2004	Unicorn-52585.exe
1788	Unicorn-6913.exe
1624	Unicorn-49653.exe
1564	Unicorn-3981.exe
3064	Unicorn-20318.exe
1328	Unicorn-59212.exe
2116	Unicorn-39346.exe
484	Unicorn-1843.exe
920	Unicorn-51599.exe
1164	Unicorn-36654.exe
2888	Unicorn-34791.exe
1392	Unicorn-38875.exe
1524	Unicorn-23093.exe
1608	Unicorn-20401.exe
828	Unicorn-24485.exe
3020	Unicorn-9471.exe
2144	Unicorn-64147.exe
2468	Unicorn-56534.exe
2192	Unicorn-41589.exe
1272	Unicorn-45673.exe
2292	Unicorn-60618.exe
1940	Unicorn-57432.exe
2436	Unicorn-10924.exe
2704	Unicorn-4147.exe
2748	Unicorn-19092.exe
2672	Unicorn-38958.exe
2980	Unicorn-17168.exe
2688	Unicorn-1386.exe
2240	Unicorn-40280.exe
2560	Unicorn-9554.exe
2184	Unicorn-29420.exe
1980	Unicorn-33504.exe
2008	Unicorn-49840.exe
1972	Unicorn-64785.exe
1968	Unicorn-53924.exe
1664	Unicorn-27282.exe
1612	Unicorn-38142.exe
2924	Unicorn-62092.exe
1192	Unicorn-31366.exe
2268	Unicorn-11500.exe
2496	Unicorn-50971.exe
1864	Unicorn-53130.exe
1256	Unicorn-65382.exe
1704	Unicorn-27042.exe
2148	Unicorn-61106.exe
1448	Unicorn-14598.exe
1072	Unicorn-3737.exe
2412	Unicorn-7821.exe
2936	Unicorn-57577.exe
2744	Unicorn-15990.exe
2776	Unicorn-50800.exe
1736	Unicorn-58968.exe
2588	Unicorn-63052.exe
1696	Unicorn-36410.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exeUnicorn-1547.exeUnicorn-60623.exeUnicorn-45678.exeUnicorn-41677.exeUnicorn-45761.exeUnicorn-60706.exeUnicorn-25388.exe

