3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
Size

184KB
MD5

bb4af28363aa9112f28dd3c4c65e3630
SHA1

58189eb891781b4a5ebf129cfb3b03463730075e
SHA256

3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d
SHA512

c0d7c40f9cf9e57262fece28df20066d37a133ee66295dbcda55a32e48f8fff487887c7045ca063be1ad2f431131c1a0c70f7f30807dcfbeac091a3b1b1f7400
SSDEEP

3072:PRk3L8odFYFTdlaWeQALRqszhlnViFgn3:PRzoSJlaLL4szhlnViFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-427.exeUnicorn-2648.exeUnicorn-13509.exeUnicorn-17999.exeUnicorn-60977.exeUnicorn-6301.exeUnicorn-24304.exeUnicorn-8522.exeUnicorn-32472.exeUnicorn-39270.exeUnicorn-50131.exeUnicorn-15403.exeUnicorn-35269.exeUnicorn-20879.exeUnicorn-5097.exeUnicorn-24963.exeUnicorn-63857.exeUnicorn-48076.exeUnicorn-44553.exeUnicorn-24687.exeUnicorn-32855.exeUnicorn-36385.exeUnicorn-1574.exeUnicorn-57360.exeUnicorn-46499.exeUnicorn-50583.exeUnicorn-30717.exeUnicorn-4075.exeUnicorn-54667.exeUnicorn-43244.exeUnicorn-9825.exeUnicorn-40552.exeUnicorn-20686.exeUnicorn-16048.exeUnicorn-65056.exeUnicorn-38414.exeUnicorn-22632.exeUnicorn-53359.exeUnicorn-32192.exeUnicorn-5549.exeUnicorn-36276.exeUnicorn-20494.exeUnicorn-46582.exeUnicorn-57443.exeUnicorn-30800.exeUnicorn-50666.exeUnicorn-48803.exeUnicorn-15939.exeUnicorn-15939.exeUnicorn-34967.exeUnicorn-24107.exeUnicorn-10463.exeUnicorn-14547.exeUnicorn-53463.exeUnicorn-43904.exeUnicorn-6400.exeUnicorn-10484.exeUnicorn-21345.exeUnicorn-27375.exeUnicorn-16515.exeUnicorn-59493.exeUnicorn-39073.exeUnicorn-23291.exeUnicorn-8346.exe

pid	process
2120	Unicorn-427.exe
1956	Unicorn-2648.exe
2660	Unicorn-13509.exe
2652	Unicorn-17999.exe
2828	Unicorn-60977.exe
2688	Unicorn-6301.exe
1860	Unicorn-24304.exe
2764	Unicorn-8522.exe
2340	Unicorn-32472.exe
2432	Unicorn-39270.exe
2444	Unicorn-50131.exe
2276	Unicorn-15403.exe
1760	Unicorn-35269.exe
2840	Unicorn-20879.exe
2892	Unicorn-5097.exe
2324	Unicorn-24963.exe
776	Unicorn-63857.exe
648	Unicorn-48076.exe
2384	Unicorn-44553.exe
1964	Unicorn-24687.exe
1560	Unicorn-32855.exe
956	Unicorn-36385.exe
952	Unicorn-1574.exe
304	Unicorn-57360.exe
692	Unicorn-46499.exe
2084	Unicorn-50583.exe
2100	Unicorn-30717.exe
1796	Unicorn-4075.exe
2016	Unicorn-54667.exe
3008	Unicorn-43244.exe
3048	Unicorn-9825.exe
2356	Unicorn-40552.exe
3064	Unicorn-20686.exe
2360	Unicorn-16048.exe
2196	Unicorn-65056.exe
2528	Unicorn-38414.exe
2708	Unicorn-22632.exe
2344	Unicorn-53359.exe
2592	Unicorn-32192.exe
2844	Unicorn-5549.exe
3032	Unicorn-36276.exe
1604	Unicorn-20494.exe
1636	Unicorn-46582.exe
1812	Unicorn-57443.exe
1844	Unicorn-30800.exe
1476	Unicorn-50666.exe
2376	Unicorn-48803.exe
1612	Unicorn-15939.exe
2076	Unicorn-15939.exe
448	Unicorn-34967.exe
708	Unicorn-24107.exe
1740	Unicorn-10463.exe
2408	Unicorn-14547.exe
2976	Unicorn-53463.exe
1756	Unicorn-43904.exe
1656	Unicorn-6400.exe
1748	Unicorn-10484.exe
1852	Unicorn-21345.exe
1688	Unicorn-27375.exe
844	Unicorn-16515.exe
2624	Unicorn-59493.exe
2680	Unicorn-39073.exe
2824	Unicorn-23291.exe
2544	Unicorn-8346.exe

