6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
Size

184KB
MD5

efcabec6cc93bf119b8aca0be29e6ca8
SHA1

58c6a2d4dfcab835a69930121518aba50852685a
SHA256

6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832
SHA512

a5567dcc942c1fcf922f161b5491447be7edd9d14cfe0f846946569835ed462befbe8704648f30f421c6bc709caf5015675f33c9580bc4f06b9298a96578bd80
SSDEEP

3072:33H338oo76uZRkaWT/pLZzfuhlnViFgn3:33coyrkaCLRfuhlnViFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-50806.exeUnicorn-21196.exeUnicorn-36140.exeUnicorn-52005.exeUnicorn-36415.exeUnicorn-25555.exeUnicorn-17470.exeUnicorn-32414.exeUnicorn-64532.exeUnicorn-29722.exeUnicorn-13940.exeUnicorn-30874.exeUnicorn-39042.exeUnicorn-58647.exeUnicorn-55954.exeUnicorn-9446.exeUnicorn-29312.exeUnicorn-44257.exeUnicorn-31533.exeUnicorn-46478.exeUnicorn-43785.exeUnicorn-47869.exeUnicorn-28003.exeUnicorn-33671.exeUnicorn-17889.exeUnicorn-41839.exeUnicorn-56784.exeUnicorn-11112.exeUnicorn-15196.exeUnicorn-45970.exeUnicorn-30188.exeUnicorn-58222.exeUnicorn-35856.exeUnicorn-50801.exeUnicorn-9213.exeUnicorn-58969.exeUnicorn-48108.exeUnicorn-15051.exeUnicorn-64807.exeUnicorn-53946.exeUnicorn-23220.exeUnicorn-38164.exeUnicorn-7438.exeUnicorn-27304.exeUnicorn-31580.exeUnicorn-62114.exeUnicorn-46525.exeUnicorn-37008.exeUnicorn-51953.exeUnicorn-41092.exeUnicorn-57428.exeUnicorn-41646.exeUnicorn-3951.exeUnicorn-8035.exeUnicorn-57791.exeUnicorn-42846.exeUnicorn-27064.exeUnicorn-46930.exeUnicorn-51014.exeUnicorn-422.exeUnicorn-28456.exeUnicorn-47677.exeUnicorn-12695.exeUnicorn-47506.exe

pid	process
2024	Unicorn-50806.exe
2968	Unicorn-21196.exe
3068	Unicorn-36140.exe
2804	Unicorn-52005.exe
2708	Unicorn-36415.exe
2616	Unicorn-25555.exe
1624	Unicorn-17470.exe
1748	Unicorn-32414.exe
2216	Unicorn-64532.exe
2720	Unicorn-29722.exe
1064	Unicorn-13940.exe
988	Unicorn-30874.exe
1648	Unicorn-39042.exe
2952	Unicorn-58647.exe
2304	Unicorn-55954.exe
3040	Unicorn-9446.exe
2068	Unicorn-29312.exe
2868	Unicorn-44257.exe
3020	Unicorn-31533.exe
3036	Unicorn-46478.exe
1672	Unicorn-43785.exe
2352	Unicorn-47869.exe
348	Unicorn-28003.exe
712	Unicorn-33671.exe
756	Unicorn-17889.exe
2172	Unicorn-41839.exe
2376	Unicorn-56784.exe
2112	Unicorn-11112.exe
1952	Unicorn-15196.exe
1592	Unicorn-45970.exe
2320	Unicorn-30188.exe
2852	Unicorn-58222.exe
2848	Unicorn-35856.exe
2604	Unicorn-50801.exe
2808	Unicorn-9213.exe
2504	Unicorn-58969.exe
2576	Unicorn-48108.exe
1516	Unicorn-15051.exe
1864	Unicorn-64807.exe
1392	Unicorn-53946.exe
1584	Unicorn-23220.exe
1416	Unicorn-38164.exe
2204	Unicorn-7438.exe
1900	Unicorn-27304.exe
2240	Unicorn-31580.exe
2208	Unicorn-62114.exe
1144	Unicorn-46525.exe
2000	Unicorn-37008.exe
2480	Unicorn-51953.exe
2212	Unicorn-41092.exe
768	Unicorn-57428.exe
892	Unicorn-41646.exe
2308	Unicorn-3951.exe
1876	Unicorn-8035.exe
2412	Unicorn-57791.exe
1980	Unicorn-42846.exe
1756	Unicorn-27064.exe
1660	Unicorn-46930.exe
1604	Unicorn-51014.exe
2748	Unicorn-422.exe
2784	Unicorn-28456.exe
2776	Unicorn-47677.exe
2552	Unicorn-12695.exe
1372	Unicorn-47506.exe

