83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
Size

184KB
MD5

a1bb953970a94434b14084352c78a979
SHA1

72b048d097b17b6a125149801ed5706ca0a6f855
SHA256

83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c
SHA512

053db49744a9b9c6dc1eb3683c0f7dc220b1ebc32f2df41eda6dd35072a6432b416ae729c3ad798c15b3740af9bf63215e5fbfe61f8c7e2f0df888b9d75e13c1
SSDEEP

3072:3313r8oT74hTdFaWeayLRqs2hlnViFkn3:33Ko6JFarL4s2hlnViFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-50379.exeUnicorn-54354.exeUnicorn-65215.exeUnicorn-50353.exeUnicorn-50353.exeUnicorn-8121.exeUnicorn-41391.exeUnicorn-64504.exeUnicorn-18833.exeUnicorn-11795.exeUnicorn-21608.exeUnicorn-46134.exeUnicorn-38520.exeUnicorn-17546.exeUnicorn-59133.exeUnicorn-13461.exeUnicorn-44188.exeUnicorn-4271.exeUnicorn-43720.exeUnicorn-63586.exeUnicorn-5340.exeUnicorn-12117.exeUnicorn-9424.exeUnicorn-9424.exeUnicorn-1619.exeUnicorn-32345.exeUnicorn-30997.exeUnicorn-41857.exeUnicorn-27467.exeUnicorn-51609.exeUnicorn-16799.exeUnicorn-62470.exeUnicorn-45387.exeUnicorn-21437.exeUnicorn-2771.exeUnicorn-26721.exeUnicorn-12330.exeUnicorn-23191.exeUnicorn-8246.exeUnicorn-35635.exeUnicorn-20691.exeUnicorn-51417.exeUnicorn-57722.exeUnicorn-33772.exeUnicorn-18828.exeUnicorn-8713.exeUnicorn-45278.exeUnicorn-37664.exeUnicorn-26804.exeUnicorn-8521.exeUnicorn-19382.exeUnicorn-55584.exeUnicorn-2875.exeUnicorn-49938.exeUnicorn-25988.exeUnicorn-54022.exeUnicorn-46409.exeUnicorn-737.exeUnicorn-27380.exeUnicorn-54769.exeUnicorn-39824.exeUnicorn-50685.exeUnicorn-15874.exeUnicorn-17266.exe

pid	process
1672	Unicorn-50379.exe
2308	Unicorn-54354.exe
2132	Unicorn-65215.exe
2700	Unicorn-50353.exe
2460	Unicorn-50353.exe
2612	Unicorn-8121.exe
1316	Unicorn-41391.exe
2996	Unicorn-64504.exe
2016	Unicorn-18833.exe
2828	Unicorn-11795.exe
2832	Unicorn-21608.exe
2496	Unicorn-46134.exe
1292	Unicorn-38520.exe
2092	Unicorn-17546.exe
2824	Unicorn-59133.exe
2008	Unicorn-13461.exe
1868	Unicorn-44188.exe
1860	Unicorn-4271.exe
688	Unicorn-43720.exe
412	Unicorn-63586.exe
824	Unicorn-5340.exe
1664	Unicorn-12117.exe
1372	Unicorn-9424.exe
864	Unicorn-9424.exe
1336	Unicorn-1619.exe
2284	Unicorn-32345.exe
1348	Unicorn-30997.exe
2304	Unicorn-41857.exe
1704	Unicorn-27467.exe
2360	Unicorn-51609.exe
792	Unicorn-16799.exe
1524	Unicorn-62470.exe
2592	Unicorn-45387.exe
2656	Unicorn-21437.exe
2464	Unicorn-2771.exe
2456	Unicorn-26721.exe
2172	Unicorn-12330.exe
2504	Unicorn-23191.exe
3032	Unicorn-8246.exe
2972	Unicorn-35635.exe
2248	Unicorn-20691.exe
2848	Unicorn-51417.exe
2684	Unicorn-57722.exe
2328	Unicorn-33772.exe
1996	Unicorn-18828.exe
1252	Unicorn-8713.exe
2012	Unicorn-45278.exe
1788	Unicorn-37664.exe
2396	Unicorn-26804.exe
2080	Unicorn-8521.exe
1144	Unicorn-19382.exe
1892	Unicorn-55584.exe
768	Unicorn-2875.exe
2372	Unicorn-49938.exe
2296	Unicorn-25988.exe
1680	Unicorn-54022.exe
2384	Unicorn-46409.exe
2316	Unicorn-737.exe
1648	Unicorn-27380.exe
2168	Unicorn-54769.exe
2640	Unicorn-39824.exe
1032	Unicorn-50685.exe
2608	Unicorn-15874.exe
2760	Unicorn-17266.exe