Loads dropped DLL 64 IoCs

Processes:

3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exeUnicorn-427.exeUnicorn-13509.exeUnicorn-2648.exeWerFault.exeUnicorn-17999.exeUnicorn-6301.exeUnicorn-60977.exeWerFault.exeWerFault.exeUnicorn-24304.exeUnicorn-32472.exeUnicorn-8522.exeUnicorn-39270.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
2120	Unicorn-427.exe
2120	Unicorn-427.exe
2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
2660	Unicorn-13509.exe
2660	Unicorn-13509.exe
1956	Unicorn-2648.exe
1956	Unicorn-2648.exe
2120	Unicorn-427.exe
2120	Unicorn-427.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2652	Unicorn-17999.exe
2652	Unicorn-17999.exe
2660	Unicorn-13509.exe
2660	Unicorn-13509.exe
2688	Unicorn-6301.exe
2688	Unicorn-6301.exe
2828	Unicorn-60977.exe
2828	Unicorn-60977.exe
1956	Unicorn-2648.exe
1956	Unicorn-2648.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
2652	Unicorn-17999.exe
2652	Unicorn-17999.exe
1860	Unicorn-24304.exe
1860	Unicorn-24304.exe
2340	Unicorn-32472.exe
2340	Unicorn-32472.exe
2688	Unicorn-6301.exe
2688	Unicorn-6301.exe
2764	Unicorn-8522.exe
2764	Unicorn-8522.exe
2432	Unicorn-39270.exe
2432	Unicorn-39270.exe
2828	Unicorn-60977.exe
2828	Unicorn-60977.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2672	2848	WerFault.exe	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
2980	2120	WerFault.exe	Unicorn-427.exe
2440	2660	WerFault.exe	Unicorn-13509.exe
1300	1956	WerFault.exe	Unicorn-2648.exe
572	2652	WerFault.exe	Unicorn-17999.exe
1816	2688	WerFault.exe	Unicorn-6301.exe
2496	2828	WerFault.exe	Unicorn-60977.exe
1180	1860	WerFault.exe	Unicorn-24304.exe
1580	2340	WerFault.exe	Unicorn-32472.exe
2152	2444	WerFault.exe	Unicorn-50131.exe
1672	2432	WerFault.exe	Unicorn-39270.exe
2268	2276	WerFault.exe	Unicorn-15403.exe
1220	1760	WerFault.exe	Unicorn-35269.exe
1908	2840	WerFault.exe	Unicorn-20879.exe
2288	2892	WerFault.exe	Unicorn-5097.exe
2068	2324	WerFault.exe	Unicorn-24963.exe
324	776	WerFault.exe	Unicorn-63857.exe
1388	648	WerFault.exe	Unicorn-48076.exe
1264	2384	WerFault.exe	Unicorn-44553.exe
2140	1964	WerFault.exe	Unicorn-24687.exe
560	1560	WerFault.exe	Unicorn-32855.exe
1132	956	WerFault.exe	Unicorn-36385.exe
2148	952	WerFault.exe	Unicorn-1574.exe
2996	304	WerFault.exe	Unicorn-57360.exe
1976	2100	WerFault.exe	Unicorn-30717.exe
1060	2016	WerFault.exe	Unicorn-54667.exe
2856	692	WerFault.exe	Unicorn-46499.exe
1600	1796	WerFault.exe	Unicorn-4075.exe
2632	3008	WerFault.exe	Unicorn-43244.exe
2776	3048	WerFault.exe	Unicorn-9825.exe
1308	2356	WerFault.exe	Unicorn-40552.exe
1864	3064	WerFault.exe	Unicorn-20686.exe
3036	2360	WerFault.exe	Unicorn-16048.exe
3148	2844	WerFault.exe	Unicorn-5549.exe
3248	1604	WerFault.exe	Unicorn-20494.exe
3256	1476	WerFault.exe	Unicorn-50666.exe
3280	2592	WerFault.exe	Unicorn-32192.exe
3636	2344	WerFault.exe	Unicorn-53359.exe
3868	3032	WerFault.exe	Unicorn-36276.exe
4056	2528	WerFault.exe	Unicorn-38414.exe
3476	1812	WerFault.exe	Unicorn-57443.exe
3820	2196	WerFault.exe	Unicorn-65056.exe
3828	1844	WerFault.exe	Unicorn-30800.exe
3904	1688	WerFault.exe	Unicorn-27375.exe
3960	2584	WerFault.exe	Unicorn-18461.exe
4004	2568	WerFault.exe	Unicorn-14376.exe
4020	2544	WerFault.exe	Unicorn-8346.exe
4028	2336	WerFault.exe	Unicorn-26629.exe
3900	2524	WerFault.exe	Unicorn-8346.exe
4092	1936	WerFault.exe	Unicorn-43711.exe
2732	1748	WerFault.exe	Unicorn-10484.exe
3168	1652	WerFault.exe	Unicorn-64132.exe
3160	2624	WerFault.exe	Unicorn-59493.exe
3300	1852	WerFault.exe	Unicorn-21345.exe
3360	1636	WerFault.exe	Unicorn-46582.exe
3464	2328	WerFault.exe	Unicorn-2679.exe
3528	1656	WerFault.exe	Unicorn-6400.exe
3616	2708	WerFault.exe	Unicorn-22632.exe
3776	2376	WerFault.exe	Unicorn-48803.exe
3460	1256	WerFault.exe	Unicorn-52648.exe
3484	1576	WerFault.exe	Unicorn-33619.exe
3680	448	WerFault.exe	Unicorn-34967.exe
4000	3028	WerFault.exe	Unicorn-54615.exe
3920	2720	WerFault.exe	Unicorn-64921.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exeUnicorn-427.exeUnicorn-13509.exeUnicorn-2648.exeUnicorn-17999.exeUnicorn-60977.exeUnicorn-6301.exeUnicorn-24304.exeUnicorn-8522.exeUnicorn-32472.exeUnicorn-50131.exeUnicorn-39270.exeUnicorn-35269.exeUnicorn-15403.exeUnicorn-20879.exeUnicorn-5097.exeUnicorn-24963.exeUnicorn-63857.exeUnicorn-48076.exeUnicorn-44553.exeUnicorn-24687.exeUnicorn-32855.exeUnicorn-36385.exeUnicorn-1574.exeUnicorn-57360.exeUnicorn-46499.exeUnicorn-30717.exeUnicorn-50583.exeUnicorn-4075.exeUnicorn-54667.exeUnicorn-43244.exeUnicorn-9825.exeUnicorn-40552.exeUnicorn-20686.exeUnicorn-16048.exeUnicorn-38414.exeUnicorn-65056.exeUnicorn-53359.exeUnicorn-22632.exeUnicorn-32192.exeUnicorn-20494.exeUnicorn-5549.exeUnicorn-36276.exeUnicorn-57443.exeUnicorn-46582.exeUnicorn-30800.exeUnicorn-50666.exeUnicorn-48803.exeUnicorn-15939.exeUnicorn-34967.exeUnicorn-15939.exeUnicorn-24107.exeUnicorn-10463.exeUnicorn-14547.exeUnicorn-53463.exeUnicorn-43904.exeUnicorn-6400.exeUnicorn-10484.exeUnicorn-21345.exeUnicorn-27375.exeUnicorn-16515.exeUnicorn-59493.exeUnicorn-39073.exeUnicorn-23291.exe