Loads dropped DLL 64 IoCs

Processes:

6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exeUnicorn-50806.exeUnicorn-21196.exeUnicorn-36140.exeWerFault.exeUnicorn-52005.exeUnicorn-36415.exeUnicorn-25555.exeWerFault.exeWerFault.exeUnicorn-32414.exeUnicorn-17470.exeUnicorn-13940.exeUnicorn-29722.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
2024	Unicorn-50806.exe
2024	Unicorn-50806.exe
2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
2968	Unicorn-21196.exe
2968	Unicorn-21196.exe
2024	Unicorn-50806.exe
2024	Unicorn-50806.exe
3068	Unicorn-36140.exe
3068	Unicorn-36140.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2804	Unicorn-52005.exe
2804	Unicorn-52005.exe
2968	Unicorn-21196.exe
2968	Unicorn-21196.exe
2708	Unicorn-36415.exe
2708	Unicorn-36415.exe
2616	Unicorn-25555.exe
2616	Unicorn-25555.exe
3068	Unicorn-36140.exe
3068	Unicorn-36140.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
1748	Unicorn-32414.exe
1748	Unicorn-32414.exe
1624	Unicorn-17470.exe
1624	Unicorn-17470.exe
2804	Unicorn-52005.exe
2804	Unicorn-52005.exe
1064	Unicorn-13940.exe
1064	Unicorn-13940.exe
2616	Unicorn-25555.exe
2616	Unicorn-25555.exe
2720	Unicorn-29722.exe
2720	Unicorn-29722.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2708	Unicorn-36415.exe
2708	Unicorn-36415.exe
2380	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2788	2060	WerFault.exe	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
2940	2024	WerFault.exe	Unicorn-50806.exe
2200	2968	WerFault.exe	Unicorn-21196.exe
776	3068	WerFault.exe	Unicorn-36140.exe
2380	2216	WerFault.exe	Unicorn-64532.exe
1800	2804	WerFault.exe	Unicorn-52005.exe
1540	2708	WerFault.exe	Unicorn-36415.exe
764	2616	WerFault.exe	Unicorn-25555.exe
2012	1748	WerFault.exe	Unicorn-32414.exe
1744	1624	WerFault.exe	Unicorn-17470.exe
2972	1064	WerFault.exe	Unicorn-13940.exe
2088	2720	WerFault.exe	Unicorn-29722.exe
1296	988	WerFault.exe	Unicorn-30874.exe
2296	1648	WerFault.exe	Unicorn-39042.exe
2336	2952	WerFault.exe	Unicorn-58647.exe
1084	2304	WerFault.exe	Unicorn-55954.exe
2928	2068	WerFault.exe	Unicorn-29312.exe
1448	2868	WerFault.exe	Unicorn-44257.exe
944	3040	WerFault.exe	Unicorn-9446.exe
1444	3020	WerFault.exe	Unicorn-31533.exe
828	3036	WerFault.exe	Unicorn-46478.exe
2020	1672	WerFault.exe	Unicorn-43785.exe
856	2352	WerFault.exe	Unicorn-47869.exe
1568	348	WerFault.exe	Unicorn-28003.exe
2608	712	WerFault.exe	Unicorn-33671.exe
2756	2172	WerFault.exe	Unicorn-41839.exe
2672	756	WerFault.exe	Unicorn-17889.exe
2976	2376	WerFault.exe	Unicorn-56784.exe
2568	1952	WerFault.exe	Unicorn-15196.exe
