6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
Size

184KB
MD5

4aa4e339e79c47e72b6bbe5fffb28da6
SHA1

9988670c92dbfb84acf7e0d4a0ce70bf8550a6f8
SHA256

6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e
SHA512

47da0468cad9d259523c361818bef72b9883ae71c762e6e595636be5bc841b3e598a15df756e8334eb815b3953baecb1b1b0b06e540293e161dcd508767d4c1a
SSDEEP

3072:ancPiTolN0pvdRIYeppLpx8EIvvazPBKh+kKO5qtUfehl2VOFgnD:anxo+VRI3LP8EIDsxzhl2VOFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-33873.exeUnicorn-64490.exeUnicorn-44625.exeUnicorn-47168.exeUnicorn-16442.exeUnicorn-62113.exeUnicorn-20801.exeUnicorn-5019.exeUnicorn-24885.exeUnicorn-28969.exeUnicorn-43914.exeUnicorn-27624.exeUnicorn-47490.exeUnicorn-17340.exeUnicorn-2949.exeUnicorn-37760.exeUnicorn-52705.exeUnicorn-41844.exeUnicorn-56789.exeUnicorn-34828.exeUnicorn-34828.exeUnicorn-19046.exeUnicorn-42996.exeUnicorn-27214.exeUnicorn-59524.exeUnicorn-43742.exeUnicorn-32882.exeUnicorn-47827.exeUnicorn-6239.exeUnicorn-41050.exeUnicorn-55995.exeUnicorn-100.exeUnicorn-35103.exeUnicorn-19321.exeUnicorn-12544.exeUnicorn-27489.exeUnicorn-47355.exeUnicorn-16629.exeUnicorn-39741.exeUnicorn-2046.exeUnicorn-36857.exeUnicorn-21075.exeUnicorn-18383.exeUnicorn-22467.exeUnicorn-37411.exeUnicorn-61361.exeUnicorn-10769.exeUnicorn-30635.exeUnicorn-15045.exeUnicorn-65445.exeUnicorn-35186.exeUnicorn-19404.exeUnicorn-36940.exeUnicorn-60053.exeUnicorn-34994.exeUnicorn-54023.exeUnicorn-21180.exeUnicorn-36124.exeUnicorn-64158.exeUnicorn-33432.exeUnicorn-17650.exeUnicorn-10873.exeUnicorn-45684.exeUnicorn-14957.exe

pid	process
2380	Unicorn-33873.exe
2140	Unicorn-64490.exe
2160	Unicorn-44625.exe
2480	Unicorn-47168.exe
2672	Unicorn-16442.exe
2752	Unicorn-62113.exe
2012	Unicorn-20801.exe
2176	Unicorn-5019.exe
2512	Unicorn-24885.exe
816	Unicorn-28969.exe
896	Unicorn-43914.exe
2272	Unicorn-27624.exe
1772	Unicorn-47490.exe
1436	Unicorn-17340.exe
2128	Unicorn-2949.exe
596	Unicorn-37760.exe
284	Unicorn-52705.exe
1496	Unicorn-41844.exe
348	Unicorn-56789.exe
2668	Unicorn-34828.exe
2356	Unicorn-34828.exe
1976	Unicorn-19046.exe
612	Unicorn-42996.exe
400	Unicorn-27214.exe
1052	Unicorn-59524.exe
1460	Unicorn-43742.exe
1580	Unicorn-32882.exe
2400	Unicorn-47827.exe
2848	Unicorn-6239.exe
2332	Unicorn-41050.exe
2952	Unicorn-55995.exe
2704	Unicorn-100.exe
3016	Unicorn-35103.exe
2500	Unicorn-19321.exe
2648	Unicorn-12544.exe
2788	Unicorn-27489.exe
2724	Unicorn-47355.exe
2396	Unicorn-16629.exe
1676	Unicorn-39741.exe
2460	Unicorn-2046.exe
2044	Unicorn-36857.exe
1972	Unicorn-21075.exe
1332	Unicorn-18383.exe
2784	Unicorn-22467.exe
2892	Unicorn-37411.exe
2944	Unicorn-61361.exe
2096	Unicorn-10769.exe
1688	Unicorn-30635.exe
2300	Unicorn-15045.exe
2100	Unicorn-65445.exe
1164	Unicorn-35186.exe
2024	Unicorn-19404.exe
2064	Unicorn-36940.exe
884	Unicorn-60053.exe
2900	Unicorn-34994.exe
2820	Unicorn-54023.exe
2980	Unicorn-21180.exe
2636	Unicorn-36124.exe
2508	Unicorn-64158.exe
2588	Unicorn-33432.exe
2796	Unicorn-17650.exe
1848	Unicorn-10873.exe
2344	Unicorn-45684.exe
760	Unicorn-14957.exe