pid	process
2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
2120	Unicorn-427.exe
2660	Unicorn-13509.exe
1956	Unicorn-2648.exe
2652	Unicorn-17999.exe
2828	Unicorn-60977.exe
2688	Unicorn-6301.exe
1860	Unicorn-24304.exe
2764	Unicorn-8522.exe
2340	Unicorn-32472.exe
2444	Unicorn-50131.exe
2432	Unicorn-39270.exe
1760	Unicorn-35269.exe
2276	Unicorn-15403.exe
2840	Unicorn-20879.exe
2892	Unicorn-5097.exe
2324	Unicorn-24963.exe
776	Unicorn-63857.exe
648	Unicorn-48076.exe
2384	Unicorn-44553.exe
1964	Unicorn-24687.exe
1560	Unicorn-32855.exe
956	Unicorn-36385.exe
952	Unicorn-1574.exe
304	Unicorn-57360.exe
692	Unicorn-46499.exe
2100	Unicorn-30717.exe
2084	Unicorn-50583.exe
1796	Unicorn-4075.exe
2016	Unicorn-54667.exe
3008	Unicorn-43244.exe
3048	Unicorn-9825.exe
2356	Unicorn-40552.exe
3064	Unicorn-20686.exe
2360	Unicorn-16048.exe
2528	Unicorn-38414.exe
2196	Unicorn-65056.exe
2344	Unicorn-53359.exe
2708	Unicorn-22632.exe
2592	Unicorn-32192.exe
1604	Unicorn-20494.exe
2844	Unicorn-5549.exe
3032	Unicorn-36276.exe
1812	Unicorn-57443.exe
1636	Unicorn-46582.exe
1844	Unicorn-30800.exe
1476	Unicorn-50666.exe
2376	Unicorn-48803.exe
2076	Unicorn-15939.exe
448	Unicorn-34967.exe
1612	Unicorn-15939.exe
708	Unicorn-24107.exe
1740	Unicorn-10463.exe
2408	Unicorn-14547.exe
2976	Unicorn-53463.exe
1756	Unicorn-43904.exe
1656	Unicorn-6400.exe
1748	Unicorn-10484.exe
1852	Unicorn-21345.exe
1688	Unicorn-27375.exe
844	Unicorn-16515.exe
2624	Unicorn-59493.exe
2680	Unicorn-39073.exe
2824	Unicorn-23291.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exeUnicorn-427.exeUnicorn-13509.exeUnicorn-2648.exeUnicorn-17999.exeUnicorn-6301.exeUnicorn-60977.exe