1060	1592	WerFault.exe	Unicorn-45970.exe
1792	2320	WerFault.exe	Unicorn-30188.exe
2684	2808	WerFault.exe	Unicorn-9213.exe
2700	1392	WerFault.exe	Unicorn-53946.exe
2556	1416	WerFault.exe	Unicorn-38164.exe
3092	1900	WerFault.exe	Unicorn-27304.exe
3140	1584	WerFault.exe	Unicorn-23220.exe
3228	2204	WerFault.exe	Unicorn-7438.exe
3424	1144	WerFault.exe	Unicorn-46525.exe
3488	2852	WerFault.exe	Unicorn-58222.exe
3552	2240	WerFault.exe	Unicorn-31580.exe
3620	2504	WerFault.exe	Unicorn-58969.exe
3644	1864	WerFault.exe	Unicorn-64807.exe
3660	2604	WerFault.exe	Unicorn-50801.exe
3812	2576	WerFault.exe	Unicorn-48108.exe
3984	1516	WerFault.exe	Unicorn-15051.exe
4004	2208	WerFault.exe	Unicorn-62114.exe
4016	2848	WerFault.exe	Unicorn-35856.exe
3200	1524	WerFault.exe	Unicorn-35808.exe
3224	1980	WerFault.exe	Unicorn-42846.exe
3268	768	WerFault.exe	Unicorn-57428.exe
3236	1660	WerFault.exe	Unicorn-46930.exe
3328	2412	WerFault.exe	Unicorn-57791.exe
3348	2308	WerFault.exe	Unicorn-3951.exe
3416	2820	WerFault.exe	Unicorn-24948.exe
3472	1356	WerFault.exe	Unicorn-52337.exe
3560	1628	WerFault.exe	Unicorn-42353.exe
3580	340	WerFault.exe	Unicorn-43977.exe
3616	1372	WerFault.exe	Unicorn-47506.exe
3736	1484	WerFault.exe	Unicorn-19987.exe
3776	2552	WerFault.exe	Unicorn-12695.exe
3188	2212	WerFault.exe	Unicorn-41092.exe
3608	2000	WerFault.exe	Unicorn-37008.exe
3372	2040	WerFault.exe	Unicorn-41175.exe
3376	2080	WerFault.exe	Unicorn-6364.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exeUnicorn-50806.exeUnicorn-21196.exeUnicorn-36140.exeUnicorn-52005.exeUnicorn-36415.exeUnicorn-25555.exeUnicorn-32414.exeUnicorn-17470.exeUnicorn-64532.exeUnicorn-13940.exeUnicorn-29722.exeUnicorn-30874.exeUnicorn-39042.exeUnicorn-58647.exeUnicorn-55954.exeUnicorn-29312.exeUnicorn-44257.exeUnicorn-9446.exeUnicorn-31533.exeUnicorn-46478.exeUnicorn-43785.exeUnicorn-28003.exeUnicorn-47869.exeUnicorn-33671.exeUnicorn-17889.exeUnicorn-41839.exeUnicorn-15196.exeUnicorn-11112.exeUnicorn-56784.exeUnicorn-45970.exeUnicorn-30188.exeUnicorn-58222.exeUnicorn-35856.exeUnicorn-50801.exeUnicorn-9213.exeUnicorn-58969.exeUnicorn-48108.exeUnicorn-15051.exeUnicorn-64807.exeUnicorn-53946.exeUnicorn-23220.exeUnicorn-27304.exeUnicorn-62114.exeUnicorn-7438.exeUnicorn-38164.exeUnicorn-31580.exeUnicorn-46525.exeUnicorn-37008.exeUnicorn-41092.exeUnicorn-51953.exeUnicorn-57428.exeUnicorn-41646.exeUnicorn-3951.exeUnicorn-8035.exeUnicorn-42846.exeUnicorn-57791.exeUnicorn-27064.exeUnicorn-46930.exeUnicorn-51014.exeUnicorn-28456.exeUnicorn-47677.exeUnicorn-12695.exeUnicorn-47506.exe