description	pid	process	target process
PID 2244 wrote to memory of 2424	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-1547.exe
PID 2244 wrote to memory of 2424	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-1547.exe
PID 2244 wrote to memory of 2424	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-1547.exe
PID 2244 wrote to memory of 2424	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-1547.exe
PID 2424 wrote to memory of 3004	2424	Unicorn-1547.exe	Unicorn-45678.exe
PID 2424 wrote to memory of 3004	2424	Unicorn-1547.exe	Unicorn-45678.exe
PID 2424 wrote to memory of 3004	2424	Unicorn-1547.exe	Unicorn-45678.exe
PID 2424 wrote to memory of 3004	2424	Unicorn-1547.exe	Unicorn-45678.exe
PID 2244 wrote to memory of 1088	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-60623.exe
PID 2244 wrote to memory of 1088	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-60623.exe
PID 2244 wrote to memory of 1088	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-60623.exe
PID 2244 wrote to memory of 1088	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	Unicorn-60623.exe
PID 2244 wrote to memory of 2360	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	WerFault.exe
PID 2244 wrote to memory of 2360	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	WerFault.exe
PID 2244 wrote to memory of 2360	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	WerFault.exe
PID 2244 wrote to memory of 2360	2244	05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe	WerFault.exe
PID 1088 wrote to memory of 2660	1088	Unicorn-60623.exe	Unicorn-41677.exe
PID 1088 wrote to memory of 2660	1088	Unicorn-60623.exe	Unicorn-41677.exe
PID 1088 wrote to memory of 2660	1088	Unicorn-60623.exe	Unicorn-41677.exe
PID 1088 wrote to memory of 2660	1088	Unicorn-60623.exe	Unicorn-41677.exe
PID 3004 wrote to memory of 2756	3004	Unicorn-45678.exe	Unicorn-45761.exe
PID 3004 wrote to memory of 2756	3004	Unicorn-45678.exe	Unicorn-45761.exe
PID 3004 wrote to memory of 2756	3004	Unicorn-45678.exe	Unicorn-45761.exe
PID 3004 wrote to memory of 2756	3004	Unicorn-45678.exe	Unicorn-45761.exe
PID 2424 wrote to memory of 2868	2424	Unicorn-1547.exe	Unicorn-60706.exe
PID 2424 wrote to memory of 2868	2424	Unicorn-1547.exe	Unicorn-60706.exe
PID 2424 wrote to memory of 2868	2424	Unicorn-1547.exe	Unicorn-60706.exe
PID 2424 wrote to memory of 2868	2424	Unicorn-1547.exe	Unicorn-60706.exe
PID 2424 wrote to memory of 2652	2424	Unicorn-1547.exe	WerFault.exe
PID 2424 wrote to memory of 2652	2424	Unicorn-1547.exe	WerFault.exe
PID 2424 wrote to memory of 2652	2424	Unicorn-1547.exe	WerFault.exe
PID 2424 wrote to memory of 2652	2424	Unicorn-1547.exe	WerFault.exe
PID 2660 wrote to memory of 2528	2660	Unicorn-41677.exe	Unicorn-25388.exe
PID 2660 wrote to memory of 2528	2660	Unicorn-41677.exe	Unicorn-25388.exe
PID 2660 wrote to memory of 2528	2660	Unicorn-41677.exe	Unicorn-25388.exe
PID 2660 wrote to memory of 2528	2660	Unicorn-41677.exe	Unicorn-25388.exe
PID 1088 wrote to memory of 2956	1088	Unicorn-60623.exe	Unicorn-13690.exe
PID 1088 wrote to memory of 2956	1088	Unicorn-60623.exe	Unicorn-13690.exe
PID 1088 wrote to memory of 2956	1088	Unicorn-60623.exe	Unicorn-13690.exe
PID 1088 wrote to memory of 2956	1088	Unicorn-60623.exe	Unicorn-13690.exe
PID 2756 wrote to memory of 1316	2756	Unicorn-45761.exe	Unicorn-37640.exe
PID 2756 wrote to memory of 1316	2756	Unicorn-45761.exe	Unicorn-37640.exe
PID 2756 wrote to memory of 1316	2756	Unicorn-45761.exe	Unicorn-37640.exe
PID 2756 wrote to memory of 1316	2756	Unicorn-45761.exe	Unicorn-37640.exe
PID 2868 wrote to memory of 1788	2868	Unicorn-60706.exe	Unicorn-6913.exe
PID 2868 wrote to memory of 1788	2868	Unicorn-60706.exe	Unicorn-6913.exe
PID 2868 wrote to memory of 1788	2868	Unicorn-60706.exe	Unicorn-6913.exe
PID 2868 wrote to memory of 1788	2868	Unicorn-60706.exe	Unicorn-6913.exe
PID 3004 wrote to memory of 2004	3004	Unicorn-45678.exe	Unicorn-52585.exe
PID 3004 wrote to memory of 2004	3004	Unicorn-45678.exe	Unicorn-52585.exe
PID 3004 wrote to memory of 2004	3004	Unicorn-45678.exe	Unicorn-52585.exe
PID 3004 wrote to memory of 2004	3004	Unicorn-45678.exe	Unicorn-52585.exe
PID 1088 wrote to memory of 2024	1088	Unicorn-60623.exe	WerFault.exe
PID 1088 wrote to memory of 2024	1088	Unicorn-60623.exe	WerFault.exe
PID 1088 wrote to memory of 2024	1088	Unicorn-60623.exe	WerFault.exe
PID 1088 wrote to memory of 2024	1088	Unicorn-60623.exe	WerFault.exe
PID 3004 wrote to memory of 1444	3004	Unicorn-45678.exe	WerFault.exe
PID 3004 wrote to memory of 1444	3004	Unicorn-45678.exe	WerFault.exe
PID 3004 wrote to memory of 1444	3004	Unicorn-45678.exe	WerFault.exe
PID 3004 wrote to memory of 1444	3004	Unicorn-45678.exe	WerFault.exe
PID 2528 wrote to memory of 1564	2528	Unicorn-25388.exe	Unicorn-3981.exe
PID 2528 wrote to memory of 1564	2528	Unicorn-25388.exe	Unicorn-3981.exe
PID 2528 wrote to memory of 1564	2528	Unicorn-25388.exe	Unicorn-3981.exe
PID 2528 wrote to memory of 1564	2528	Unicorn-25388.exe	Unicorn-3981.exe