Loads dropped DLL 64 IoCs

Processes:

83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exeUnicorn-50379.exeUnicorn-65215.exeUnicorn-54354.exeWerFault.exeUnicorn-8121.exeUnicorn-50353.exeWerFault.exeWerFault.exeUnicorn-50353.exeUnicorn-41391.exeUnicorn-18833.exeUnicorn-64504.exeUnicorn-11795.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
1672	Unicorn-50379.exe
756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
1672	Unicorn-50379.exe
756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
2132	Unicorn-65215.exe
2308	Unicorn-54354.exe
2132	Unicorn-65215.exe
2308	Unicorn-54354.exe
1672	Unicorn-50379.exe
1672	Unicorn-50379.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
2612	Unicorn-8121.exe
2612	Unicorn-8121.exe
2132	Unicorn-65215.exe
2132	Unicorn-65215.exe
2460	Unicorn-50353.exe
2460	Unicorn-50353.exe
2308	Unicorn-54354.exe
2308	Unicorn-54354.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
2528	WerFault.exe
2700	Unicorn-50353.exe
2700	Unicorn-50353.exe
1316	Unicorn-41391.exe
1316	Unicorn-41391.exe
2612	Unicorn-8121.exe
2612	Unicorn-8121.exe
2016	Unicorn-18833.exe
2016	Unicorn-18833.exe
2460	Unicorn-50353.exe
2460	Unicorn-50353.exe
2996	Unicorn-64504.exe
2996	Unicorn-64504.exe
2828	Unicorn-11795.exe
2828	Unicorn-11795.exe
612	WerFault.exe
612	WerFault.exe
1192	WerFault.exe
612	WerFault.exe
612	WerFault.exe
1192	WerFault.exe
1192	WerFault.exe
1192	WerFault.exe
612	WerFault.exe
1192	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2876	756	WerFault.exe	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
1948	1672	WerFault.exe	Unicorn-50379.exe
2528	2308	WerFault.exe	Unicorn-54354.exe
1540	2132	WerFault.exe	Unicorn-65215.exe
612	2612	WerFault.exe	Unicorn-8121.exe
1192	2700	WerFault.exe	Unicorn-50353.exe
2128	2460	WerFault.exe	Unicorn-50353.exe
1404	1316	WerFault.exe	Unicorn-41391.exe
2024	2016	WerFault.exe	Unicorn-18833.exe
1592	2996	WerFault.exe	Unicorn-64504.exe
1596	2828	WerFault.exe	Unicorn-11795.exe
2564	2832	WerFault.exe	Unicorn-21608.exe
2960	1292	WerFault.exe	Unicorn-38520.exe
2952	2496	WerFault.exe	Unicorn-46134.exe
2204	2092	WerFault.exe	Unicorn-17546.exe
2220	2824	WerFault.exe	Unicorn-59133.exe
324	1868	WerFault.exe	Unicorn-44188.exe
1888	2008	WerFault.exe	Unicorn-13461.exe
1620	1860	WerFault.exe	Unicorn-4271.exe
2856	688	WerFault.exe	Unicorn-43720.exe
1296	412	WerFault.exe	Unicorn-63586.exe
1640	824	WerFault.exe	Unicorn-5340.exe
1544	1664	WerFault.exe	Unicorn-12117.exe
2900	1372	WerFault.exe	Unicorn-9424.exe
564	864	WerFault.exe	Unicorn-9424.exe
344	2284	WerFault.exe	Unicorn-32345.exe
2148	1336	WerFault.exe	Unicorn-1619.exe