pid	process
2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
2024	Unicorn-50806.exe
2968	Unicorn-21196.exe
3068	Unicorn-36140.exe
2804	Unicorn-52005.exe
2708	Unicorn-36415.exe
2616	Unicorn-25555.exe
1748	Unicorn-32414.exe
1624	Unicorn-17470.exe
2216	Unicorn-64532.exe
1064	Unicorn-13940.exe
2720	Unicorn-29722.exe
988	Unicorn-30874.exe
1648	Unicorn-39042.exe
2952	Unicorn-58647.exe
2304	Unicorn-55954.exe
2068	Unicorn-29312.exe
2868	Unicorn-44257.exe
3040	Unicorn-9446.exe
3020	Unicorn-31533.exe
3036	Unicorn-46478.exe
1672	Unicorn-43785.exe
348	Unicorn-28003.exe
2352	Unicorn-47869.exe
712	Unicorn-33671.exe
756	Unicorn-17889.exe
2172	Unicorn-41839.exe
1952	Unicorn-15196.exe
2112	Unicorn-11112.exe
2376	Unicorn-56784.exe
1592	Unicorn-45970.exe
2320	Unicorn-30188.exe
2852	Unicorn-58222.exe
2848	Unicorn-35856.exe
2604	Unicorn-50801.exe
2808	Unicorn-9213.exe
2504	Unicorn-58969.exe
2576	Unicorn-48108.exe
1516	Unicorn-15051.exe
1864	Unicorn-64807.exe
1392	Unicorn-53946.exe
1584	Unicorn-23220.exe
1900	Unicorn-27304.exe
2208	Unicorn-62114.exe
2204	Unicorn-7438.exe
1416	Unicorn-38164.exe
2240	Unicorn-31580.exe
1144	Unicorn-46525.exe
2000	Unicorn-37008.exe
2212	Unicorn-41092.exe
2480	Unicorn-51953.exe
768	Unicorn-57428.exe
892	Unicorn-41646.exe
2308	Unicorn-3951.exe
1876	Unicorn-8035.exe
1980	Unicorn-42846.exe
2412	Unicorn-57791.exe
1756	Unicorn-27064.exe
1660	Unicorn-46930.exe
1604	Unicorn-51014.exe
2784	Unicorn-28456.exe
2776	Unicorn-47677.exe
2552	Unicorn-12695.exe
1372	Unicorn-47506.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exeUnicorn-50806.exeUnicorn-21196.exeUnicorn-36140.exeUnicorn-52005.exeUnicorn-36415.exeUnicorn-25555.exeUnicorn-32414.exe

description	pid	process	target process
PID 2060 wrote to memory of 2024	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-50806.exe
PID 2060 wrote to memory of 2024	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-50806.exe
PID 2060 wrote to memory of 2024	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-50806.exe
PID 2060 wrote to memory of 2024	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-50806.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-50806.exe	Unicorn-21196.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-50806.exe	Unicorn-21196.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-50806.exe	Unicorn-21196.exe
PID 2024 wrote to memory of 2968	2024	Unicorn-50806.exe	Unicorn-21196.exe
PID 2060 wrote to memory of 3068	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-36140.exe
PID 2060 wrote to memory of 3068	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-36140.exe
PID 2060 wrote to memory of 3068	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-36140.exe
PID 2060 wrote to memory of 3068	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	Unicorn-36140.exe
PID 2060 wrote to memory of 2788	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	WerFault.exe
PID 2060 wrote to memory of 2788	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	WerFault.exe
PID 2060 wrote to memory of 2788	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	WerFault.exe
PID 2060 wrote to memory of 2788	2060	6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe	WerFault.exe
PID 2968 wrote to memory of 2804	2968	Unicorn-21196.exe	Unicorn-52005.exe
PID 2968 wrote to memory of 2804	2968	Unicorn-21196.exe	Unicorn-52005.exe
PID 2968 wrote to memory of 2804	2968	Unicorn-21196.exe	Unicorn-52005.exe
PID 2968 wrote to memory of 2804	2968	Unicorn-21196.exe	Unicorn-52005.exe
PID 2024 wrote to memory of 2708	2024	Unicorn-50806.exe	Unicorn-36415.exe
PID 2024 wrote to memory of 2708	2024	Unicorn-50806.exe	Unicorn-36415.exe
PID 2024 wrote to memory of 2708	2024	Unicorn-50806.exe	Unicorn-36415.exe
PID 2024 wrote to memory of 2708	2024	Unicorn-50806.exe	Unicorn-36415.exe
PID 3068 wrote to memory of 2616	3068	Unicorn-36140.exe	Unicorn-25555.exe
PID 3068 wrote to memory of 2616	3068	Unicorn-36140.exe	Unicorn-25555.exe
PID 3068 wrote to memory of 2616	3068	Unicorn-36140.exe	Unicorn-25555.exe
PID 3068 wrote to memory of 2616	3068	Unicorn-36140.exe	Unicorn-25555.exe
PID 2024 wrote to memory of 2940	2024	Unicorn-50806.exe	WerFault.exe
PID 2024 wrote to memory of 2940	2024	Unicorn-50806.exe	WerFault.exe
PID 2024 wrote to memory of 2940	2024	Unicorn-50806.exe	WerFault.exe
PID 2024 wrote to memory of 2940	2024	Unicorn-50806.exe	WerFault.exe
PID 2804 wrote to memory of 1624	2804	Unicorn-52005.exe	Unicorn-17470.exe
PID 2804 wrote to memory of 1624	2804	Unicorn-52005.exe	Unicorn-17470.exe
PID 2804 wrote to memory of 1624	2804	Unicorn-52005.exe	Unicorn-17470.exe
PID 2804 wrote to memory of 1624	2804	Unicorn-52005.exe	Unicorn-17470.exe
PID 2968 wrote to memory of 1748	2968	Unicorn-21196.exe	Unicorn-32414.exe
PID 2968 wrote to memory of 1748	2968	Unicorn-21196.exe	Unicorn-32414.exe
PID 2968 wrote to memory of 1748	2968	Unicorn-21196.exe	Unicorn-32414.exe
PID 2968 wrote to memory of 1748	2968	Unicorn-21196.exe	Unicorn-32414.exe
PID 2708 wrote to memory of 2720	2708	Unicorn-36415.exe	Unicorn-29722.exe
PID 2708 wrote to memory of 2720	2708	Unicorn-36415.exe	Unicorn-29722.exe
PID 2708 wrote to memory of 2720	2708	Unicorn-36415.exe	Unicorn-29722.exe
PID 2708 wrote to memory of 2720	2708	Unicorn-36415.exe	Unicorn-29722.exe
PID 2616 wrote to memory of 2216	2616	Unicorn-25555.exe	Unicorn-64532.exe
PID 2616 wrote to memory of 2216	2616	Unicorn-25555.exe	Unicorn-64532.exe
PID 2616 wrote to memory of 2216	2616	Unicorn-25555.exe	Unicorn-64532.exe
PID 2616 wrote to memory of 2216	2616	Unicorn-25555.exe	Unicorn-64532.exe
PID 3068 wrote to memory of 1064	3068	Unicorn-36140.exe	Unicorn-13940.exe
PID 3068 wrote to memory of 1064	3068	Unicorn-36140.exe	Unicorn-13940.exe
PID 3068 wrote to memory of 1064	3068	Unicorn-36140.exe	Unicorn-13940.exe
PID 3068 wrote to memory of 1064	3068	Unicorn-36140.exe	Unicorn-13940.exe
PID 2968 wrote to memory of 2200	2968	Unicorn-21196.exe	WerFault.exe
PID 2968 wrote to memory of 2200	2968	Unicorn-21196.exe	WerFault.exe
PID 2968 wrote to memory of 2200	2968	Unicorn-21196.exe	WerFault.exe
PID 2968 wrote to memory of 2200	2968	Unicorn-21196.exe	WerFault.exe
PID 3068 wrote to memory of 776	3068	Unicorn-36140.exe	WerFault.exe
PID 3068 wrote to memory of 776	3068	Unicorn-36140.exe	WerFault.exe
PID 3068 wrote to memory of 776	3068	Unicorn-36140.exe	WerFault.exe
PID 3068 wrote to memory of 776	3068	Unicorn-36140.exe	WerFault.exe
PID 1748 wrote to memory of 988	1748	Unicorn-32414.exe	Unicorn-30874.exe
PID 1748 wrote to memory of 988	1748	Unicorn-32414.exe	Unicorn-30874.exe
PID 1748 wrote to memory of 988	1748	Unicorn-32414.exe	Unicorn-30874.exe
PID 1748 wrote to memory of 988	1748	Unicorn-32414.exe	Unicorn-30874.exe

C:\Users\Admin\AppData\Local\Temp\6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe
"C:\Users\Admin\AppData\Local\Temp\6ae87c9335aaf6fd6055f35abe6a09af24f014d22da5422d0e07faba1ea12832.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-21196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21196.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35856.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
10⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
11⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-23547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23547.exe
12⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
13⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
14⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
15⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
16⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
15⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
14⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
13⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
12⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
11⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
10⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
9⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
10⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
11⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
12⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
13⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
14⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
15⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
14⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 220
13⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
12⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
11⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
10⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
9⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
9⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
10⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
11⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
12⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
13⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
14⤵
PID:10520

C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
15⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 236
14⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
13⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
12⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
11⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
10⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
10⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
12⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
13⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
14⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 236
13⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
12⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
11⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
10⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
8⤵
- Program crash
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
9⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
10⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
11⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
12⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
13⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
14⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
14⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
13⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
12⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 236
11⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
10⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
9⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
8⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
9⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
8⤵
- Program crash
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
7⤵
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
9⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
11⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
12⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
13⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
14⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
15⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
14⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
13⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
12⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
10⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
11⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
12⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
13⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
14⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
13⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
12⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
8⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
9⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
11⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
12⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 236
13⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
12⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
10⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
9⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
8⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
7⤵
- Executes dropped EXE
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
7⤵
- Program crash
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
9⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
10⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
12⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
13⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
14⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
14⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
13⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
12⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
11⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
8⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
12⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
14⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
9⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
8⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
8⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
11⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
12⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
13⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
13⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
11⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 216
9⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
8⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
7⤵
- Program crash
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-58969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58969.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
8⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
11⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
12⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
13⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
14⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
13⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
12⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
9⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
8⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
11⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
11⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 236
12⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 220
11⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 216
8⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
6⤵
- Program crash
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
9⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
10⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
11⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
12⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
13⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
14⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
15⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
15⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
14⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
13⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
12⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
11⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
10⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
9⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
12⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
13⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
14⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10896 -s 216
14⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
13⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
12⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
11⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
9⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
8⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
9⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
10⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
11⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
12⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22699.exe
13⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
14⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
14⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
13⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 236
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
11⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
10⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
9⤵
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
8⤵
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
11⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
12⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
13⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 236
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 216
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
11⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
8⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
7⤵
- Program crash
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-10339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10339.exe
9⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
12⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
13⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
14⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
14⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
13⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
12⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
11⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
10⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
9⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
8⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
11⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
12⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
13⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
13⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 236
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
8⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
7⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
8⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
11⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
12⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
13⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
13⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 236
12⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 236
11⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
10⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
8⤵
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
7⤵
- Program crash
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
6⤵
- Program crash
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
8⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
12⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
13⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
13⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
12⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
9⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
8⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
7⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
11⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
12⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
13⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
12⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 236
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 216
8⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
7⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
11⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
12⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
13⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11180 -s 236
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
11⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
10⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
9⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
10⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
11⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
12⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10424 -s 216
12⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 236
10⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
9⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
7⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
5⤵
- Program crash
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
9⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
11⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
12⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
13⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
14⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
14⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
13⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
12⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
9⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
11⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
12⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
13⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
14⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
13⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
12⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
10⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
8⤵
- Program crash
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
7⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
8⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
11⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
12⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
13⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 216
13⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
12⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 220
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
9⤵
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
8⤵
- Program crash
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
7⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 220
12⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
10⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
8⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
7⤵
- Program crash
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
6⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
7⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
8⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
12⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
13⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
14⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 236
13⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
10⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
9⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
8⤵
- Program crash
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
7⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
10⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
11⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
12⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 236
12⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
9⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
8⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 220
7⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
6⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
12⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
13⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
11⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
8⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 216
7⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
6⤵
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
5⤵
- Program crash
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
12⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
13⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 236
13⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
11⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
8⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
7⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
6⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
7⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
12⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
13⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
13⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
9⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
10⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
11⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
12⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
11⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
10⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
9⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
8⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 220
7⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
6⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
7⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
11⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
12⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 216
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
10⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
11⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
12⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 236
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
10⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
9⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
8⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
7⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
6⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
10⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
11⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
11⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
10⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
9⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
8⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
7⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
6⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
5⤵
- Program crash
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
7⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
8⤵
PID:464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
11⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
12⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
13⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
14⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 236
11⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 216
9⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
8⤵
- Program crash
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
7⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
9⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
10⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
11⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
12⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
13⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
12⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
11⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
10⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
9⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
8⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
7⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
6⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
10⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
11⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
12⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
13⤵
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
10⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
7⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
6⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
7⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
10⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
11⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
12⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
13⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
12⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
10⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
8⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
7⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
6⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
8⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
9⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
11⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
12⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
10⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
9⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
8⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
7⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
6⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
5⤵
- Program crash
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
4⤵
- Program crash
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
8⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
12⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
13⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
14⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
13⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
10⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
7⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
11⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
12⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
11⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
8⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
7⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
7⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
10⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
13⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
13⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 236
12⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
11⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
7⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
9⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
10⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
11⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
12⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 236
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 236
11⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
10⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
7⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 240
6⤵
- Program crash
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
6⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
7⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
10⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
11⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
12⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 236
12⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
8⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
7⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
6⤵
PID:492

C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
7⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
9⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 220
11⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
10⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
9⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
8⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 216
7⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
6⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
5⤵
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
6⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
9⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
10⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
11⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
10⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 240
9⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 216
7⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
6⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
7⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
9⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
10⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
11⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
12⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 236
12⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
11⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
10⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
9⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
8⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 216
7⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 220
6⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
5⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
5⤵
- Program crash
PID:2672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
4⤵
- Program crash
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
2⤵
- Program crash
PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe

Filesize
184KB

MD5
36210988ee0478a3f9e82184d6d77aea

SHA1
4616f44ec07656e1c807005ea2b3af2bcec775b7

SHA256
7d28e7a3963f6b9559000ca8d81cfbc44c7405b501049f5de96026994fe09524

SHA512
a78bbf2c984ddd4c07c16ad4794b76c91ea1184634c13cf2191578400249484b9f690161071e01ff7b6cbdbbe1ff2e801e308afcaaf56fb91ffb3f9a20e3a53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe

Filesize
184KB

MD5
7a57cad60854240fa6d355c00e8f5c41

SHA1
cfccd5568f59ea9e07afa8d7f9c3772a916719e5

SHA256
910bb96b941b0be29a6e4a6b19461658ec823097ddb0753035a87770fe60317f

SHA512
df0d8ebb9b77c6ea48f04268fe29cee6db018a538f71410e05451b1322a4111ab3bf6b961aeb7eee50e24dc041fc73aa2daf72ea578f709c1e37bb9bf8ec0382

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe

Filesize
184KB

MD5
65928750a23a26d236ee9de95c30c53e

SHA1
e84ba8ea8fa126d3effc73d9175c700f35cb251e

SHA256
023407693b35b94a41008f867c3b7c512f5effb3a423cfe9a9e00a74a8831f14

SHA512
7ed6bfc2cf2c52b2661dcf4941f2bca899b65e4405069be87e56f6b979aab90ea06923504b140998901390e6d13bbfbaf050694970e2880b8f102ef23fa4ea45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe

Filesize
184KB

MD5
5a5e73af0616bbca0655f6857767090f

SHA1
0cacf4fd5d66df30b2f94e7cb31ff39e0193d2d5

SHA256
0a736c7906e6578a8bfb30ed67b74a1a82bfc15555a8bb29ccf289d71b4d7050

SHA512
a5492dec625c35aab012f479425911deadbe9ce9d7aaacc52b06eced565a43d6f79d645a63ff70455d8bb943779e0b1ea2ee657101b67b236918e1520c013533

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe

Filesize
184KB

MD5
3d5ec0563de6b4c26303c019cfaf2918

SHA1
b10f5869faa87c1569db21cd18a9438d390c0661

SHA256
386bb6f6c013312e63e4c1e370f76d46ee4a5a19d558a0d36b91ed5d4455088f

SHA512
bb0eaf437ddf2009ef0cf0b7e0025e6af161d14ae784b332505190efa43287bcb74f213f2a5f1c627d453475aed5bf92ff46e675b688ff7882abf2bbba04f3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe

Filesize
184KB

MD5
2fd3276af91e0ec51db066db70e563ea

SHA1
756eef5aaf0952bf908de32d83f1509fc37b2a61

SHA256
25e37c086c86e1fae05976ddd0c02ee2394c4b5e76d397ff6f0e6682250e1fa4

SHA512
297402a7db2a6a976c17c21b10100a238f79134a6206eed37c06e424a7dafd9381a347ebbfb9c43e24b4494bf6f2efd93165c706199ae011360a89a8ad03ce1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe

Filesize
184KB

MD5
3e85898fc5cc4bffe52ec45712766b6c

SHA1
8c3b6d7cd28fc5c5d52b7254f6c2e374b4e7d4c6

SHA256
c7761f013c9c1fb5e01259b570c737c3ccdaf3e6145ef32d0c349634510e865a

SHA512
678c928680bcd35bf0ee790d346b0f10d3513ae5c6d2935384e90bcca0f9c05076b9955bc8e1dbd4fc165a4151460a0b6647aa3f2a7cf0a1d3dac87b1db67195

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe

Filesize
184KB

MD5
3e19e80a77130d61b040dbf41166ba10

SHA1
3bc61ed39d9d209a9793f37ffbb17d13b4b0f63d

SHA256
d5cca77821b91cb9751841a519378e8dc22649ad7ee0a9e86fae2edb9883daa3

SHA512
9c407c363ff6f683bb0296250f7dc5e513d1b35ddca25239cadb8b947daed36b301cae59b1183b93cfb13525901deacec022cd7d3eabc8bc828519931f5ee4c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21196.exe

Filesize
184KB

MD5
1102ac4a4a6d94cb6cecfb1aa59b9fa1

SHA1
cbbbbefe865101b119fac89f12006991887f82db

SHA256
7084da8a324e6fa4174f9c1f7aa0d2000d59ed7c0f1372af6ea065f26a653a56

SHA512
d76636dae4ea44d3572cca77700970bce344fa23838af430b8aecd682f2bd19eafe3e38ffcddaba9a275408f796ec515b61aa00897b0a83aefc3e4a42ccfb2f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe

Filesize
184KB

MD5
c2dcce450b8a714b20cda61e1932ccbc

SHA1
95212f252c15369fcc4fb51711e6f888f6a1a158

SHA256
b71c8331225b11c9090eb3fb387661d51ace39d8ed9b58c52f1ee8ee6c876efa

SHA512
b5fc04056df4aa244515baf2ca884c4bc22c204028f728856951532a1677b48e2e34159fbcfe662457696174cdbe984fdc23e8b3044c6947c88bd072f30b3e0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe

Filesize
184KB

MD5
f777328b2b3bf1998ddde3962a96627a

SHA1
3dbd2e82dbbf04e50935eeda842da1fdad860c89

SHA256
22f1c3bbd5d52d9dac6316bba15d788a84b58103a98ab7705e5c6fb867f155b4

SHA512
e9290f5b89b1fa0c9456678828f6ccc052a3f0b5d75ccf7f17d1045e8ccc15f47ecde080a77004b459c5af79c9226db968e024454ae7f57712991756f34502e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe

Filesize
184KB

MD5
46bb391be219532f494331e486600496

SHA1
7520c7a192ee0644cc6408f6293bc261cd390c6f

SHA256
f887e1a04ca43a323a381bac363eb050e9103bd6ef62e89a83a546631f927e5b

SHA512
987612b235807549cafb005ed756cac714f1d36a1481fd929ab29cb9dae3b66580cc7898dea85a2aca11c0abe50985f0a412d238043f25c8ab925f8ec8aea63f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe

Filesize
184KB

MD5
0c53a786fee1845a6d6f1942e61c12b1

SHA1
04cc1dd657a922d8cd907ee656ac09102a8b9141

SHA256
8763002dbb877f3631f3e1d6c44431425d9731341a93def0851bd5546e398474

SHA512
325c6be64e0eeacaf90ba89b3acc2ae333afc5ca3c0d7e4f4230d9026d7484415d686a11f9708a7b9b2f1048065ff5164af2bb25e37726d0ad25ef1825d3d008

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe

Filesize
184KB

MD5
3cbbe28fd8a68e97d0b4b82f5f07bc8a

SHA1
6ab9b636684aafde61917e0c18608bd1e2699256

SHA256
889e73a1fd42912bad1fc9d3efc5de42dd6c582421128976a35b4543bb946325

SHA512
69077c79fcf3efbf997d12ed62728206126a1bcbf4d0ebf67783cd666ab57e01b2404eff5adb4eba18659673175169ab4b48383d9126df91b66bbb454e60142f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe

Filesize
184KB

MD5
9f727181047734aaa6ddff5f34f755a3

SHA1
c12cc45eabcdf3661ad40f15ee927269995b316c

SHA256
7c0af7a51d5f10dfb5dcaefa33d198d4fe4046b2a6705409cbdc0bad81bbb767

SHA512
333360565ab6c520dcf847cbedb5ed1fdb4366d8b96c9f9a7e69b9612c680fac5603bd936980b914c7ed829396b3f8e075ecc80e75157a83ce451cb317d453ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe

Filesize
184KB

MD5
664edc719b242e06bd0b0d3799febf30

SHA1
b4bf2f1e46d3745ed5fdbde36081e009108239e2

SHA256
88a3a85fcb2732d95336ac3bd14a1e86a7dfce1ee1a7e518b4a87e641d53af39

SHA512
0ea99a7fea00eda2e44134f469dd42607db4557e134285a9bf5d584a839e2bbe5cfd299a003dde4b0819a346c3fca45e7a40caad79ed45854b6b42b242d879e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe

Filesize
184KB

MD5
7275a54dbf50babfc264914619f2cc62

SHA1
390f7e8554773fc1469033fc40b79d8f5a333e5f

SHA256
56549905b7b95306f80d0db7efef65d05d5d9533b9e09ba5ba5a37f66d13f12b

SHA512
6ff3eb9b43025e2f1bf40b783bc765f0c3d5e85195df4b8db5769e4244e632351939bc15dac48dad99811136de0b78aa403601318d650e7d650ab33c35227b86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe

Filesize
184KB

MD5
a22ac6f600ee1a4c4acaf9150dce97fe

SHA1
cdb42c13bcac8bb31726879bb18533867b83969d

SHA256
f8eed50a2e2368ba1c5df503b9876487de6528c69b52ffa3d34c4b43ed7690b2

SHA512
da83a4f3499392b2d635730d9bf44ada5a080c53e1bf2e7a2bba2821f77c38f1f14af1e6521af8d778996d82ad8848ef3bc3062c7a01833959b9842b89950770

Download Submit