C:\Users\Admin\AppData\Local\Temp\05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe
"C:\Users\Admin\AppData\Local\Temp\05f2758f336f131ed68fe4908cf18c6cc54ba4d92b745c7b54171f43e8fcadd8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20401.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
10⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
11⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
12⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
13⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
14⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
15⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
16⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
15⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
14⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
13⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
12⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
11⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
11⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-57876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57876.exe
12⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
13⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
14⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
15⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
14⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
13⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
12⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
11⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
9⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
10⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
11⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
12⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
13⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
14⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
14⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
13⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
11⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
10⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
9⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
10⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
11⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
12⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
13⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
14⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
15⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
14⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
13⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
12⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
11⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
10⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
11⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
12⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
13⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
14⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
13⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
12⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
11⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
9⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
8⤵
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
9⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
10⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-34061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34061.exe
11⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 220
12⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
11⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
11⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
13⤵
PID:11620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
14⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 236
13⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
12⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-13083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13083.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 220
12⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
10⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
9⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
8⤵
- Program crash
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
- Program crash
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
6⤵
- Executes dropped EXE
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
6⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
9⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
10⤵
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 188
11⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
10⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
9⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
8⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
12⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
13⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 236
13⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
9⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 220
8⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
7⤵
- Program crash
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
8⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
10⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 220
11⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
11⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
12⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
10⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
8⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
7⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
6⤵
- Program crash
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
8⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
9⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
11⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
12⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
13⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
14⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
15⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
14⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
13⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
12⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-3623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3623.exe
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
12⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
13⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
14⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
13⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
12⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
11⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
10⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
11⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
12⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
13⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
13⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
10⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
9⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 220
8⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
7⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
7⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
8⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
10⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
12⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 236
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
11⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
9⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 216
8⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
7⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
6⤵
- Program crash
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
10⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
11⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
12⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
11⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 216
8⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
7⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
11⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
12⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
10⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
8⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
7⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
6⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
7⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
11⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-77.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-77.exe
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
12⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
7⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
8⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
9⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
10⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
11⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
10⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
9⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
8⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
7⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
6⤵
- Program crash
PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
5⤵
- Program crash
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
11⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
12⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
13⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
10⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
10⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
11⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
12⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
10⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
8⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
7⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
10⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
11⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
10⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
8⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 220
7⤵
- Program crash
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 216
6⤵
- Program crash
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
7⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
12⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
13⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 216
13⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
8⤵
- Program crash
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
7⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
10⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
11⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
12⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
12⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
7⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
6⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
7⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
10⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
11⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 216
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
11⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
9⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
6⤵
- Program crash
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
5⤵
- Program crash
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
7⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
8⤵
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 220
9⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
8⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
7⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
6⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
7⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 220
11⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
10⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
9⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
10⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-28666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28666.exe
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
11⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
10⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
9⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
8⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
7⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
6⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
7⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
9⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
10⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
11⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
11⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
10⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
9⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
8⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
5⤵
- Program crash
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
9⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
8⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
10⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 220
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
9⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
8⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
11⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
12⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
13⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
14⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
13⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
12⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
11⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 236
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
11⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-63372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63372.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
13⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
13⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 236
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
7⤵
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
8⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
11⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
12⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
13⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 212
14⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
12⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
10⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
10⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
11⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
12⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
11⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 220
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
7⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
10⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
11⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 236
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
11⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
9⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
8⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
7⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
6⤵
- Program crash
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
11⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
12⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
13⤵
PID:11452