2588	1348	WerFault.exe	Unicorn-30997.exe
2572	2304	WerFault.exe	Unicorn-41857.exe
2580	1704	WerFault.exe	Unicorn-27467.exe
2288	2360	WerFault.exe	Unicorn-51609.exe
2964	1524	WerFault.exe	Unicorn-62470.exe
2716	792	WerFault.exe	Unicorn-16799.exe
860	2464	WerFault.exe	Unicorn-2771.exe
1552	2972	WerFault.exe	Unicorn-35635.exe
1520	2848	WerFault.exe	Unicorn-51417.exe
3140	2172	WerFault.exe	Unicorn-12330.exe
3428	2656	WerFault.exe	Unicorn-21437.exe
3452	2504	WerFault.exe	Unicorn-23191.exe
3804	2684	WerFault.exe	Unicorn-57722.exe
4044	2592	WerFault.exe	Unicorn-45387.exe
4076	3032	WerFault.exe	Unicorn-8246.exe
3120	2396	WerFault.exe	Unicorn-26804.exe
3124	2248	WerFault.exe	Unicorn-20691.exe
3580	2760	WerFault.exe	Unicorn-17266.exe
3604	2608	WerFault.exe	Unicorn-15874.exe
3652	2296	WerFault.exe	Unicorn-25988.exe
3680	2432	WerFault.exe	Unicorn-17266.exe
3728	2384	WerFault.exe	Unicorn-46409.exe
3812	1892	WerFault.exe	Unicorn-55584.exe
3884	2456	WerFault.exe	Unicorn-26721.exe
3924	768	WerFault.exe	Unicorn-2875.exe
3936	2640	WerFault.exe	Unicorn-39824.exe
3352	2328	WerFault.exe	Unicorn-33772.exe
3716	2508	WerFault.exe	Unicorn-32232.exe
3972	2108	WerFault.exe	Unicorn-49123.exe
3844	1692	WerFault.exe	Unicorn-42346.exe
3944	2632	WerFault.exe	Unicorn-23549.exe
4004	1532	WerFault.exe	Unicorn-15704.exe
3200	1996	WerFault.exe	Unicorn-18828.exe
3688	1516	WerFault.exe	Unicorn-16773.exe
3540	1332	WerFault.exe	Unicorn-57291.exe
3388	2168	WerFault.exe	Unicorn-54769.exe
3932	1788	WerFault.exe	Unicorn-37664.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exeUnicorn-50379.exeUnicorn-65215.exeUnicorn-54354.exeUnicorn-8121.exeUnicorn-50353.exeUnicorn-50353.exeUnicorn-41391.exeUnicorn-18833.exeUnicorn-64504.exeUnicorn-11795.exeUnicorn-21608.exeUnicorn-46134.exeUnicorn-38520.exeUnicorn-17546.exeUnicorn-13461.exeUnicorn-59133.exeUnicorn-44188.exeUnicorn-4271.exeUnicorn-43720.exeUnicorn-63586.exeUnicorn-5340.exeUnicorn-12117.exeUnicorn-9424.exeUnicorn-9424.exeUnicorn-1619.exeUnicorn-32345.exeUnicorn-30997.exeUnicorn-41857.exeUnicorn-27467.exeUnicorn-51609.exeUnicorn-16799.exeUnicorn-62470.exeUnicorn-45387.exeUnicorn-21437.exeUnicorn-2771.exeUnicorn-26721.exeUnicorn-35635.exeUnicorn-12330.exeUnicorn-23191.exeUnicorn-8246.exeUnicorn-20691.exeUnicorn-51417.exeUnicorn-57722.exeUnicorn-33772.exeUnicorn-18828.exeUnicorn-8713.exeUnicorn-45278.exeUnicorn-37664.exeUnicorn-26804.exeUnicorn-8521.exeUnicorn-19382.exeUnicorn-55584.exeUnicorn-2875.exeUnicorn-49938.exeUnicorn-25988.exeUnicorn-54022.exeUnicorn-46409.exeUnicorn-27380.exeUnicorn-737.exeUnicorn-54769.exeUnicorn-39824.exeUnicorn-50685.exeUnicorn-15874.exe