Loads dropped DLL 64 IoCs

Processes:

6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exeUnicorn-33873.exeUnicorn-44625.exeUnicorn-64490.exeWerFault.exeUnicorn-47168.exeUnicorn-62113.exeUnicorn-16442.exeWerFault.exeWerFault.exeUnicorn-20801.exeUnicorn-5019.exeUnicorn-24885.exeUnicorn-43914.exeUnicorn-28969.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
2380	Unicorn-33873.exe
2380	Unicorn-33873.exe
2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
2160	Unicorn-44625.exe
2380	Unicorn-33873.exe
2160	Unicorn-44625.exe
2380	Unicorn-33873.exe
2140	Unicorn-64490.exe
2140	Unicorn-64490.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2480	Unicorn-47168.exe
2480	Unicorn-47168.exe
2752	Unicorn-62113.exe
2160	Unicorn-44625.exe
2160	Unicorn-44625.exe
2752	Unicorn-62113.exe
2672	Unicorn-16442.exe
2140	Unicorn-64490.exe
2672	Unicorn-16442.exe
2140	Unicorn-64490.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
2684	WerFault.exe
1140	WerFault.exe
2480	Unicorn-47168.exe
2012	Unicorn-20801.exe
2480	Unicorn-47168.exe
2012	Unicorn-20801.exe
2176	Unicorn-5019.exe
2176	Unicorn-5019.exe
2512	Unicorn-24885.exe
2512	Unicorn-24885.exe
896	Unicorn-43914.exe
896	Unicorn-43914.exe
2752	Unicorn-62113.exe
2752	Unicorn-62113.exe
816	Unicorn-28969.exe
816	Unicorn-28969.exe
2672	Unicorn-16442.exe
2672	Unicorn-16442.exe
2432	WerFault.exe
2432	WerFault.exe
2432	WerFault.exe
2432	WerFault.exe
2432	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
2364	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2740	2888	WerFault.exe	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
2548	2380	WerFault.exe	Unicorn-33873.exe
2684	2160	WerFault.exe	Unicorn-44625.exe
1140	2140	WerFault.exe	Unicorn-64490.exe
2432	2480	WerFault.exe	Unicorn-47168.exe
1028	2752	WerFault.exe	Unicorn-62113.exe
2364	2672	WerFault.exe	Unicorn-16442.exe
2772	2012	WerFault.exe	Unicorn-20801.exe
2988	2176	WerFault.exe	Unicorn-5019.exe
2032	2512	WerFault.exe	Unicorn-24885.exe
2028	896	WerFault.exe	Unicorn-43914.exe
2616	816	WerFault.exe	Unicorn-28969.exe
608	2272	WerFault.exe	Unicorn-27624.exe
2304	1772	WerFault.exe	Unicorn-47490.exe
1556	1436	WerFault.exe	Unicorn-17340.exe
2080	2128	WerFault.exe	Unicorn-2949.exe
1804	596	WerFault.exe	Unicorn-37760.exe
1604	284	WerFault.exe	Unicorn-52705.exe
1884	1496	WerFault.exe	Unicorn-41844.exe
1888	348	WerFault.exe	Unicorn-56789.exe
2312	2704	WerFault.exe	Unicorn-100.exe
1588	2356	WerFault.exe	Unicorn-34828.exe
1488	2668	WerFault.exe	Unicorn-34828.exe
2236	612	WerFault.exe	Unicorn-42996.exe
1124	1976	WerFault.exe	Unicorn-19046.exe
2624	400	WerFault.exe	Unicorn-27214.exe
2732	1052	WerFault.exe	Unicorn-59524.exe
2592	1460	WerFault.exe	Unicorn-43742.exe
2748	2400	WerFault.exe	Unicorn-47827.exe
800	1580	WerFault.exe	Unicorn-32882.exe
1112	2332	WerFault.exe	Unicorn-41050.exe
320	2952	WerFault.exe	Unicorn-55995.exe
2912	2848	WerFault.exe	Unicorn-6239.exe
1672	1600	WerFault.exe	Unicorn-34178.exe
3336	3016	WerFault.exe	Unicorn-35103.exe
3360	2648	WerFault.exe	Unicorn-12544.exe
3384	2500	WerFault.exe	Unicorn-19321.exe
3408	2396	WerFault.exe	Unicorn-16629.exe
3432	2724	WerFault.exe	Unicorn-47355.exe
3440	1676	WerFault.exe	Unicorn-39741.exe
3488	2788	WerFault.exe	Unicorn-27489.exe
3480	1332	WerFault.exe	Unicorn-18383.exe
3496	2300	WerFault.exe	Unicorn-15045.exe
3504	2044	WerFault.exe	Unicorn-36857.exe
3544	2784	WerFault.exe	Unicorn-22467.exe
3560	2892	WerFault.exe	Unicorn-37411.exe
3576	1688	WerFault.exe	Unicorn-30635.exe
3600	2100	WerFault.exe	Unicorn-65445.exe
3616	2944	WerFault.exe	Unicorn-61361.exe
3624	1972	WerFault.exe	Unicorn-21075.exe
3644	2460	WerFault.exe	Unicorn-2046.exe
3732	2096	WerFault.exe	Unicorn-10769.exe
3792	536	WerFault.exe	Unicorn-31486.exe
3972	2024	WerFault.exe	Unicorn-19404.exe
3212	1164	WerFault.exe	Unicorn-35186.exe
3328	2636	WerFault.exe	Unicorn-36124.exe
4136	2980	WerFault.exe	Unicorn-21180.exe
4156	2900	WerFault.exe	Unicorn-34994.exe
4180	884	WerFault.exe	Unicorn-60053.exe
4204	2796	WerFault.exe	Unicorn-17650.exe
4236	2488	WerFault.exe	Unicorn-34008.exe
4244	936	WerFault.exe	Unicorn-38092.exe
4268	1736	WerFault.exe	Unicorn-46260.exe
4276	952	WerFault.exe	Unicorn-48398.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exeUnicorn-33873.exeUnicorn-44625.exeUnicorn-64490.exeUnicorn-47168.exeUnicorn-62113.exeUnicorn-16442.exeUnicorn-5019.exeUnicorn-20801.exeUnicorn-24885.exeUnicorn-43914.exeUnicorn-28969.exeUnicorn-47490.exeUnicorn-27624.exeUnicorn-17340.exeUnicorn-2949.exeUnicorn-37760.exeUnicorn-52705.exeUnicorn-41844.exeUnicorn-56789.exeUnicorn-34828.exeUnicorn-34828.exeUnicorn-19046.exeUnicorn-42996.exeUnicorn-27214.exeUnicorn-59524.exeUnicorn-43742.exeUnicorn-32882.exeUnicorn-47827.exeUnicorn-6239.exeUnicorn-41050.exeUnicorn-55995.exeUnicorn-100.exeUnicorn-35103.exeUnicorn-19321.exeUnicorn-27489.exeUnicorn-47355.exeUnicorn-16629.exeUnicorn-12544.exeUnicorn-39741.exeUnicorn-2046.exeUnicorn-36857.exeUnicorn-21075.exeUnicorn-18383.exeUnicorn-22467.exeUnicorn-37411.exeUnicorn-61361.exeUnicorn-30635.exeUnicorn-65445.exeUnicorn-10769.exeUnicorn-15045.exeUnicorn-35186.exeUnicorn-19404.exeUnicorn-36940.exeUnicorn-60053.exeUnicorn-34994.exeUnicorn-54023.exeUnicorn-36124.exeUnicorn-21180.exeUnicorn-64158.exeUnicorn-33432.exeUnicorn-17650.exeUnicorn-10873.exeUnicorn-45684.exe

pid	process
2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
2380	Unicorn-33873.exe
2160	Unicorn-44625.exe
2140	Unicorn-64490.exe
2480	Unicorn-47168.exe
2752	Unicorn-62113.exe
2672	Unicorn-16442.exe
2176	Unicorn-5019.exe
2012	Unicorn-20801.exe
2512	Unicorn-24885.exe
896	Unicorn-43914.exe
816	Unicorn-28969.exe
1772	Unicorn-47490.exe
2272	Unicorn-27624.exe
1436	Unicorn-17340.exe
2128	Unicorn-2949.exe
596	Unicorn-37760.exe
284	Unicorn-52705.exe
1496	Unicorn-41844.exe
348	Unicorn-56789.exe
2668	Unicorn-34828.exe
2356	Unicorn-34828.exe
1976	Unicorn-19046.exe
612	Unicorn-42996.exe
400	Unicorn-27214.exe
1052	Unicorn-59524.exe
1460	Unicorn-43742.exe
1580	Unicorn-32882.exe
2400	Unicorn-47827.exe
2848	Unicorn-6239.exe
2332	Unicorn-41050.exe
2952	Unicorn-55995.exe
2704	Unicorn-100.exe
3016	Unicorn-35103.exe
2500	Unicorn-19321.exe
2788	Unicorn-27489.exe
2724	Unicorn-47355.exe
2396	Unicorn-16629.exe
2648	Unicorn-12544.exe
1676	Unicorn-39741.exe
2460	Unicorn-2046.exe
2044	Unicorn-36857.exe
1972	Unicorn-21075.exe
1332	Unicorn-18383.exe
2784	Unicorn-22467.exe
2892	Unicorn-37411.exe
2944	Unicorn-61361.exe
1688	Unicorn-30635.exe
2100	Unicorn-65445.exe
2096	Unicorn-10769.exe
2300	Unicorn-15045.exe
1164	Unicorn-35186.exe
2024	Unicorn-19404.exe
2064	Unicorn-36940.exe
884	Unicorn-60053.exe
2900	Unicorn-34994.exe
2820	Unicorn-54023.exe
2636	Unicorn-36124.exe
2980	Unicorn-21180.exe
2508	Unicorn-64158.exe
2588	Unicorn-33432.exe
2796	Unicorn-17650.exe
1848	Unicorn-10873.exe
2344	Unicorn-45684.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exeUnicorn-33873.exeUnicorn-44625.exeUnicorn-64490.exeUnicorn-47168.exeUnicorn-62113.exeUnicorn-16442.exe

description	pid	process	target process
PID 2888 wrote to memory of 2380	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-33873.exe
PID 2888 wrote to memory of 2380	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-33873.exe
PID 2888 wrote to memory of 2380	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-33873.exe
PID 2888 wrote to memory of 2380	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-33873.exe
PID 2380 wrote to memory of 2140	2380	Unicorn-33873.exe	Unicorn-64490.exe
PID 2380 wrote to memory of 2140	2380	Unicorn-33873.exe	Unicorn-64490.exe
PID 2380 wrote to memory of 2140	2380	Unicorn-33873.exe	Unicorn-64490.exe
PID 2380 wrote to memory of 2140	2380	Unicorn-33873.exe	Unicorn-64490.exe
PID 2888 wrote to memory of 2160	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-44625.exe
PID 2888 wrote to memory of 2160	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-44625.exe
PID 2888 wrote to memory of 2160	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-44625.exe
PID 2888 wrote to memory of 2160	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	Unicorn-44625.exe
PID 2888 wrote to memory of 2740	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	WerFault.exe
PID 2888 wrote to memory of 2740	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	WerFault.exe
PID 2888 wrote to memory of 2740	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	WerFault.exe
PID 2888 wrote to memory of 2740	2888	6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe	WerFault.exe
PID 2160 wrote to memory of 2480	2160	Unicorn-44625.exe	Unicorn-47168.exe
PID 2160 wrote to memory of 2480	2160	Unicorn-44625.exe	Unicorn-47168.exe
PID 2160 wrote to memory of 2480	2160	Unicorn-44625.exe	Unicorn-47168.exe
PID 2160 wrote to memory of 2480	2160	Unicorn-44625.exe	Unicorn-47168.exe
PID 2380 wrote to memory of 2752	2380	Unicorn-33873.exe	Unicorn-62113.exe
PID 2380 wrote to memory of 2752	2380	Unicorn-33873.exe	Unicorn-62113.exe
PID 2380 wrote to memory of 2752	2380	Unicorn-33873.exe	Unicorn-62113.exe
PID 2380 wrote to memory of 2752	2380	Unicorn-33873.exe	Unicorn-62113.exe
PID 2140 wrote to memory of 2672	2140	Unicorn-64490.exe	Unicorn-16442.exe
PID 2140 wrote to memory of 2672	2140	Unicorn-64490.exe	Unicorn-16442.exe
PID 2140 wrote to memory of 2672	2140	Unicorn-64490.exe	Unicorn-16442.exe
PID 2140 wrote to memory of 2672	2140	Unicorn-64490.exe	Unicorn-16442.exe
PID 2380 wrote to memory of 2548	2380	Unicorn-33873.exe	WerFault.exe
PID 2380 wrote to memory of 2548	2380	Unicorn-33873.exe	WerFault.exe
PID 2380 wrote to memory of 2548	2380	Unicorn-33873.exe	WerFault.exe
PID 2380 wrote to memory of 2548	2380	Unicorn-33873.exe	WerFault.exe
PID 2480 wrote to memory of 2012	2480	Unicorn-47168.exe	Unicorn-20801.exe
PID 2480 wrote to memory of 2012	2480	Unicorn-47168.exe	Unicorn-20801.exe
PID 2480 wrote to memory of 2012	2480	Unicorn-47168.exe	Unicorn-20801.exe
PID 2480 wrote to memory of 2012	2480	Unicorn-47168.exe	Unicorn-20801.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-44625.exe	Unicorn-5019.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-44625.exe	Unicorn-5019.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-44625.exe	Unicorn-5019.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-44625.exe	Unicorn-5019.exe
PID 2752 wrote to memory of 2512	2752	Unicorn-62113.exe	Unicorn-24885.exe
PID 2752 wrote to memory of 2512	2752	Unicorn-62113.exe	Unicorn-24885.exe
PID 2752 wrote to memory of 2512	2752	Unicorn-62113.exe	Unicorn-24885.exe
PID 2752 wrote to memory of 2512	2752	Unicorn-62113.exe	Unicorn-24885.exe
PID 2672 wrote to memory of 816	2672	Unicorn-16442.exe	Unicorn-28969.exe
PID 2672 wrote to memory of 816	2672	Unicorn-16442.exe	Unicorn-28969.exe
PID 2672 wrote to memory of 816	2672	Unicorn-16442.exe	Unicorn-28969.exe
PID 2672 wrote to memory of 816	2672	Unicorn-16442.exe	Unicorn-28969.exe
PID 2140 wrote to memory of 896	2140	Unicorn-64490.exe	Unicorn-43914.exe
PID 2140 wrote to memory of 896	2140	Unicorn-64490.exe	Unicorn-43914.exe
PID 2140 wrote to memory of 896	2140	Unicorn-64490.exe	Unicorn-43914.exe
PID 2140 wrote to memory of 896	2140	Unicorn-64490.exe	Unicorn-43914.exe
PID 2160 wrote to memory of 2684	2160	Unicorn-44625.exe	WerFault.exe
PID 2160 wrote to memory of 2684	2160	Unicorn-44625.exe	WerFault.exe
PID 2160 wrote to memory of 2684	2160	Unicorn-44625.exe	WerFault.exe
PID 2160 wrote to memory of 2684	2160	Unicorn-44625.exe	WerFault.exe
PID 2140 wrote to memory of 1140	2140	Unicorn-64490.exe	WerFault.exe
PID 2140 wrote to memory of 1140	2140	Unicorn-64490.exe	WerFault.exe
PID 2140 wrote to memory of 1140	2140	Unicorn-64490.exe	WerFault.exe
PID 2140 wrote to memory of 1140	2140	Unicorn-64490.exe	WerFault.exe
PID 2480 wrote to memory of 2272	2480	Unicorn-47168.exe	Unicorn-27624.exe
PID 2480 wrote to memory of 2272	2480	Unicorn-47168.exe	Unicorn-27624.exe
PID 2480 wrote to memory of 2272	2480	Unicorn-47168.exe	Unicorn-27624.exe
PID 2480 wrote to memory of 2272	2480	Unicorn-47168.exe	Unicorn-27624.exe

C:\Users\Admin\AppData\Local\Temp\6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe
"C:\Users\Admin\AppData\Local\Temp\6aaf7cf3415723e4243a5ba50934d16c14ae91ad259557d6c5ad92bf31d5295e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
9⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
11⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 220
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
11⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
10⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
9⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
8⤵
- Program crash
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
8⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
9⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
10⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
11⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
12⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
13⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
12⤵
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
11⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
11⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
13⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 220
12⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 236
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
10⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
12⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
11⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
9⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
8⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
7⤵
- Program crash
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
8⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
9⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
10⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
12⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
13⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
12⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
11⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
11⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
11⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 220
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
8⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
7⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
11⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
12⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
11⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
11⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
11⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
8⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
7⤵
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
6⤵
- Program crash
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
8⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
11⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
12⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
10⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
10⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
11⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 220
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
7⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
9⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
10⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
11⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
11⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
10⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
8⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 216
6⤵
- Program crash
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
9⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
12⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
13⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
12⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
11⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-7760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7760.exe
11⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
12⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
12⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
11⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
12⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
8⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
7⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
8⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
8⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
11⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
12⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
12⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
10⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 220
11⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
7⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
10⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
11⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
11⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
8⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
7⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
6⤵
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
8⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
12⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
11⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
10⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-6331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6331.exe
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
11⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 236
10⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 220
8⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
9⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
10⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
11⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
10⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
8⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 220
7⤵
- Program crash
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
6⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
7⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
10⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
11⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
8⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
7⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
8⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
9⤵
PID:9540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
10⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 216
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
9⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
8⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 220
7⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
6⤵
- Program crash
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
5⤵
- Program crash
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
8⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-10702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10702.exe
10⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-35347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35347.exe
11⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
12⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
13⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
12⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
11⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
10⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
11⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
12⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
12⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 236
11⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
11⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
12⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
12⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 236
11⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
8⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
7⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
11⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
12⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 236
12⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
10⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 236
11⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
10⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
7⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
7⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
10⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
11⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
12⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
13⤵
PID:2120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
13⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 236
12⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
11⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
12⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
12⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 240
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
9⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 216
8⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
7⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
10⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
10⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
10⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
11⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
10⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
9⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 220
8⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
7⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
6⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
7⤵
- Executes dropped EXE
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
8⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
10⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
11⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
12⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
11⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
9⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
10⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
10⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
10⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 220
11⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
8⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
7⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
6⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
7⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
10⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
11⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
7⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
8⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37994.exe
9⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
10⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
10⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
9⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
8⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
7⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
6⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 220
5⤵
- Program crash
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-52705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52705.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
7⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
8⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
11⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
12⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
9⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
10⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
11⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
11⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
10⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
8⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
9⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
10⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
11⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 236
11⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
10⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
8⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
7⤵
- Program crash
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
6⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-55544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55544.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
10⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
11⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
10⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
8⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
7⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 220
9⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
8⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
6⤵
- Program crash
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
9⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
10⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
11⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-571.exe
12⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
10⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
8⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
9⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
10⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
10⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
9⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
8⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
7⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
6⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
7⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
8⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
9⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
10⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
10⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
9⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
8⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
7⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
6⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
5⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
9⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
11⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
12⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 220
13⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
11⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
10⤵
- Program crash
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
11⤵
PID:8028

C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
11⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
9⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
8⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
10⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
9⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
8⤵
- Program crash
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
8⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
9⤵
- Program crash
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
11⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
11⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
9⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
8⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
8⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 220
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
11⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
10⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
9⤵
- Program crash
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
10⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
10⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
8⤵
- Program crash
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
7⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
11⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
12⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
6⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
8⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
12⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
12⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
10⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
11⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 236
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 236
10⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
8⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
7⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
10⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
11⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 220
11⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
7⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
10⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
11⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
7⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
9⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
10⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
11⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
11⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
10⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
9⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
8⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
7⤵
- Program crash
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
6⤵
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
5⤵
- Program crash
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
11⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
8⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
8⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
9⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
10⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
10⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
9⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
8⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
7⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 220
6⤵
- Program crash
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
5⤵
- Program crash
PID:608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
8⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
11⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
12⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
11⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
9⤵
- Program crash
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
11⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
12⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 236
12⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 236
11⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
10⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
10⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
8⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
7⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-60053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60053.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
7⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
10⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
11⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-8922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8922.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
9⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
10⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
10⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
8⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
7⤵
- Program crash
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
6⤵
- Program crash
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
6⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
7⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
8⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
9⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
10⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
10⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
9⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
8⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
6⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
5⤵
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:400

C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
7⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-22187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22187.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
10⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
11⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
7⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
9⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
10⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
10⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
9⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
8⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
- Program crash
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
6⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
7⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
6⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
6⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
7⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
9⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
10⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
10⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
9⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
8⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
7⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
6⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
7⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
8⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
9⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
9⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
8⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
7⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
6⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
5⤵
- Program crash
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
4⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
2⤵
- Program crash
PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe

Filesize
184KB

MD5
08539362e0dfda2981477dd3bcad2d19

SHA1
a9d26519b4cddcc8e6666b925bb287c348adb688

SHA256
666da03e11231235b80605b9b68ea556c7b4f02ef8ba8291b692737cacac254f

SHA512
68f462efe4300223aabdc05edfdad546adae0154cbdc8c7484c031e323cb0215bb9dfab1ba4f53f6485bd7e3bfe002f921c2ec170ec825183daf27fbfba220a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe

Filesize
184KB

MD5
d038bb744d283148e300d1b67cea5248

SHA1
598358a8e314dc9150c6807ff8d05eb8774f3663

SHA256
a3bfda9bca181767889636f0c324195d18e0ef71d3dd774f56dc37a38a5e6a62

SHA512
571e82bf15af008f0b6c05a189c8bc5309965ae2b1091d806e0a52d977dda3e5669e1356cee7fdc71e5a2d755db67e7106c472d3519d21b3810a22da038b33ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe

Filesize
184KB

MD5
fe99b24c06ff5bb95fe0287b012422f0

SHA1
a7c517e55b9580022e0c043201c0c3e6fa17eda7

SHA256
ac94e75cc75280ddef3f15c10380306d988760fc6b983331080633977f0ae6ad

SHA512
cd1c7ff9c76db05bd406e8938186d5ba29110da28a078e01c5b465a41ea856e1690fa641fb7cce113b63a45ad1f3450744d759b2336955eecd2897ba2aeaa91b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe

Filesize
184KB

MD5
155d0c671509c0daef8c0676272b7e2a

SHA1
b2ad078deded7611c579eca8dcb354f4caab0940

SHA256
e134d27a0e611776e5cdc503b9d6db2c5ce14941b743c7c414264d26114d71b7

SHA512
ca31659835624f11ee0c465af9f2a11b6100cc3bad7ea7aea8a42230e4133d08b57e277b989c9a040bdb2266f077dd4ea0e3ca446e9e925dab29e9744c203c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe

Filesize
184KB

MD5
3ab765e10359cc69bda3777d3e745e3f

SHA1
ee564d9aaa2a275d70d5bd7a02bf5de7c1c98749

SHA256
9c1d4d28fc2fb51cc3f55a5bf86a71f46a1e99ac5ad546db968d691bec867784

SHA512
00b82b7457149283ee3de652fa6d352e9e891730f786d17633b2451c96d2dd870f1538291ba3e40d0a7d045ac39a383891f89862d0985cf561151105695e35aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe

Filesize
184KB

MD5
eab3267ea0b5e0ecd980fd2e7fb69689

SHA1
0384f4faf657c7b54ff26b7d5b3c5f193ecbe018

SHA256
920dbd5f2b4800c1ee3fa3124a4b2c214c74ee6b895806cd03ed1484d59bdbab

SHA512
46b74b366b63f972698e7600523a9b38ca1356b63239cf49b245ec7a1b46f266fb298cdf5c8a60954fff8b0e2be6d258f23455e344f8130ffae4a9f224e9ebdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe

Filesize
184KB

MD5
922b0f7cb257152a049598af897289cd

SHA1
68ea775d02c1a68ea4e6c5cabdef9208b884edad

SHA256
e0a5610d55401df631725b96a58c458d7cbe1a2fd08c728ea8d36771ad51eba7

SHA512
870dc39507932f21082d3df5562439f192f48bd458d7c1e4027ee26d6d9b713e4455f79d16e890af51694fcefe5fb2b042a5ff6b3a9842da9539191b839cb65f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe

Filesize
184KB

MD5
3d20f27f9baeedff7efc001b7282e659

SHA1
f26d81c8c1e669edcaa5628ba4e773add5309232

SHA256
60378e38608b4d329cefdc0f30374e68c5d95c0e674bcc6efcb5026ab74a04dd

SHA512
eb265bda5f7ce85f4e9d8fe7b5de6d50dabf9f85a61f9b420d605cd5d8930321e8b50f587b2c4083b17f0217590cd9d97a146cb9946238ef91cf8ee111f77d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe

Filesize
184KB

MD5
96b3aeaecf118050eb2542423f5d2157

SHA1
77ffd36cab064a2fdcb3e42c30f4213e5e82fd4f

SHA256
7b89cb7cd5dab819a0a523a873a48518270bd122006fc9d2c873dc5ac0513178

SHA512
7494468b5f2f16ab74982aba08d8dc7c1b04a507a35624d03748e9f9fb3abdb9c99cb912463af23d6438a8cc04a349588c3b7685e6c2b562ee2b676397dfb231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe

Filesize
184KB

MD5
090b6e84cb0e0aa8b47fd92fa3bc031e

SHA1
1a8f82b04d974c1b747e8dc705cf4a6fa0c3f058

SHA256
b75a1180735e07e5deee6feded57336e20f62c30156126214ab7640cac92358b

SHA512
80043036aa020ffc377d1759d2f1c15d865f826d65a6ac02e703f725a464c1bfa21416b64e4c4516d019d6aed31e933081ce4238946e5df23f121bded932d42a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe

Filesize
184KB

MD5
7157d5a817c3caec31ba75069d93fc85

SHA1
4c8f7435878193b356e077d04b491d785e041c46

SHA256
07ce097aaa147999672d737dec85198e5e7ad6e137c4abbcce0177030493fdfb

SHA512
cd3c4a23366e16616d5e65e5ab681be8abca4006c78e49296bdfa5d00cce0159cc9ef07fec762d9d6c63a7cb627251d53aff729e0d6911439f5390ec7ec79537

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe

Filesize
184KB

MD5
a30d0ef84734b45a9ef2da928ec26158

SHA1
73fa103488c1c435c95c9081b916b7310fee9cef

SHA256
03fdc2eb36bca86c73e285827eec2e0780aff6758b59485abdfd5a5650ac9758

SHA512
ae78645feb427548b99681340cd3413eebf9cbed71718b215c909990d383a51b7714630ef1789d11cbcd09f75deb5b816d4e9a48a5083c9c87fa3d53a678a393

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe

Filesize
184KB

MD5
5ac8869262b0f5b9069629959796d477

SHA1
72700de4001aadecfe9dc5dc70d3a611a3886c2e

SHA256
2817471ac6747191fc25b99e52c930f1bce5ee1b1680fb840dee267190c711d8

SHA512
6b6788ab8c0d30d26574c10262738abc992820841e26c7f8a14d5823465efd94bc04ddf04651a2677c130241795da704861c683e3593d3477fb346886d4656b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe

Filesize
184KB

MD5
fdbcb4228d32c92e871c2e6f9962a05e

SHA1
70d140a493ecf9ff0710b0906be9d512e28bbb0b

SHA256
62711d37f09dcb6f58f599f7ca4e3228a416c2a0c881ff8b1f5fef4e3427b628

SHA512
a331f9368eb42044989bbbe76ab419ec0749a890e5be04d5ebd656a40dfa442099a8a27b74f61407700b354dbf3a4c036412c6ef0c28695698d65964f66a4a81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe

Filesize
184KB

MD5
8ae41856888dbfdef4878f81c94d9504

SHA1
df34ae945d8e1e7c0df2ec83fb3630b92ecf57a7

SHA256
a719d8dc4fd0ea7e7bd275c95807bd5309552e25b21c1bf3ef05aca578e9e910

SHA512
5f41cac1f489dfa0e18718578ad9e018c77cf0fdee2766ed0c9772f2da9b7f49a9257696da2b7499d251b1328568fe1823968b46455e8f23382b399f7419a2a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe

Filesize
184KB

MD5
953c68b979b5ac11bde6b037788c5059

SHA1
bd21954cce57b95a195cb3603a84a6a0648fb3ec

SHA256
44abb41a5fab350938f59a31fa268ccf422067cc8a1ee0cea489ee4a97be82a5

SHA512
960847b1521204270a13b6749fdf443f66f5cc72167cca4596eb953442ebcde4159f2a4d056efb3a8e6499d79914d95609a2622f05c22dd07df572172add106f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe

Filesize
184KB

MD5
3ee43867202093d4145651d76ae6e552

SHA1
8113f175ca5148e5ee4d3585468462b40f1a6d8c

SHA256
a0d38407ed0b6af78a536286d0363fccfb4799886739faf90c6e6b472a2ff5f5

SHA512
c86b5b6976f4668ff1a31836ffdf5a9377caf65da725967fb4675ea6f1e04978edbccbebfc13d80ebb3ed9f4a22cf53ea567ce19fd6a32483e7f7673816cf122

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe

Filesize
184KB

MD5
d095c9052a7745a64b0bb6613eabedd1

SHA1
b73f2fd3bb8087fa8aacde6ca27658431aec2d8b

SHA256
6d89f703f87fa18b29d646928539b38a72654fea8eb22bb4a3d74bc2f84a9931

SHA512
af862b4272caeb8dfdba6566c76aab13bf59d3249a8334a60474a1dd07bcaab9eebe98aaf39bfd08b9402b5bbdfb2dc9cad476758d0a8808519966dd1f7bf03c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe

Filesize
184KB

MD5
a6a9f94940b4b3415371a21b0c82ba06

SHA1
328c930e5f9073877b303c3e34df5db2e684fa5b

SHA256
c4a1e73f9d6b9d3c17321b2510a7fbc0b3ddb09477699c4a9f7604bbdacbf07a

SHA512
e2594b0c6239fe18435d0a0a58f018257900cf6c52daa84b0b75e77df526dda3af0174e30a2d6b2528a05e14f43a207ae570f7b16439cb36885dcd4b48926a0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe

Filesize
184KB

MD5
8b001dfe1efd8c2de7b0499120d9abae

SHA1
8f93fdaf78b87754910ec3490602893a0fe70bf1

SHA256
890167e11c46e18c151de39b9c79f0855f8b6a01e166bd8ac8e50b5b80654d17

SHA512
32be3ea74fda7713076ee3853c09ebcbf45c62f2bc6eb40cd18cb030758caa6f626b953f6757912537a14f0d2ac74f12ffbee604240f3d8c1b5c4d5321c6f4d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe

Filesize
184KB

MD5
e7d0151d74e96b3ff33a025d960feb95

SHA1
b00a186c3c254e09ecee01a25c24360c558b139e

SHA256
3df668cf194285c4419525992678dee8ed0a5755be85ced34590ecd93bf15ec9

SHA512
0fafc9de33c3c6f575183032b7eae9cb9d6a053f4f48bde910aef7f0ac3b274b580d77766bf95e8f409839a3fae21b568a2f53b5e7b452207c99b2609b86cd76

Download Submit