C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
14⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 216
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 236
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
9⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
10⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
11⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
12⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
13⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
8⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
7⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
11⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
12⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
10⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
8⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
11⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
12⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
13⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
8⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
7⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
10⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
11⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
11⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
10⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
7⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
6⤵
- Program crash
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
5⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
7⤵
- Executes dropped EXE
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
7⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
8⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
11⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
12⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
13⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
11⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
9⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
11⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
10⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
8⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
7⤵
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
8⤵
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
11⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
12⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 220
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
11⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 236
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
9⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
10⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 220
11⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
10⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
8⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
8⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
11⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 236
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
11⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
10⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
6⤵
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-10924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10924.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
7⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
12⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
13⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 236
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
9⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
10⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
11⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 216
12⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
8⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 220
7⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
6⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
8⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
10⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
11⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
12⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
10⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
9⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
8⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
7⤵
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
5⤵
- Program crash
PID:576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-29420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29420.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
7⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
8⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
11⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
12⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
13⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
13⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
12⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 236
11⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
9⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
10⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
11⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
12⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
10⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
8⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 220
7⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
6⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
7⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
8⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
9⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
10⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
11⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 236
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
10⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
9⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
8⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
7⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
6⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
7⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-18894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18894.exe
10⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
11⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 236
12⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 236
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 236
10⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
8⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
7⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
6⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
7⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
8⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
9⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
10⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
11⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
11⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
10⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
9⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
8⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
7⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
6⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
5⤵
- Program crash
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
7⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
9⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
11⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
12⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
8⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
7⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
6⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
7⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
8⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
9⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
10⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
11⤵
PID:11408

C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
12⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 216
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
10⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
9⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
8⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
7⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
6⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
5⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
6⤵
PID:660

C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
7⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
8⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
9⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
10⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
11⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
11⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
10⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
9⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
8⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 216
7⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 216
6⤵
- Program crash
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
5⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
4⤵
- Program crash
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
2⤵
- Program crash
PID:2360

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
Filesize
184KB

MD5
2a24eee83d9339d8d6b020a3d0560e95

SHA1
f74a5d5135247a0e5007c75847b1134d72bfa3b4

SHA256
2023c8862a38280d7b5b0d91e56e4f9a5bebf5ccf41f4fbf3e40113bc554a8c0

SHA512
1fc9df203bc397b51a42d5dad412edaef98e26897d54187cdb95050b8115ff309f26e4f9d076708d5bf4ea3af86ab0823be631c80ab816371c52f0ffde351a2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
Filesize
184KB

MD5
89f27ac4e628b08e597953f14d65f7ed

SHA1
8b24db9506eeb47f02cb60b8c9b37a01004f1569

SHA256
03a9d19e7c6ab9e8eb176ff2f7b27cdacef60eea444213134b73f59eb6cda12b

SHA512
b3d3b6d9511dfa0852d6787dce7732b7a3bafd88f9af69c37bd160e8b56e7e01f9f2c7ea731b7daadd91386f7fddc9e53efe4c812676fce3b3eaacdde31de5fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
Filesize
184KB

MD5
bb71ef162ae749d7d847d75acfaf11a8

SHA1
cfe9b687f236203b1235b87a999b60cbe803029c

SHA256
f223fadd8dae2c60b0fb9f61e67a6464910c993eb8d042c66ea6aec877de2064

SHA512
efe8906b98d55ada3cfced7ad370f88905d14f705dd994ab75ed4085cf05e8eb890fe2aebf5df586a564b6b76807bfadca309c7fb4f79f6be2f63ddbe3f54f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
Filesize
184KB

MD5
b6dd29b93c6064e2df85dfced5bc9f39

SHA1
fd453a8b8ccfaf56d5269626808a057512c69ea3

SHA256
a528cf07660c1e975bcf6ed29f62f19d689c7d4bcbbc18d4f130fecc95a03a40

SHA512
6434a54a30841662883a16af56c2582aa065a7227dffcd5f8e6dc74c59408ff438a9983881f0768bcddc2904d312a26cb42d382a3e755fe68e4800aaf7d04ebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
Filesize
184KB