description	pid	process	target process
PID 2848 wrote to memory of 2120	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-427.exe
PID 2848 wrote to memory of 2120	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-427.exe
PID 2848 wrote to memory of 2120	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-427.exe
PID 2848 wrote to memory of 2120	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-427.exe
PID 2120 wrote to memory of 1956	2120	Unicorn-427.exe	Unicorn-2648.exe
PID 2120 wrote to memory of 1956	2120	Unicorn-427.exe	Unicorn-2648.exe
PID 2120 wrote to memory of 1956	2120	Unicorn-427.exe	Unicorn-2648.exe
PID 2120 wrote to memory of 1956	2120	Unicorn-427.exe	Unicorn-2648.exe
PID 2848 wrote to memory of 2660	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-13509.exe
PID 2848 wrote to memory of 2660	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-13509.exe
PID 2848 wrote to memory of 2660	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-13509.exe
PID 2848 wrote to memory of 2660	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	Unicorn-13509.exe
PID 2848 wrote to memory of 2672	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	WerFault.exe
PID 2848 wrote to memory of 2672	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	WerFault.exe
PID 2848 wrote to memory of 2672	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	WerFault.exe
PID 2848 wrote to memory of 2672	2848	3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe	WerFault.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-13509.exe	Unicorn-17999.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-13509.exe	Unicorn-17999.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-13509.exe	Unicorn-17999.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-13509.exe	Unicorn-17999.exe
PID 1956 wrote to memory of 2828	1956	Unicorn-2648.exe	Unicorn-60977.exe
PID 1956 wrote to memory of 2828	1956	Unicorn-2648.exe	Unicorn-60977.exe
PID 1956 wrote to memory of 2828	1956	Unicorn-2648.exe	Unicorn-60977.exe
PID 1956 wrote to memory of 2828	1956	Unicorn-2648.exe	Unicorn-60977.exe
PID 2120 wrote to memory of 2688	2120	Unicorn-427.exe	Unicorn-6301.exe
PID 2120 wrote to memory of 2688	2120	Unicorn-427.exe	Unicorn-6301.exe
PID 2120 wrote to memory of 2688	2120	Unicorn-427.exe	Unicorn-6301.exe
PID 2120 wrote to memory of 2688	2120	Unicorn-427.exe	Unicorn-6301.exe
PID 2120 wrote to memory of 2980	2120	Unicorn-427.exe	WerFault.exe
PID 2120 wrote to memory of 2980	2120	Unicorn-427.exe	WerFault.exe
PID 2120 wrote to memory of 2980	2120	Unicorn-427.exe	WerFault.exe
PID 2120 wrote to memory of 2980	2120	Unicorn-427.exe	WerFault.exe
PID 2652 wrote to memory of 1860	2652	Unicorn-17999.exe	Unicorn-24304.exe
PID 2652 wrote to memory of 1860	2652	Unicorn-17999.exe	Unicorn-24304.exe
PID 2652 wrote to memory of 1860	2652	Unicorn-17999.exe	Unicorn-24304.exe
PID 2652 wrote to memory of 1860	2652	Unicorn-17999.exe	Unicorn-24304.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-13509.exe	Unicorn-8522.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-13509.exe	Unicorn-8522.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-13509.exe	Unicorn-8522.exe
PID 2660 wrote to memory of 2764	2660	Unicorn-13509.exe	Unicorn-8522.exe
PID 2688 wrote to memory of 2340	2688	Unicorn-6301.exe	Unicorn-32472.exe
PID 2688 wrote to memory of 2340	2688	Unicorn-6301.exe	Unicorn-32472.exe
PID 2688 wrote to memory of 2340	2688	Unicorn-6301.exe	Unicorn-32472.exe
PID 2688 wrote to memory of 2340	2688	Unicorn-6301.exe	Unicorn-32472.exe
PID 2828 wrote to memory of 2432	2828	Unicorn-60977.exe	Unicorn-39270.exe
PID 2828 wrote to memory of 2432	2828	Unicorn-60977.exe	Unicorn-39270.exe
PID 2828 wrote to memory of 2432	2828	Unicorn-60977.exe	Unicorn-39270.exe
PID 2828 wrote to memory of 2432	2828	Unicorn-60977.exe	Unicorn-39270.exe
PID 1956 wrote to memory of 2444	1956	Unicorn-2648.exe	Unicorn-50131.exe
PID 1956 wrote to memory of 2444	1956	Unicorn-2648.exe	Unicorn-50131.exe
PID 1956 wrote to memory of 2444	1956	Unicorn-2648.exe	Unicorn-50131.exe
PID 1956 wrote to memory of 2444	1956	Unicorn-2648.exe	Unicorn-50131.exe
PID 2660 wrote to memory of 2440	2660	Unicorn-13509.exe	WerFault.exe
PID 2660 wrote to memory of 2440	2660	Unicorn-13509.exe	WerFault.exe
PID 2660 wrote to memory of 2440	2660	Unicorn-13509.exe	WerFault.exe
PID 2660 wrote to memory of 2440	2660	Unicorn-13509.exe	WerFault.exe
PID 1956 wrote to memory of 1300	1956	Unicorn-2648.exe	WerFault.exe
PID 1956 wrote to memory of 1300	1956	Unicorn-2648.exe	WerFault.exe
PID 1956 wrote to memory of 1300	1956	Unicorn-2648.exe	WerFault.exe
PID 1956 wrote to memory of 1300	1956	Unicorn-2648.exe	WerFault.exe
PID 2652 wrote to memory of 2276	2652	Unicorn-17999.exe	Unicorn-15403.exe
PID 2652 wrote to memory of 2276	2652	Unicorn-17999.exe	Unicorn-15403.exe
PID 2652 wrote to memory of 2276	2652	Unicorn-17999.exe	Unicorn-15403.exe
PID 2652 wrote to memory of 2276	2652	Unicorn-17999.exe	Unicorn-15403.exe

C:\Users\Admin\AppData\Local\Temp\3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe
"C:\Users\Admin\AppData\Local\Temp\3db768c06118919f90b2b2ed292676df57917f60967e0e4f499b72dc2342759d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
9⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
10⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
11⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
12⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
13⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
14⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 220
15⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
14⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
13⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
12⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
11⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
12⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
13⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
14⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
14⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
13⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
12⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
11⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
9⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
11⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
12⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
13⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
14⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
13⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
11⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
10⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
9⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43711.exe
8⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
9⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
12⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
13⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
14⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
12⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
11⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
10⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
9⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
8⤵
- Executes dropped EXE
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
9⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
10⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
11⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-10334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10334.exe
12⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
13⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
13⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
12⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
10⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
9⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
8⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-2026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2026.exe
12⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
13⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 236
13⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
11⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
9⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 220
8⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
7⤵
- Program crash
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
9⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
10⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
11⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
12⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
13⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
14⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 236
13⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
12⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
9⤵
- Program crash
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
12⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
13⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 236
13⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
12⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
8⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
7⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
8⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
11⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
12⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 236
12⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
11⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
9⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
8⤵
- Program crash
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
7⤵
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
6⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
8⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
10⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
11⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
12⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
13⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
13⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
12⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
11⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
11⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
12⤵
PID:11640

C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 220
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
8⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
7⤵
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
7⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-2223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2223.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
11⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
12⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
13⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
9⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
8⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
10⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 220
12⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
11⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
10⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
7⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
6⤵
- Program crash
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
11⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
12⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
13⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
12⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
11⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
10⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
11⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 236
12⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
11⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
10⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
7⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
11⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
12⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
8⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
7⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
7⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
9⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
10⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 244
11⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 236
10⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
9⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
8⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
7⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
6⤵
- Program crash
PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
5⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
9⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
11⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
12⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
13⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 236
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 236
12⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
11⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
10⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
9⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
8⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
10⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
11⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
12⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
8⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
8⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
11⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
12⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 236
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
10⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
9⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
8⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
7⤵
- Program crash
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
8⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
11⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
12⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
13⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
10⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
8⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
10⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
11⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
8⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
7⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
6⤵
- Program crash
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
7⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
10⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
11⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
12⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
13⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 216
12⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
11⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
8⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
7⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
10⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
11⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
12⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
8⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
6⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
7⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
10⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
11⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
12⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
12⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
11⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
8⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
9⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-19131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19131.exe
10⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
11⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 236
10⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
9⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
8⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
7⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
6⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
5⤵
- Program crash
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-18949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18949.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
11⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
12⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
9⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
8⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
7⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
10⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
11⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
12⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 236
11⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
10⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
8⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
7⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
7⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
11⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
11⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
7⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
6⤵
- Program crash
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-54885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54885.exe
9⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
11⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
12⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 236
12⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 236
11⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
10⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
7⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
8⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
9⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
10⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 220
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
10⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
9⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
8⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
7⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
6⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
7⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
8⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
9⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
10⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 216
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
10⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
9⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
8⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 216
7⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
6⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
5⤵
- Program crash
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
8⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
9⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
12⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
13⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 220
13⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
12⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
10⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
9⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
8⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
11⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
12⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
13⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
9⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
8⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
7⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
12⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
13⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
9⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
8⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
7⤵
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
6⤵
- Program crash
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
8⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
9⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
10⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 220
11⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
10⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-38916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38916.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-56172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56172.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
7⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
11⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-23130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23130.exe
12⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
12⤵
PID:836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
8⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
7⤵
- Program crash
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
7⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
11⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 236
12⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
11⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
10⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
9⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
10⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
11⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
11⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
10⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
9⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
8⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
7⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
6⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
5⤵
- Program crash
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
11⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
12⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
13⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
14⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 220
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
12⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
10⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
9⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
10⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
11⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
12⤵
PID:11632

C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
12⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 240
12⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
11⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
7⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
10⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-13624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13624.exe
11⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
12⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
11⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
8⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
7⤵
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
8⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37994.exe
10⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
11⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
12⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 216
9⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
9⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
10⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 220
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
10⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
7⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
6⤵
- Program crash
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
7⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
10⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
11⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
11⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
9⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
8⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
9⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
10⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
11⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 220
12⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
10⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
8⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
7⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
6⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
8⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 220
9⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 240
8⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
7⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
- Program crash
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
5⤵
- Program crash
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
7⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
8⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
8⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
7⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
8⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
10⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
11⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
12⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
11⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
9⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
7⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
6⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
9⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
10⤵
PID:8912

C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
11⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 236
10⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
9⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
7⤵
- Program crash
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
6⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
6⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
11⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
12⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
12⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
8⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
9⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
10⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
11⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 216
11⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
10⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
9⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
8⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
7⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
6⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
7⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
8⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
9⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
10⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
11⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
10⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
9⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 236
8⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
7⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
6⤵
- Program crash
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
5⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
7⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
11⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
12⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
12⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
10⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
8⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
9⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
10⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
11⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
11⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
10⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
9⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
8⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
7⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
6⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
8⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
9⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
10⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
11⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 236
11⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
10⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
9⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
8⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
7⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
6⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
6⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
7⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-36603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36603.exe
8⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-17029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17029.exe
9⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
10⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
10⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
9⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
8⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
7⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
6⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
7⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
8⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
9⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
9⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
8⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
7⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
6⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
2⤵
- Program crash
PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe

Filesize
184KB

MD5
f97aedd01c0dbc7a774538cb247016ba

SHA1
5e851c98287d795c789008573e6f1178d4865f04

SHA256
39f9b80608cdefbe80aa7779592081dc3092239b9f8bc1df7065004be91e7ea3

SHA512
2b2b03061b292ba02bb00cb3d5ae4df6375ee77236ceab1b7149a69f924d514a4c7e6cffc88872f7be013ed371a7b34460e38b2abf783f0fc656aa1e399ae675

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe

Filesize
184KB

MD5
c17dd073f22ee26f884249184358570e

SHA1
5766a1a6506c9e1083a41ae6e454ef7988c6c796

SHA256
c09386f97d6bbe75781d9fc427cdd29f2da34038f5d5164c071d17df871d7e82

SHA512
40d0977792a8a4d68198e428870cf8fd92629f152b0eff88c1ee6651df3dc7f24dd9adf40707a9e764631f6a60f3ce5c1248dddba4095f06a601b02dc2775cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe

Filesize
184KB

MD5
720dd71a0cf30db7053d70f660f198f5

SHA1
e08820f9856f3a04be5a5756c6582e1ae16c2ee7

SHA256
e45538fc80bf97f756895966755182cd4f0ae93315725ff345bfbc4c49019a44

SHA512
c87df6a2c6ece6ecf952c8d47d97ea12bc4f69d89407e01fef0ae7c938b396e53806c2a198468e3cefdc3dfbd68e717c513bc747cb4a6e01996ac8f49875077a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe

Filesize
184KB

MD5
9789ca36dbbd51332c179280fd77cddd

SHA1
d95b7bd4dcad235160a5d4f16d2543d1a77696d0

SHA256
35c354e3b95e852df5562106d550fb951c31d5e53eef442b094707a664055f0f

SHA512
8c5351978f8733533ef9f64b027044090bc7b5d2ab112dd762832d3e2d657e4b01a1285f86aa5569d90ec82a5463e7e63eb339bfd17b7dd3d9f17dde1e18f514

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe

Filesize
184KB

MD5
28cfbe4401643a604dc62fa8149594aa

SHA1
2472fedfa00ccbee3a139f5a7ab9c99deafb6384

SHA256
2302ca0c9841b129ec5ca2253cb793f9da07b9f1d13d3b0e68fb7942e1590afe

SHA512
4af9fa17d719419d8143673793029d15418bdfaa5bf3c1356db898d2387bdf58f1a3d546d5fee6bcdf8c7b7e6a9f46c035eee86cc34338b246273df5abc4ab2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe

Filesize
184KB

MD5
9e14d2e46c78253b69e298eaa917e423

SHA1
9514f2773fe8e6dc4a6b7f89cfb8ff098a0496e6

SHA256
c1813e87e9cf92c02dc125c1b8401f031097c940a83d9b9f23fb29b0c1633d56

SHA512
ae02427167710ca44f2d54753c53b4df080d24e8028a766bc14b27390d591e07012ea403b8a8b5ba361d9af93a25b2a70dd11aecb49fd76a75478e59c79110bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe

Filesize
184KB

MD5
8009f3238be017753aa34888f579a606

SHA1
1cf7970f6e1bf66ecce122eea9e6a23e329efaf5

SHA256
86f7301c085fe115467815da3935e9cc165765d87f830a59b092a12228c1a6ce

SHA512
b68f5eec944a3d8b68dbebc0c05e417c7cd12e474596eadbe0e296fc8fa0265791569de9cdc1497bbe38d33e46c69667a42904465ad18803461448593f4e65d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe

Filesize
184KB

MD5
3e3ae29b05935c26a6b5a68fec7e84ed

SHA1
634072147989a97354496540bbaa8ebd72b2d347

SHA256
11c7991894f27c7636861d17a73c7c09eaaebea622da9fe638cc7a609ef51c0f

SHA512
47c78296c5fe5e66178d81c6edc5f4fd272455cbe7174a95585df3633e14bed2d558b9760f01c2af87a1573bc2cdc39e8f5a38be5484be1bf9e2692f9399e605

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe

Filesize
184KB

MD5
6c0815faec49b825ca21cb9a2ce79017

SHA1
972eac4bd6b744020cfa8b02e7c2f306a36c0923

SHA256
59a47e0dc5e3962c6f2b0e359f03967a893b8ccd09618c834a8a98397589fa79

SHA512
eeda9035a8ef22a2e44d7238099ed80dfd72ec8b8309dfa2e01a1cfe265ad6bc9aabec691ee579d4afaf68df47165f5cb5f5e83ec54b1b6f203f355d0ab6b7d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe

Filesize
184KB

MD5
8d3dd1b860ff0244b2b4bcae71a54e31

SHA1
f3bb574bc9e7e1abf3935af0b4f521df8c0936ef

SHA256
26198f76026082f12e0e8ab920e634342f6c136a09ef8563cacaddd767ea6009

SHA512
91646fd750c78e75d8cb382a529f02f6f6c83f2749325b6b0edf8834ab1bce514b2106a46707316fb142ad1a16a22b63b39ef4c66aff17768b49463244aaf4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe

Filesize
184KB

MD5
592c9a55e46036c0f7c6f6c96d7f538c

SHA1
905b0a73b4be3e71d3bd964b34893babb219ce2d

SHA256
21e7a590e2869caf21439e7ddcf0001237cdbfc9990fa552190006ea435776ec

SHA512
3d25de030fa7cb20f235b521da7be2f621fb12bd5a5f2de6ae4fbeb2f98561571b3c1b98ebb5d513d33ea6fa8e5688cbd7ecfd16cdd11ec6b7f11a58a7adb3d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe

Filesize
184KB

MD5
8669ef0b375adfcbc6a5902c381d100c

SHA1
72bfd6841f735e15e9b25c353c0de3782048e341

SHA256
fd5d4cb56283d74dfab4c0e7a14dd7ac50fdf9b098851ebff26edfa68e727b2d

SHA512
b7e75f4261802e7703a319d9e7d489784c700dfefd7b591fdb958e7d87ab1d0e48472b839e96391ee7c83b1f82d818d0db1941ad2ffa845dc74a93a78b5c494b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe

Filesize
184KB

MD5
d09bbb354d0e004dcacc6c973195cc42

SHA1
cb8ab1c9d9773a89e043d7652e8187b073c8ba0a

SHA256
91d593763d40ae4b68832d06aa430fcd15e2c1ecb3b64bfd8cc6b1158cffd5b2

SHA512
393b9771d8961672d6ce57badbddf9fe22e4370037f367bd7538744e1302040445514d3b5b080f627b49abcd1525257ec0de956a00d695dc90c740e77b9ce41b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe

Filesize
184KB

MD5
415f58eeb179545c1f8aa8eb1b154807

SHA1
e54fbc29831be35dbe37b3de81bf9f87cf5fd9c3

SHA256
2061b03a76ef98e601ce9e4cbc11ff7d4d983c675e58f0530cf4b3086b54075e

SHA512
592b9d7e7f49eb7295d600b7bf8787a47e8cd9a7b11a6adbf838119309266b5e5c59004f33e00de783a00f51a8b816584dbfff363ccec2b291a7c4f60cdb11ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe

Filesize
184KB

MD5
68d0efd3e66ac7e060fa6e6972f0e931

SHA1
e3846270f84799bc8431fe660c6f49b48f65b7c7

SHA256
dfaaa34ffb133621a52a00a655485d6d387ded72f8dae5e3c0d6a9c7dbfc21ad

SHA512
4c745dbd5e9296667ed18cc3977cc10a6060f1295c6cd217eb50737c963b0cd139f6e443857fc5a0466bf0d73479ac0e90e2b1316f701a1358f2d4531f39ed88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe

Filesize
184KB

MD5
1d9d77af94a9bbcce8bc4e6f33d94ff2

SHA1
bab317618fb08478aba0b475ec3efc4a3e638135

SHA256
e63d8d72f0fe5812b4aa5caac83124cca952395cdc2247f4255f35f538900817

SHA512
96ce52d32e4b8f8cdf5974f84dd26740562a4e2c6f0e9783ce1d550572eec6fb0623604a8acf7dba435b35d5405b264df3670ab150904a1c91bcb6a49df7ee46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe

Filesize
184KB

MD5
31665aa990ca11a15b5ef029c841bdd6

SHA1
42c6f5a68221cf1df814dead1ab0034f8cfe0df2

SHA256
fa78f86c56283c1af7f6a30bd5839de9a69df31b7a46ba68ba20cf191782519f

SHA512
0dfa5538871670ccf41db10d5161c0b158d2ee351d46c069bf50f4fdc3fa5e7557348a2be2810b6ba16bd8ee0edfb2a8379a5a6e1831057c938d51e135e70317

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-427.exe

Filesize
184KB

MD5
d077c5404dd88153e1adeaebe1562751

SHA1
3d59a0ac6c04cd267c9a4f1cab4fc6ecee48cd45

SHA256
288e51754592da67b51bc5d77d09d5360833673a7aa4f9c7fbda0be2f41c00e1

SHA512
8f253ec16589b280601209a80a94de9a264f58f37521314395762d4148b2fc68705d485f39a2ba3bc9e2967c35d3eae40d003bf9314e711dc3260f82fc09ab8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe

Filesize
184KB

MD5
dc05e51813f991def370b9e5a28f9bdc

SHA1
6d5c988360cbdc7cbc6a77c5483e8f64e991d676

SHA256
c02fe1289b615f85dbe91920d85c094af2e28c6d8947f5d44c142acb57f2fe54

SHA512
a0d92536a25944f9a8d3d51a3159dfe0b13a044cfada4c48fc303f721ebe2fcf497ba50970f0a00c9b6b755fd6f192504cba80607d075dec1f0fb057b6c26681

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe

Filesize
184KB

MD5
0cd3c036ec1b3baace23cfde5db5ce96

SHA1
16c2d1d8aa947edc19724c260e3e0f28f1861d00

SHA256
129634e74b97d6c0cbe88a3a320b9e775b785277227e04166f0ca75c2bca7e2c

SHA512
9a0fa3bb2a195dc438aa9b62753ef4642d928a76e499d44508debf7d22927362ccfd79cd020adb0188bc24ce9832a24ac5064f03f6ccf98a01c893921829a7e4

Download Submit