pid	process
756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
1672	Unicorn-50379.exe
2132	Unicorn-65215.exe
2308	Unicorn-54354.exe
2612	Unicorn-8121.exe
2700	Unicorn-50353.exe
2460	Unicorn-50353.exe
1316	Unicorn-41391.exe
2016	Unicorn-18833.exe
2996	Unicorn-64504.exe
2828	Unicorn-11795.exe
2832	Unicorn-21608.exe
2496	Unicorn-46134.exe
1292	Unicorn-38520.exe
2092	Unicorn-17546.exe
2008	Unicorn-13461.exe
2824	Unicorn-59133.exe
1868	Unicorn-44188.exe
1860	Unicorn-4271.exe
688	Unicorn-43720.exe
412	Unicorn-63586.exe
824	Unicorn-5340.exe
1664	Unicorn-12117.exe
1372	Unicorn-9424.exe
864	Unicorn-9424.exe
1336	Unicorn-1619.exe
2284	Unicorn-32345.exe
1348	Unicorn-30997.exe
2304	Unicorn-41857.exe
1704	Unicorn-27467.exe
2360	Unicorn-51609.exe
792	Unicorn-16799.exe
1524	Unicorn-62470.exe
2592	Unicorn-45387.exe
2656	Unicorn-21437.exe
2464	Unicorn-2771.exe
2456	Unicorn-26721.exe
2972	Unicorn-35635.exe
2172	Unicorn-12330.exe
2504	Unicorn-23191.exe
3032	Unicorn-8246.exe
2248	Unicorn-20691.exe
2848	Unicorn-51417.exe
2684	Unicorn-57722.exe
2328	Unicorn-33772.exe
1996	Unicorn-18828.exe
1252	Unicorn-8713.exe
2012	Unicorn-45278.exe
1788	Unicorn-37664.exe
2396	Unicorn-26804.exe
2080	Unicorn-8521.exe
1144	Unicorn-19382.exe
1892	Unicorn-55584.exe
768	Unicorn-2875.exe
2372	Unicorn-49938.exe
2296	Unicorn-25988.exe
1680	Unicorn-54022.exe
2384	Unicorn-46409.exe
1648	Unicorn-27380.exe
2316	Unicorn-737.exe
2168	Unicorn-54769.exe
2640	Unicorn-39824.exe
1032	Unicorn-50685.exe
2608	Unicorn-15874.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exeUnicorn-50379.exeUnicorn-65215.exeUnicorn-54354.exeUnicorn-8121.exeUnicorn-50353.exeUnicorn-50353.exeUnicorn-41391.exe

description	pid	process	target process
PID 756 wrote to memory of 1672	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-50379.exe
PID 756 wrote to memory of 1672	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-50379.exe
PID 756 wrote to memory of 1672	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-50379.exe
PID 756 wrote to memory of 1672	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-50379.exe
PID 1672 wrote to memory of 2308	1672	Unicorn-50379.exe	Unicorn-54354.exe
PID 1672 wrote to memory of 2308	1672	Unicorn-50379.exe	Unicorn-54354.exe
PID 1672 wrote to memory of 2308	1672	Unicorn-50379.exe	Unicorn-54354.exe
PID 1672 wrote to memory of 2308	1672	Unicorn-50379.exe	Unicorn-54354.exe
PID 756 wrote to memory of 2132	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-65215.exe
PID 756 wrote to memory of 2132	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-65215.exe
PID 756 wrote to memory of 2132	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-65215.exe
PID 756 wrote to memory of 2132	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	Unicorn-65215.exe
PID 756 wrote to memory of 2876	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	WerFault.exe
PID 756 wrote to memory of 2876	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	WerFault.exe
PID 756 wrote to memory of 2876	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	WerFault.exe
PID 756 wrote to memory of 2876	756	83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe	WerFault.exe
PID 2132 wrote to memory of 2700	2132	Unicorn-65215.exe	Unicorn-50353.exe
PID 2132 wrote to memory of 2700	2132	Unicorn-65215.exe	Unicorn-50353.exe
PID 2132 wrote to memory of 2700	2132	Unicorn-65215.exe	Unicorn-50353.exe
PID 2132 wrote to memory of 2700	2132	Unicorn-65215.exe	Unicorn-50353.exe
PID 2308 wrote to memory of 2460	2308	Unicorn-54354.exe	Unicorn-50353.exe
PID 2308 wrote to memory of 2460	2308	Unicorn-54354.exe	Unicorn-50353.exe
PID 2308 wrote to memory of 2460	2308	Unicorn-54354.exe	Unicorn-50353.exe
PID 2308 wrote to memory of 2460	2308	Unicorn-54354.exe	Unicorn-50353.exe
PID 1672 wrote to memory of 2612	1672	Unicorn-50379.exe	Unicorn-8121.exe
PID 1672 wrote to memory of 2612	1672	Unicorn-50379.exe	Unicorn-8121.exe
PID 1672 wrote to memory of 2612	1672	Unicorn-50379.exe	Unicorn-8121.exe
PID 1672 wrote to memory of 2612	1672	Unicorn-50379.exe	Unicorn-8121.exe
PID 1672 wrote to memory of 1948	1672	Unicorn-50379.exe	WerFault.exe
PID 1672 wrote to memory of 1948	1672	Unicorn-50379.exe	WerFault.exe
PID 1672 wrote to memory of 1948	1672	Unicorn-50379.exe	WerFault.exe
PID 1672 wrote to memory of 1948	1672	Unicorn-50379.exe	WerFault.exe
PID 2612 wrote to memory of 1316	2612	Unicorn-8121.exe	Unicorn-41391.exe
PID 2612 wrote to memory of 1316	2612	Unicorn-8121.exe	Unicorn-41391.exe
PID 2612 wrote to memory of 1316	2612	Unicorn-8121.exe	Unicorn-41391.exe
PID 2612 wrote to memory of 1316	2612	Unicorn-8121.exe	Unicorn-41391.exe
PID 2132 wrote to memory of 2996	2132	Unicorn-65215.exe	Unicorn-64504.exe
PID 2132 wrote to memory of 2996	2132	Unicorn-65215.exe	Unicorn-64504.exe
PID 2132 wrote to memory of 2996	2132	Unicorn-65215.exe	Unicorn-64504.exe
PID 2132 wrote to memory of 2996	2132	Unicorn-65215.exe	Unicorn-64504.exe
PID 2460 wrote to memory of 2016	2460	Unicorn-50353.exe	Unicorn-18833.exe
PID 2460 wrote to memory of 2016	2460	Unicorn-50353.exe	Unicorn-18833.exe
PID 2460 wrote to memory of 2016	2460	Unicorn-50353.exe	Unicorn-18833.exe
PID 2460 wrote to memory of 2016	2460	Unicorn-50353.exe	Unicorn-18833.exe
PID 2308 wrote to memory of 2828	2308	Unicorn-54354.exe	Unicorn-11795.exe
PID 2308 wrote to memory of 2828	2308	Unicorn-54354.exe	Unicorn-11795.exe
PID 2308 wrote to memory of 2828	2308	Unicorn-54354.exe	Unicorn-11795.exe
PID 2308 wrote to memory of 2828	2308	Unicorn-54354.exe	Unicorn-11795.exe
PID 2308 wrote to memory of 2528	2308	Unicorn-54354.exe	WerFault.exe
PID 2308 wrote to memory of 2528	2308	Unicorn-54354.exe	WerFault.exe
PID 2308 wrote to memory of 2528	2308	Unicorn-54354.exe	WerFault.exe
PID 2308 wrote to memory of 2528	2308	Unicorn-54354.exe	WerFault.exe
PID 2132 wrote to memory of 1540	2132	Unicorn-65215.exe	WerFault.exe
PID 2132 wrote to memory of 1540	2132	Unicorn-65215.exe	WerFault.exe
PID 2132 wrote to memory of 1540	2132	Unicorn-65215.exe	WerFault.exe
PID 2132 wrote to memory of 1540	2132	Unicorn-65215.exe	WerFault.exe
PID 2700 wrote to memory of 2832	2700	Unicorn-50353.exe	Unicorn-21608.exe
PID 2700 wrote to memory of 2832	2700	Unicorn-50353.exe	Unicorn-21608.exe
PID 2700 wrote to memory of 2832	2700	Unicorn-50353.exe	Unicorn-21608.exe
PID 2700 wrote to memory of 2832	2700	Unicorn-50353.exe	Unicorn-21608.exe
PID 1316 wrote to memory of 2496	1316	Unicorn-41391.exe	Unicorn-46134.exe
PID 1316 wrote to memory of 2496	1316	Unicorn-41391.exe	Unicorn-46134.exe
PID 1316 wrote to memory of 2496	1316	Unicorn-41391.exe	Unicorn-46134.exe
PID 1316 wrote to memory of 2496	1316	Unicorn-41391.exe	Unicorn-46134.exe

C:\Users\Admin\AppData\Local\Temp\83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe
"C:\Users\Admin\AppData\Local\Temp\83f1a5a6d8c83e7a95af9cf92c8228220cd4af877be7a9980ef9fb96e4be252c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
10⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
11⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
12⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
13⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
14⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
15⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
15⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
14⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
13⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
12⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
11⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
10⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
9⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
11⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-19965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19965.exe
12⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
13⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
14⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 216
14⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
13⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
12⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
11⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 216
10⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
- Program crash
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25988.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
9⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
11⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
12⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
13⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
14⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
14⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
13⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
10⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
9⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
8⤵
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
9⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
10⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
11⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
12⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
13⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
14⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
14⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
13⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
12⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
11⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
10⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
10⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
11⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
12⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
13⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
12⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
11⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
8⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
11⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
12⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
13⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
12⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 236
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
9⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
8⤵
- Program crash
PID:860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
9⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
11⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
12⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
13⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
14⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 236
14⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
13⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
12⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
11⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38527.exe
11⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
12⤵
PID:8472

C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
13⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 220
13⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 220
12⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
11⤵
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
10⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
11⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
12⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
13⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 236
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
8⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
12⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 220
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
9⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
8⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
7⤵
- Program crash
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
6⤵
- Program crash
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
10⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
11⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
12⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
13⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
13⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 236
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 236
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
8⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
7⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-13311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13311.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
11⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 236
12⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
11⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
8⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
7⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
6⤵
- Program crash
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
9⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
11⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
12⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
13⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
13⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
12⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
9⤵
- Program crash
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
8⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
12⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
13⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
13⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 236
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
9⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
8⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
8⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
11⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
12⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 240
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
9⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
8⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
7⤵
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
8⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
10⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
11⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
12⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
13⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
13⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
12⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
11⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
12⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
7⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
10⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
11⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
12⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 236
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
7⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
6⤵
- Program crash
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-20691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20691.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
8⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
11⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
12⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
13⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 220
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
10⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
11⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 220
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
11⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
10⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
7⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
11⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 236
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
8⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
7⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
7⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
9⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
10⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
11⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
11⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
10⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 236
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
6⤵
- Program crash
PID:344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
5⤵
- Program crash
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
10⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
11⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
12⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
13⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 236
13⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
12⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
11⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
9⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
11⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
12⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
7⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
11⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
12⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
12⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
8⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
7⤵
- Program crash
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
6⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
11⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
12⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
13⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 236
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
10⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
11⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
11⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
12⤵
PID:11556

C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
13⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
12⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 220
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
8⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
7⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
10⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
11⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
12⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
12⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 220
11⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
8⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
9⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
10⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 220
11⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
10⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
9⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
8⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
6⤵
- Program crash
PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
5⤵
- Program crash
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
8⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
11⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
12⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
13⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
12⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
11⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
10⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
11⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
12⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
12⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
11⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
7⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
10⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
11⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
12⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
8⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
7⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
7⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
10⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
11⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
11⤵
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
8⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
7⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-125.exe
9⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
10⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
11⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
10⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
7⤵
- Program crash
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
6⤵
- Program crash
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
7⤵
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
7⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
6⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
7⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
9⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
10⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
9⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
8⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
7⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
6⤵
- Program crash
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
5⤵
- Program crash
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
8⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
9⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
11⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
12⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
13⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
13⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
11⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
9⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
11⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
12⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
13⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 220
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
12⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
9⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
8⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
8⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
11⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
12⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
13⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
12⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 220
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-3913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3913.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
10⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
11⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
10⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
7⤵
- Program crash
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
8⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
12⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
11⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
10⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
11⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11072 -s 216
12⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
7⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
10⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
11⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 236
10⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 216
8⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
7⤵
- Program crash
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
6⤵
- Program crash
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
7⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
11⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
11⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
9⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
7⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
10⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
11⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
11⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 220
11⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
9⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
8⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
7⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
6⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
7⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
8⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-39866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39866.exe
10⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
11⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
11⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
10⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
9⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
8⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
7⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
6⤵
- Program crash
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
5⤵
- Program crash
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
8⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
11⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
12⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 236
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
11⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
10⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
8⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
11⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
12⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 236
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 236
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
10⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
6⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
7⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 236
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
11⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
8⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
9⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
10⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
11⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
10⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
9⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
8⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
7⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
6⤵
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
6⤵
- Executes dropped EXE
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
7⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-571.exe
10⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
11⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
12⤵
PID:12124

C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
13⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
12⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 220
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
10⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
10⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
11⤵
PID:11672

C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 212
11⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
10⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 220
9⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
8⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
7⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
6⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
8⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
9⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
10⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 236
10⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
9⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
8⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
7⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
6⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 220
5⤵
- Program crash
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
6⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
9⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
10⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
11⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 236
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
10⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
9⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
8⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
7⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
6⤵
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
6⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
7⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
9⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
10⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 236
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
10⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
9⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
8⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
7⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
6⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
7⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
8⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
9⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
10⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
10⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
9⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
8⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
7⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
6⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
5⤵
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
4⤵
- Program crash
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
2⤵
- Program crash
PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe

Filesize
184KB

MD5
0983b04c394e742f688b1c7401c77dfe

SHA1
46bedc922f459e2aaf0675c624f56999abae7f4a

SHA256
c6f0bab1b18da8839666e3bb84d70b3ed71678c6fe0bf443650992362c1ecc1a

SHA512
ba739dde797da2d29a92543943894b75ef38f538963eca4d9ce5d53883b1e6b0bc79e9ad50f1f63d8a2e9c42ad3e3abe3ac219c0f6c17c6a89a6a4ab6b88e2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe

Filesize
184KB

MD5
2f415c8e2d70d91fca97a1cfd354f4f0

SHA1
f0e57b24e58203c2dbda5d5273b1ee78be57d83b

SHA256
3260d9a6dbc1184e6a6ffe928cc8a95906b34e4a1daf0df3328bc31a54445d07

SHA512
2460b3492f1c2da4d2258f02f8b65bf639c0ade55b6e2ce40b6d0dc49f8a2fb54e2c5fdabdf6b2271d985d07ed7071e504511dc2ad0e93fcb55ef07e5ed47976

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe

Filesize
184KB

MD5
2c829f8dd2d7282681b60a20c2239a26

SHA1
e3e7e313c0d4d01a82311a2f9c3d6403ece55854

SHA256
15b5d7462b0b709d42c7b905e3821bca21b99b4e0f09d864857382d05bef52b8

SHA512
7b6abf5e633558eb323a0ac0c163d2327db63e267bab749baa6837908f172a251c9519e1cb0b8f613fcceea4903c9d63350fd4cc9d8cbc1099309074244938a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe

Filesize
184KB

MD5
d2bde8a867e517a7f19ee0c64f8c893f

SHA1
00107238cc66f50205d1e4b5e61490975c8efc7e

SHA256
2fbae1b98bd6ef3d510596ee98f2dbc2c48ffe3f96bd5bf2d9aa20f78bafc0b7

SHA512
b75eebd3cda289c86a6e87b4489d00a4d01ee7a78671ca80010e2f7124eef688e659a4e735d638f097bde87038aa11c2bccdb1cb03858bedc60926abd5fcb5e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe

Filesize
184KB

MD5
5c836ff7c559fc78cefa3182dc0cdc04

SHA1
9f417435900985337731165af55aed37176b4963

SHA256
dd580fb868aceeff9992369e043fb223f6740e05d05aa34cbb4303a1b767a28e

SHA512
19ba62174eaf41b7f928ffe61ea30ea739182a4fce1722690b5661380fdf236ce37ee9158ef442135d850cf32e6e4021530c43b6e685021a8de0a9a7c9a05070

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe

Filesize
184KB

MD5
918efa759f52190e7577cdcd95c804fc

SHA1
aa94caf869e933acd1da54c622cae2365c72448c

SHA256
44de2103c18ea7ba4a13acc6cb9762f3870c2778e07175c3ddaac182ee1b327d

SHA512
40436da2e9ec27f62ba668e3e39c0442fab5d5cae780d1b473ca5d880b979ca3c712c9b02d03347793bb681df531403e290fd9149fa93810e7e6cb5ff00e2408

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe

Filesize
184KB

MD5
9d935a1f96b8f0488cbb04a8367f7e90

SHA1
09c21aaf3a122bd70dd2f7e338777a9880b89e75

SHA256
bf4a0599776707ce632dd75a98d6672b1c5df68ed7ab923805d3c0e08e73af2b

SHA512
b397a75c12165bbb10983106edd26c0fb05c1bfb0f3f20f0c65010c17bc11cb237d7b6b581229925a690795f54403e15d91de84be9d480a723111b26d60163bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe

Filesize
184KB

MD5
2712ea0f07737ead7c1872e0c8365eb9

SHA1
32038255a0e2ac4d6bf40f0db7c2d0ed5cbefc59

SHA256
3688683808ea0b1532b8c8f9d4cb58c088857209a550f5a53aa89222677738bc

SHA512
a007960f5d0e4626063db51c535e7d20c1d5d9dd26a664b0fb288c49acb7957c5015ac2420c4f8e708716160963ccb71147d553ba91844eea36e3a30b46367e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe

Filesize
184KB

MD5
f05a4000f6bf33ec785cb623f17a5b9b

SHA1
3d91fcaf691dd760d3037dd24ba0c4b36aa38c06

SHA256
bba4594ac69e67bb2bebd249a67a1f938b6b23a178216e614bdd9a7153b74034

SHA512
7e9ff92b601870d9b15f1079cd1aac481b9c5c930b9d120ac7e05de3ed047761eeeaed408484a32f35284c95898917b30047226e604db20092765071f70f7498

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe

Filesize
184KB

MD5
651cd6eede101805b44c70de86e12c1f

SHA1
310dc1c7f7cadb764eafa40daf469b1ff254a813

SHA256
caf3c0b0271e4bab4d1bbac3a1ad0144df13822df8875c16026e2f275a48383a

SHA512
a95082ce7e3ef760fc8333cc8aa66bdbb5f3fb9aa76a2646f70bbbb8f9768f4b52771aab81e37713d4c7af7a46bab52c3ee9810a563672d359d1989b7bee561a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe

Filesize
184KB

MD5
7cfc160ea3bf064ccd96269546066282

SHA1
7cbc902dadc1cfdb11ee0932bca361d65d41be4f

SHA256
50cc0ba7978cd9545ebfd9459d88c338ab23cd4312bf21faa5fb2e57f20a0c09

SHA512
588daae29562c00888bbc741a3a1df637beec8f3a6cf42919745afdacfb8fb61c7edd0cf104f55ba9fd3ac19fe2280b0b758cccc87495b836b1a0903cc5db4e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe

Filesize
184KB

MD5
44cd92cac36fa30a0783d53971d37403

SHA1
2afabfaf0c3f2bf37a79b243454d6ba45808bea5

SHA256
96851a49bec1568f8c6217b20427549e45cc05c14d04d999539692de15e2e0e6

SHA512
bc2302823d8e6c88bec36b7e33ce57811b5564d90e7a17f4b0bdfe64d1d38159e4adaa4d8f1de2a08b9df6952e876513a05a3fa56f24badd2325f6a4918e0460

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe

Filesize
184KB

MD5
7526192bea1e93268fa33fa89ddcc8d9

SHA1
7e10f8f7c613aac2112ab66b14e3b46564ef94b1

SHA256
4b99984b2bb64d0452165e5c4d49ffb97508b6c6884fd527f0a031b5b8d3b2d3

SHA512
40eea248435f0e7994a851b461d24e2bf2ec0567f3149c9d43c4ce1c50578f62181420d90d03c3b486b65801538b63f9edffb0642e3042ffd62dc55293075abb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe

Filesize
184KB

MD5
4f396ce83a0c666a5cf9c2fa6e9fbb12

SHA1
12d27b5aa70feae537b92c0382dd4a29ec970017

SHA256
894907f38ccdfad7ec35c07687e1ef4d016429980f0fa0d0dedd0503c13f6abc

SHA512
f7f3b384669cfdc4c84482692a184140a53cd5d019fe4decc267d5d114ed5e18df1f104275ab0dbf70013d1869dfdc509d94371060b322ae31bcee4b3921c412

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe

Filesize
184KB

MD5
a434120026e49ca6fde36208ad9682a2

SHA1
75ce02634f73ab13498820a088cf9aa656d759e5

SHA256
94616876cbb99109fcb8cf3b1df7b1ac6c17851f5cf244d18657ba5c5d297fed

SHA512
768e4643e5835da37f0f47be8a43031487106d7a355384b5b59eb98720a37be3bcba7e317d3f6a31f49fb6a47598a7fb21ecde8f67c12c210894fdef50fc916b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe

Filesize
184KB

MD5
9d95558218232344b0821c3e123292ef

SHA1
0b8581e3a583a01d9bb8f05cb9ef953fd852da9b

SHA256
79034edf89aff75a01e4353c7bc20fbdc67e74a90f9410b25f927510514ee249

SHA512
f83dc9291a56d0f54e54f5a9d7da142500478a2b2ce6e4a543c4dd5739957377da3a71740c4199e146c894d84e1d2727834f14c811c72722e1838e5236ecd376

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe

Filesize
184KB

MD5
71fcc8db1dd95ba86df5b42644164d1f

SHA1
e44b9f10f9912913cff85c777286c0037b1b7ab4

SHA256
ea75bd8705061ec4c841951a4e87f624d850c115426f8e20ab55a3f77a19be92

SHA512
ced78617640fb2d21d8389082794161ff052aa1544cf65deb233f4739770ac34065e3ef1a07979610f814dfff3de21343486945740de9b1ea9a23118d1e563e7

Download Submit