MD5
5d6f50d56f00286d54383a619ee26bb4

SHA1
66075567e61da5bea0151844e339a892625d1674

SHA256
b8929222b6bc26c2a7a04d95d7ba4d978325731c854fe7da9d743f589c3494ad

SHA512
ffbe7891d9ffbc9d8a8f39a8b23422b0161cec85aa13963a73674c89a31133d6945362ffd9352f33ab68f490fd0b2d994403bb084ba84c7e5429678e86967132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
Filesize
184KB

MD5
02eb6fad70a9957515ef1c17f0a50a50

SHA1
f71aab8ba3f4b864d29e81036060c477e33b460c

SHA256
df3aacf6751f0183c6edfef49716c8661e1a4c8d8c73993e6567d2b95a2f6fc3

SHA512
93648d39a84bb56811969fde5e014383c4334777ebe6aa66b1b1853341ae2bec2a506b5d5b2653cc51140508be0199faab25e7f3957f67287406ecf2c5d79a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
Filesize
184KB

MD5
ab4a73142ac22f280e1fe730383ee7c1

SHA1
d458faa8eb87fb176f16a038d6434c51743f76b3

SHA256
01f1677150c3184ba5933146677b1cdeaf1381a321000e96453c9fce06779acd

SHA512
1e603f1b301ec43dabf6ddedd32bd6707cfcade61c4bffd39b76f4777248e9df7c15909b347485bf1c264ae81600fc4262502b5a57ba6f9ac52800f5ee4efd3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
Filesize
184KB

MD5
2774207c9d63e784950034fde060fea9

SHA1
0d32bd5b3c33e237e680b5744768dd374757d4a9

SHA256
fda803c1dd0693231b458b8adea07adb1653500a14c9a6665568658d9ba1d91d

SHA512
104805b7203dfd56bbf1ada610085e51c22ead4c4c91230d95dca89a17cf3f43443497785e2639785e53c473cc8b580541735ea258f77ecba56eee85930b005b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
Filesize
184KB

MD5
000f174503972beea9d8ad9db7340738

SHA1
ef2d682614bca14b2e11982275e806cc66f2ef16

SHA256
731f5aeca0b31a9a799c74e4332a167bb1aa5e4dafe9173227e756987e80b3bd

SHA512
ab903c0acea68945a5eb244a857ecba284fbb8114bfd6e8ba71d4b3d92984927685eae2233cfa45cea867dfe8b0de43a8f53b84a333aa0a576379a82fc57074e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
Filesize
184KB

MD5
8dc23618411f6344fb8fa9de2a74899d

SHA1
fbb48206108a0058e2a1158f2761168d13acce95

SHA256
860e35fb342cbfb2830390cd2d81fb0dcb2f6e4d7eac8e8945930e8de1250c93

SHA512
ce513fff943365cf1ba5ae1a274cfbe37abe188ea5c4c04ef865fc4c716e224ae0ba8cedba641889ecf642b79bbc9139619209a003d69d19b90233555f474222

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
Filesize
184KB

MD5
b47dcd1eede4524d1678dbafac95b633

SHA1
1579258239fa17d8a8714080303cb1d3e986e9ea

SHA256
e67b9178a281b3945cac0fe20a7a1bb049245bf67a302e4b250031fa387411dc

SHA512
c2e9a6cdbdcf09d0a1147288ed1a0b36bdcbba6e53cd45c31d770b510cfe7cb29784fe07146c6c6b1da5107e8cb19379151c902aed64b0485ceab0db6d7d2b5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
Filesize
184KB

MD5
46d9379fe2b6b70c500894763299e514

SHA1
57ddedd92fa80654fc7df244e5df28a9e9388560

SHA256
cdbf8d5d5acfe491d46d8f2da28d83d73e2fe8712d15916058e60c9905bf891c

SHA512
6ec3c1d168f957aebf659ad7a09755ad5896a9e6f4cb66985bf5e4454d34ebe75ee7201b80ed2238137f77a169b7b413d128d29de741b43891839ae4d732a023

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
Filesize
184KB

MD5
f3892f6aeb4d4e3146105a5bfe3bed92

SHA1
1a98c2149cbc0df46fae747ccefe23b1be477b8d

SHA256
5df19380d82f563f159972a710b3c8edefb733e05e13701d18750324eef7b25b

SHA512
14fce1d7088599d79768700682180eb96e557930623ed910a30a73b9bf95048bee357485a572d2e0ec5d4eca12dd77ce46381bce701becaf4a11e1fa18a1a4fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
Filesize
184KB

MD5
b0e2de673aefcace2b62d4cd63a15bc1

SHA1
b60f30daf5a114a3ff350a0fa605094d17e705cd

SHA256
b68a4bae3754698944120449714590fc076bdc37b837460ff74a71010006162a

SHA512
bb64b34b97793217a7551432fcaebc94ce7ff20c4eeb0ab7c00c39e9629b1f18653335db6a97d7c3d8bdf6e4b52ee13f01c16620434d3f7563242cb1f582eeb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
Filesize
184KB

MD5
59b70f0ee50c74b83497340b478b8f1e

SHA1
b22a93eb41c4103c74b85008ae97f9d93bcf8ac3

SHA256
33694c3b7e3341fc520607b21872300aa35c3492b16776815da500a673920c01

SHA512
43d14cfc133c111aee7c33eeff4565c7a1a55b57baec47b6e7ab0e368d7873bffaddbbe1a7df7d5f3b3a7793937a91ef1f0a1b3bb0749da291831708010300da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
Filesize
184KB

MD5
a9412752070f258d999871f5a0723a42

SHA1
cea70c7ca4b65dd6a2607fc607a6c848f4b707d6

SHA256
eb99bcbb7884a52bd64f3280cbfe862a97a730bcef74f8dabf4407eac3a976d9

SHA512
6dacbd74dea7692fe82eaad5eefd58d820e83ca1a394672f6285f746e30ec116f3383ca1242c5ec352329a55edd99993072bb717db45c097c25475c8600c1821

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
Filesize
184KB

MD5
41147b4175dfeaf942e7007a0cda8107

SHA1
c95d04a6473c38de1926aba70ad11ebf1a45ebdb

SHA256
f0ab58a1ca1cb4e7870c9aac28defd3eec329c6508fd4bfdd18da102cf3a494f

SHA512
0489b86ae68d8d95957d0edcda719b5deb5925028ff5ceef431b01a1095745bf6af4b6a88ebf4a0ea00daabbd62eeade0d91f2361d939349cb6ef04bb092c0bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
Filesize
184KB

MD5
37ab231282b2a69b3bb6a32d351d26a8

SHA1
dc402285767a5c3c0d08c9657a6bc66c1b955233

SHA256
4c171d5c21195fc239334266c69508cfea4890e4c3119db9f8b3ab5f48502db7

SHA512
09cb628385975605b7bbd1b2aec6951858ff2e4a6b3e50d0fa072a26a04982b4d31399daae2e2b022cb4453082ae9f8cc0d95b18850fa8d8caba8bf8a92fd201

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
Filesize
184KB

MD5
a6db5d4c35d6d571576fa42600afee67

SHA1
a932e368e5c46f7521bf8f3c27f9a63c0536770f

SHA256
983df31cbe4bc9c3e95a787c5e35c5695f60d398396aee43c13f9f6dcff34510

SHA512
caee2f8fc879bce039b13eb9a9cb47ace9e3f3e403090ee563b31bca41be2f68b9c67ff98ade993dbd02dee9e91a4309b25a2901205e9ca1b22d480c83b1e20a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
Filesize
184KB

MD5
23051e8fd8953553cf23edcde3f958ff

SHA1
9c5f36e2b4f9a170cf7a4e15518fb5868e3b6fd8

SHA256
ad636234a3d3b0d99daad38f4040f239d2a0a9605fc6c3fbcdcf633e0054d5ea

SHA512
c80c287c96409a881847a1dd1a66b2321258a855922eb3ed39dcbc54f56350ddcb869bea1ba0f9aa28b3ac6441f6726a92a332e2531d39e0564248e065059266

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads