972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
Size

184KB
MD5

d1652844c8237eaa74b7fb843550d4fb
SHA1

d37fbe726b8e8cced3efdc489a596a5f749ab1d5
SHA256

972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d
SHA512

9ca3b0ec69f8b485df24d8319fe8fff1175c36b4bb7986447f9073e64fb62ad90f3d9da221eaeba1da882908825e0f220cfa93d96af90325d7ca2a054ab4f983
SSDEEP

3072:Mff3HxoT7ZQ6jGQWeOOLR5jkhlnViF7n3:Mf5ou4GQ7LjjkhlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-18959.exeUnicorn-40497.exeUnicorn-60363.exeUnicorn-30017.exeUnicorn-60935.exeUnicorn-29720.exeUnicorn-34883.exeUnicorn-15017.exeUnicorn-7996.exeUnicorn-36070.exeUnicorn-55936.exeUnicorn-16371.exeUnicorn-63386.exeUnicorn-51949.exeUnicorn-26288.exeUnicorn-10034.exeUnicorn-24403.exeUnicorn-44269.exeUnicorn-29748.exeUnicorn-22061.exeUnicorn-41927.exeUnicorn-9856.exeUnicorn-21485.exeUnicorn-19125.exeUnicorn-43463.exeUnicorn-62684.exeUnicorn-33842.exeUnicorn-44423.exeUnicorn-63260.exeUnicorn-64760.exeUnicorn-64760.exeUnicorn-45471.exeUnicorn-60581.exeUnicorn-6097.exeUnicorn-25963.exeUnicorn-42216.exeUnicorn-26927.exeUnicorn-45864.exeUnicorn-32076.exeUnicorn-47213.exeUnicorn-33036.exeUnicorn-7633.exeUnicorn-27468.exeUnicorn-47265.exeUnicorn-1593.exeUnicorn-29475.exeUnicorn-49341.exeUnicorn-10638.exeUnicorn-6066.exeUnicorn-45948.exeUnicorn-2284.exeUnicorn-24546.exeUnicorn-46228.exeUnicorn-58413.exeUnicorn-58413.exeUnicorn-4505.exeUnicorn-58605.exeUnicorn-56337.exeUnicorn-39280.exeUnicorn-1625.exeUnicorn-9321.exeUnicorn-9321.exeUnicorn-2969.exeUnicorn-57069.exe

pid	process
2820	Unicorn-18959.exe
2748	Unicorn-40497.exe
2876	Unicorn-60363.exe
2664	Unicorn-30017.exe
2772	Unicorn-60935.exe
2540	Unicorn-29720.exe
2792	Unicorn-34883.exe
2788	Unicorn-15017.exe
1888	Unicorn-7996.exe
296	Unicorn-36070.exe
796	Unicorn-55936.exe
2244	Unicorn-16371.exe
2264	Unicorn-63386.exe
1864	Unicorn-51949.exe
664	Unicorn-26288.exe
1076	Unicorn-10034.exe
624	Unicorn-24403.exe
1392	Unicorn-44269.exe
1736	Unicorn-29748.exe
1456	Unicorn-22061.exe
1208	Unicorn-41927.exe
1016	Unicorn-9856.exe
344	Unicorn-21485.exe
1756	Unicorn-19125.exe
2560	Unicorn-43463.exe
2556	Unicorn-62684.exe
1820	Unicorn-33842.exe
1988	Unicorn-44423.exe
876	Unicorn-63260.exe
1424	Unicorn-64760.exe
324	Unicorn-64760.exe
2108	Unicorn-45471.exe
2716	Unicorn-60581.exe
2644	Unicorn-6097.exe
2524	Unicorn-25963.exe
3020	Unicorn-42216.exe
2528	Unicorn-26927.exe
2732	Unicorn-45864.exe
2928	Unicorn-32076.exe
1556	Unicorn-47213.exe
1912	Unicorn-33036.exe
2200	Unicorn-7633.exe
2440	Unicorn-27468.exe
2984	Unicorn-47265.exe
1264	Unicorn-1593.exe
2008	Unicorn-29475.exe
2028	Unicorn-49341.exe
2016	Unicorn-10638.exe
1624	Unicorn-6066.exe
2672	Unicorn-45948.exe
1212	Unicorn-2284.exe
1308	Unicorn-24546.exe
2308	Unicorn-46228.exe
984	Unicorn-58413.exe
2268	Unicorn-58413.exe
2092	Unicorn-4505.exe
2460	Unicorn-58605.exe
2196	Unicorn-56337.exe
1124	Unicorn-39280.exe
2688	Unicorn-1625.exe
2208	Unicorn-9321.exe
2480	Unicorn-9321.exe
2596	Unicorn-2969.exe
2956	Unicorn-57069.exe

Loads dropped DLL 64 IoCs

Processes:

972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exeUnicorn-18959.exeUnicorn-40497.exeUnicorn-60363.exeWerFault.exeUnicorn-60935.exeUnicorn-30017.exeUnicorn-29720.exeWerFault.exeWerFault.exeUnicorn-34883.exeUnicorn-15017.exeUnicorn-36070.exeUnicorn-7996.exeUnicorn-55936.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
2820	Unicorn-18959.exe
2820	Unicorn-18959.exe
2748	Unicorn-40497.exe
2748	Unicorn-40497.exe
2876	Unicorn-60363.exe
2876	Unicorn-60363.exe
2820	Unicorn-18959.exe
2820	Unicorn-18959.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
2876	Unicorn-60363.exe
2772	Unicorn-60935.exe
2772	Unicorn-60935.exe
2876	Unicorn-60363.exe
2664	Unicorn-30017.exe
2664	Unicorn-30017.exe
2748	Unicorn-40497.exe
2748	Unicorn-40497.exe
2540	Unicorn-29720.exe
2540	Unicorn-29720.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1532	WerFault.exe
1440	WerFault.exe
2792	Unicorn-34883.exe
2792	Unicorn-34883.exe
2772	Unicorn-60935.exe
2772	Unicorn-60935.exe
2788	Unicorn-15017.exe
2788	Unicorn-15017.exe
296	Unicorn-36070.exe
296	Unicorn-36070.exe
1888	Unicorn-7996.exe
1888	Unicorn-7996.exe
796	Unicorn-55936.exe
2664	Unicorn-30017.exe
796	Unicorn-55936.exe
2664	Unicorn-30017.exe
2540	Unicorn-29720.exe
2540	Unicorn-29720.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
3060	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1260	1936	WerFault.exe	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
1184	2820	WerFault.exe	Unicorn-18959.exe
1532	2748	WerFault.exe	Unicorn-40497.exe
1440	2876	WerFault.exe	Unicorn-60363.exe
692	2772	WerFault.exe	Unicorn-60935.exe
1176	2664	WerFault.exe	Unicorn-30017.exe
3060	2540	WerFault.exe	Unicorn-29720.exe
1648	2792	WerFault.exe	Unicorn-34883.exe
2936	2788	WerFault.exe	Unicorn-15017.exe
2760	296	WerFault.exe	Unicorn-36070.exe
2744	1888	WerFault.exe	Unicorn-7996.exe
2600	796	WerFault.exe	Unicorn-55936.exe
580	2244	WerFault.exe	Unicorn-16371.exe
644	1864	WerFault.exe	Unicorn-51949.exe
2304	2264	WerFault.exe	Unicorn-63386.exe
404	1076	WerFault.exe	Unicorn-10034.exe
2072	664	WerFault.exe	Unicorn-26288.exe
880	624	WerFault.exe	Unicorn-24403.exe
1628	1736	WerFault.exe	Unicorn-29748.exe
1672	1392	WerFault.exe	Unicorn-44269.exe
2416	1208	WerFault.exe	Unicorn-41927.exe
1296	1456	WerFault.exe	Unicorn-22061.exe
1516	1016	WerFault.exe	Unicorn-9856.exe
888	344	WerFault.exe	Unicorn-21485.exe
2212	1756	WerFault.exe	Unicorn-19125.exe
2780	2560	WerFault.exe	Unicorn-43463.exe
2856	1988	WerFault.exe	Unicorn-44423.exe
1500	876	WerFault.exe	Unicorn-63260.exe
640	1424	WerFault.exe	Unicorn-64760.exe
1552	2556	WerFault.exe	Unicorn-62684.exe
1596	1820	WerFault.exe	Unicorn-33842.exe
1600	2108	WerFault.exe	Unicorn-45471.exe
1448	324	WerFault.exe	Unicorn-64760.exe
3228	2644	WerFault.exe	Unicorn-6097.exe
3252	2524	WerFault.exe	Unicorn-25963.exe
3244	2716	WerFault.exe	Unicorn-60581.exe
3412	2928	WerFault.exe	Unicorn-32076.exe
3716	1624	WerFault.exe	Unicorn-6066.exe
3724	1556	WerFault.exe	Unicorn-47213.exe
3756	2028	WerFault.exe	Unicorn-49341.exe
3792	2528	WerFault.exe	Unicorn-26927.exe
3816	3020	WerFault.exe	Unicorn-42216.exe
3840	2672	WerFault.exe	Unicorn-45948.exe
3868	2732	WerFault.exe	Unicorn-45864.exe
3884	1212	WerFault.exe	Unicorn-2284.exe
3900	2984	WerFault.exe	Unicorn-47265.exe
3908	2016	WerFault.exe	Unicorn-10638.exe
3964	2200	WerFault.exe	Unicorn-7633.exe
4024	2440	WerFault.exe	Unicorn-27468.exe
4080	2480	WerFault.exe	Unicorn-9321.exe
4088	2460	WerFault.exe	Unicorn-58605.exe
3100	1264	WerFault.exe	Unicorn-1593.exe
3116	2008	WerFault.exe	Unicorn-29475.exe
3136	1912	WerFault.exe	Unicorn-33036.exe
3164	2308	WerFault.exe	Unicorn-46228.exe
3212	772	WerFault.exe	Unicorn-23694.exe
3236	2596	WerFault.exe	Unicorn-2969.exe
3272	536	WerFault.exe	Unicorn-3828.exe
3388	792	WerFault.exe	Unicorn-47697.exe
3520	984	WerFault.exe	Unicorn-58413.exe
3532	532	WerFault.exe	Unicorn-48115.exe
3588	2692	WerFault.exe	Unicorn-41619.exe
3656	2688	WerFault.exe	Unicorn-1625.exe
3972	2268	WerFault.exe	Unicorn-58413.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exeUnicorn-18959.exeUnicorn-60363.exeUnicorn-40497.exeUnicorn-60935.exeUnicorn-30017.exeUnicorn-29720.exeUnicorn-15017.exeUnicorn-34883.exeUnicorn-7996.exeUnicorn-36070.exeUnicorn-55936.exeUnicorn-16371.exeUnicorn-63386.exeUnicorn-51949.exeUnicorn-26288.exeUnicorn-10034.exeUnicorn-24403.exeUnicorn-29748.exeUnicorn-44269.exeUnicorn-22061.exeUnicorn-41927.exeUnicorn-9856.exeUnicorn-21485.exeUnicorn-19125.exeUnicorn-43463.exeUnicorn-62684.exeUnicorn-64760.exeUnicorn-33842.exeUnicorn-63260.exeUnicorn-44423.exeUnicorn-64760.exeUnicorn-45471.exeUnicorn-60581.exeUnicorn-6097.exeUnicorn-25963.exeUnicorn-26927.exeUnicorn-42216.exeUnicorn-45864.exeUnicorn-32076.exeUnicorn-47213.exeUnicorn-33036.exeUnicorn-7633.exeUnicorn-27468.exeUnicorn-47265.exeUnicorn-1593.exeUnicorn-29475.exeUnicorn-49341.exeUnicorn-10638.exeUnicorn-6066.exeUnicorn-45948.exeUnicorn-2284.exeUnicorn-24546.exeUnicorn-46228.exeUnicorn-58413.exeUnicorn-58413.exeUnicorn-4505.exeUnicorn-58605.exeUnicorn-56337.exeUnicorn-39280.exeUnicorn-1625.exeUnicorn-9321.exeUnicorn-9321.exeUnicorn-2969.exe

pid	process
1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
2820	Unicorn-18959.exe
2876	Unicorn-60363.exe
2748	Unicorn-40497.exe
2772	Unicorn-60935.exe
2664	Unicorn-30017.exe
2540	Unicorn-29720.exe
2788	Unicorn-15017.exe
2792	Unicorn-34883.exe
1888	Unicorn-7996.exe
296	Unicorn-36070.exe
796	Unicorn-55936.exe
2244	Unicorn-16371.exe
2264	Unicorn-63386.exe
1864	Unicorn-51949.exe
664	Unicorn-26288.exe
1076	Unicorn-10034.exe
624	Unicorn-24403.exe
1736	Unicorn-29748.exe
1392	Unicorn-44269.exe
1456	Unicorn-22061.exe
1208	Unicorn-41927.exe
1016	Unicorn-9856.exe
344	Unicorn-21485.exe
1756	Unicorn-19125.exe
2560	Unicorn-43463.exe
2556	Unicorn-62684.exe
1424	Unicorn-64760.exe
1820	Unicorn-33842.exe
876	Unicorn-63260.exe
1988	Unicorn-44423.exe
324	Unicorn-64760.exe
2108	Unicorn-45471.exe
2716	Unicorn-60581.exe
2644	Unicorn-6097.exe
2524	Unicorn-25963.exe
2528	Unicorn-26927.exe
3020	Unicorn-42216.exe
2732	Unicorn-45864.exe
2928	Unicorn-32076.exe
1556	Unicorn-47213.exe
1912	Unicorn-33036.exe
2200	Unicorn-7633.exe
2440	Unicorn-27468.exe
2984	Unicorn-47265.exe
1264	Unicorn-1593.exe
2008	Unicorn-29475.exe
2028	Unicorn-49341.exe
2016	Unicorn-10638.exe
1624	Unicorn-6066.exe
2672	Unicorn-45948.exe
1212	Unicorn-2284.exe
1308	Unicorn-24546.exe
2308	Unicorn-46228.exe
984	Unicorn-58413.exe
2268	Unicorn-58413.exe
2092	Unicorn-4505.exe
2460	Unicorn-58605.exe
2196	Unicorn-56337.exe
1124	Unicorn-39280.exe
2688	Unicorn-1625.exe
2208	Unicorn-9321.exe
2480	Unicorn-9321.exe
2596	Unicorn-2969.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exeUnicorn-18959.exeUnicorn-40497.exeUnicorn-60363.exeUnicorn-60935.exeUnicorn-30017.exeUnicorn-29720.exeUnicorn-34883.exe

description	pid	process	target process
PID 1936 wrote to memory of 2820	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-18959.exe
PID 1936 wrote to memory of 2820	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-18959.exe
PID 1936 wrote to memory of 2820	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-18959.exe
PID 1936 wrote to memory of 2820	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-18959.exe
PID 1936 wrote to memory of 2748	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-40497.exe
PID 1936 wrote to memory of 2748	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-40497.exe
PID 1936 wrote to memory of 2748	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-40497.exe
PID 1936 wrote to memory of 2748	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	Unicorn-40497.exe
PID 2820 wrote to memory of 2876	2820	Unicorn-18959.exe	Unicorn-60363.exe
PID 2820 wrote to memory of 2876	2820	Unicorn-18959.exe	Unicorn-60363.exe
PID 2820 wrote to memory of 2876	2820	Unicorn-18959.exe	Unicorn-60363.exe
PID 2820 wrote to memory of 2876	2820	Unicorn-18959.exe	Unicorn-60363.exe
PID 1936 wrote to memory of 1260	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	WerFault.exe
PID 1936 wrote to memory of 1260	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	WerFault.exe
PID 1936 wrote to memory of 1260	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	WerFault.exe
PID 1936 wrote to memory of 1260	1936	972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe	WerFault.exe
PID 2748 wrote to memory of 2664	2748	Unicorn-40497.exe	Unicorn-30017.exe
PID 2748 wrote to memory of 2664	2748	Unicorn-40497.exe	Unicorn-30017.exe
PID 2748 wrote to memory of 2664	2748	Unicorn-40497.exe	Unicorn-30017.exe
PID 2748 wrote to memory of 2664	2748	Unicorn-40497.exe	Unicorn-30017.exe
PID 2876 wrote to memory of 2772	2876	Unicorn-60363.exe	Unicorn-60935.exe
PID 2876 wrote to memory of 2772	2876	Unicorn-60363.exe	Unicorn-60935.exe
PID 2876 wrote to memory of 2772	2876	Unicorn-60363.exe	Unicorn-60935.exe
PID 2876 wrote to memory of 2772	2876	Unicorn-60363.exe	Unicorn-60935.exe
PID 2820 wrote to memory of 2540	2820	Unicorn-18959.exe	Unicorn-29720.exe
PID 2820 wrote to memory of 2540	2820	Unicorn-18959.exe	Unicorn-29720.exe
PID 2820 wrote to memory of 2540	2820	Unicorn-18959.exe	Unicorn-29720.exe
PID 2820 wrote to memory of 2540	2820	Unicorn-18959.exe	Unicorn-29720.exe
PID 2820 wrote to memory of 1184	2820	Unicorn-18959.exe	WerFault.exe
PID 2820 wrote to memory of 1184	2820	Unicorn-18959.exe	WerFault.exe
PID 2820 wrote to memory of 1184	2820	Unicorn-18959.exe	WerFault.exe
PID 2820 wrote to memory of 1184	2820	Unicorn-18959.exe	WerFault.exe
PID 2772 wrote to memory of 2792	2772	Unicorn-60935.exe	Unicorn-34883.exe
PID 2772 wrote to memory of 2792	2772	Unicorn-60935.exe	Unicorn-34883.exe
PID 2772 wrote to memory of 2792	2772	Unicorn-60935.exe	Unicorn-34883.exe
PID 2772 wrote to memory of 2792	2772	Unicorn-60935.exe	Unicorn-34883.exe
PID 2876 wrote to memory of 2788	2876	Unicorn-60363.exe	Unicorn-15017.exe
PID 2876 wrote to memory of 2788	2876	Unicorn-60363.exe	Unicorn-15017.exe
PID 2876 wrote to memory of 2788	2876	Unicorn-60363.exe	Unicorn-15017.exe
PID 2876 wrote to memory of 2788	2876	Unicorn-60363.exe	Unicorn-15017.exe
PID 2664 wrote to memory of 1888	2664	Unicorn-30017.exe	Unicorn-7996.exe
PID 2664 wrote to memory of 1888	2664	Unicorn-30017.exe	Unicorn-7996.exe
PID 2664 wrote to memory of 1888	2664	Unicorn-30017.exe	Unicorn-7996.exe
PID 2664 wrote to memory of 1888	2664	Unicorn-30017.exe	Unicorn-7996.exe
PID 2748 wrote to memory of 296	2748	Unicorn-40497.exe	Unicorn-36070.exe
PID 2748 wrote to memory of 296	2748	Unicorn-40497.exe	Unicorn-36070.exe
PID 2748 wrote to memory of 296	2748	Unicorn-40497.exe	Unicorn-36070.exe
PID 2748 wrote to memory of 296	2748	Unicorn-40497.exe	Unicorn-36070.exe
PID 2540 wrote to memory of 796	2540	Unicorn-29720.exe	Unicorn-55936.exe
PID 2540 wrote to memory of 796	2540	Unicorn-29720.exe	Unicorn-55936.exe
PID 2540 wrote to memory of 796	2540	Unicorn-29720.exe	Unicorn-55936.exe
PID 2540 wrote to memory of 796	2540	Unicorn-29720.exe	Unicorn-55936.exe
PID 2748 wrote to memory of 1532	2748	Unicorn-40497.exe	WerFault.exe
PID 2748 wrote to memory of 1532	2748	Unicorn-40497.exe	WerFault.exe
PID 2748 wrote to memory of 1532	2748	Unicorn-40497.exe	WerFault.exe
PID 2748 wrote to memory of 1532	2748	Unicorn-40497.exe	WerFault.exe
PID 2876 wrote to memory of 1440	2876	Unicorn-60363.exe	WerFault.exe
PID 2876 wrote to memory of 1440	2876	Unicorn-60363.exe	WerFault.exe
PID 2876 wrote to memory of 1440	2876	Unicorn-60363.exe	WerFault.exe
PID 2876 wrote to memory of 1440	2876	Unicorn-60363.exe	WerFault.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-34883.exe	Unicorn-16371.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-34883.exe	Unicorn-16371.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-34883.exe	Unicorn-16371.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-34883.exe	Unicorn-16371.exe

C:\Users\Admin\AppData\Local\Temp\972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe
"C:\Users\Admin\AppData\Local\Temp\972499d3e891a64e2dc9b0cdeaf947d620d2b89f9d21f661e2687af3974c6a9d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
9⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
11⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
12⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
13⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
14⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
15⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 236
15⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
14⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
13⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
12⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
11⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
10⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
9⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
9⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
10⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
12⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
13⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
14⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 236
14⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
13⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
10⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
9⤵
- Program crash
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
8⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
9⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
11⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
12⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
13⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
14⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
15⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
15⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
14⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
13⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
12⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
11⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
10⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
11⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
12⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
13⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
14⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
14⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 236
13⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
12⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
11⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
11⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
12⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
13⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
14⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 236
14⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
13⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
12⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
11⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
10⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
9⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
10⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
12⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
13⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
14⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 236
14⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
13⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
12⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
11⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
9⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
8⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
7⤵
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-2284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2284.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
9⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
11⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
12⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
13⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
14⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
15⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
15⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
14⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
13⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
12⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
11⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
11⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
12⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
13⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
14⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 236
14⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
13⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
12⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
11⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
10⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
9⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
8⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
11⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
12⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
13⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
14⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
14⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
12⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
11⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
9⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
8⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
8⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
10⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
11⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
12⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
13⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
14⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
13⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 236
12⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
10⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
12⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
13⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
14⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
13⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
12⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
11⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 236
10⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
7⤵
- Program crash
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
6⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
9⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
10⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 220
11⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
10⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
8⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
10⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 220
11⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
8⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
7⤵
- Program crash
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
8⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
11⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
13⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11368 -s 200
14⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 220
13⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
12⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
9⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
8⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
7⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
10⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 224
12⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
11⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
10⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
8⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
7⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
6⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
9⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
10⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
11⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
12⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
13⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
14⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
14⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 236
13⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
12⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
11⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
10⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
9⤵
- Program crash
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
8⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
11⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
12⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
13⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 236
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
8⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
8⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
11⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 220
12⤵
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 216
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
8⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
7⤵
- Program crash
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
8⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
10⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
11⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37809.exe
12⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
13⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
13⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
11⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
9⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
8⤵
- Program crash
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
7⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 188
11⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
10⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 220
7⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
6⤵
- Program crash
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
8⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
10⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
11⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
12⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
13⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
14⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 236
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
12⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 236
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
10⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
9⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 216
8⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
7⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
11⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
12⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 236
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 236
10⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
8⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
7⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
8⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
9⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
10⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
11⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
12⤵
PID:11432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
13⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 236
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
9⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
7⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
6⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
5⤵
- Program crash
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
9⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
10⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
11⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
12⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
13⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
14⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 236
14⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
13⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
12⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
11⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
11⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
12⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
13⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
8⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
11⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
12⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
13⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 236
13⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
8⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
7⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
8⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
12⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
13⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
14⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 236
13⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
8⤵
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 220
7⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
7⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
8⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
11⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
12⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
13⤵
PID:11564

C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
14⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
13⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 220
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 236
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 216
9⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
8⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62467.exe
7⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
11⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11668 -s 188
13⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 220
12⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
8⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
7⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
6⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
7⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
8⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
12⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
13⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-5570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5570.exe
14⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 236
13⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 236
12⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
11⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 216
9⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 216
8⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
7⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
8⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 220
9⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
8⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
7⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
6⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
7⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
10⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
11⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
12⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
13⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 236
11⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
7⤵
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
6⤵
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
5⤵
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
7⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
8⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
9⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
11⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
12⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-50821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50821.exe
13⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
14⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
13⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 236
12⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 236
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 216
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 216
9⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 216
8⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
7⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
10⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
11⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
8⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
7⤵
- Program crash
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
6⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
7⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
10⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
11⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
12⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
13⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 236
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 236
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
10⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
8⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
7⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
6⤵
- Program crash
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
6⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
7⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
9⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
10⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
11⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
8⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
9⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
10⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
11⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
10⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
9⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 220
7⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
6⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
7⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 240
9⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
8⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
5⤵
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-37486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37486.exe
9⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
11⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
12⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
13⤵
PID:9284

C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
14⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
15⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 216
14⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
13⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
11⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
10⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
8⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
11⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
12⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
13⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 236
12⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 236
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 220
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
8⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
12⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
13⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
13⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 236
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
9⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
8⤵
- Program crash
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-57069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57069.exe
7⤵
- Executes dropped EXE
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
8⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
11⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
12⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 236
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 216
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
7⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
11⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
13⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
8⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
7⤵
- Program crash
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
6⤵
- Program crash
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
6⤵
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
6⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
5⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-24403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24403.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
6⤵
- Program crash
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
5⤵
- Program crash
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-1593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1593.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
7⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
8⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
10⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
11⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
12⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
13⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
14⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
13⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
12⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
11⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
9⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
10⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
11⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
12⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 236
12⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
11⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
10⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
8⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
7⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
6⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
12⤵
PID:12076

C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
12⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 220
12⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
7⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
8⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
9⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
10⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
11⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
12⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 236
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
9⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
8⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
7⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
6⤵
- Program crash
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
6⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
7⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
11⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
12⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
13⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
12⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
11⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
7⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
6⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
7⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
8⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
9⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
10⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
11⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
10⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
9⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
8⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
7⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
5⤵
- Program crash
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
5⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
6⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
7⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
9⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
10⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34617.exe
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
10⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
8⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
7⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
6⤵
- Program crash
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 216
5⤵
- Program crash
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
4⤵
- Program crash
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
2⤵
- Program crash
PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe

Filesize
184KB

MD5
88d236f141e38b08e3f71b79185a8fb3

SHA1
3da00bf1ec48789044bc9e11cedc24b1594b5970

SHA256
b747a1ed2d4d2d12683a1ebacfc43f791b5fae6b850721d992db9c178d0a6a24

SHA512
a09cf2a4f7c08801a9da4cab4066732a74d7b924eab75f9deca5714bb81506ae4078504ad222bb960638091026ccdb8d1a50be007e1dd3481a7be7ed63cd84c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe

Filesize
184KB

MD5
1dcd67c25129c794bb882d87da22894b

SHA1
2962387f7780844e0818bc113a333b0d79280902

SHA256
b5e820bdb4c15a8e4619993e35f5c7b7203350b39b7e80bb8a95e198e39dca2e

SHA512
8fe1df073db828e8fd1bbfeac1f8beb76b52c41401b6918de8ea6f92cc8ec62df2b748a5b0716bbc41ed76a57b42f8161f2f45d739b733beb63cd3a175ea8a0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe

Filesize
184KB

MD5
bc4a809fa84374296b899c7be995f62c

SHA1
fa57a66038127a5d589df6d3bde8a3721e701ce1

SHA256
cc83d6f2f01435869d54a296d148daacfab65a865113c9095401f9aea9cf17aa

SHA512
d1502e7e96b2e44d1e1005e3aabad1aa17630d0b3e5cf0d4a1abcc2084e10c27ee02f62b638bbafa337622b1cd044b716a567c0d7f3f8e5a2ca5921854853270

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe

Filesize
184KB

MD5
209ecb364296cb3b400a6db7383bd604

SHA1
071e6fd56edbf8288561bd7c37dfd9bfef56b457

SHA256
a7e5819aee22706c2dbd51d5a5d06819a92bcccc013e6291e25f5bf8597d0faf

SHA512
04642bda6ebe5db8b1513e45ce84fed743dcc6d09e1b4c046be765618f5bb7d721d3192d09189d0b1531154cd1060f0270bfaa25a5c67d3f70f9061b9b9c9d20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe

Filesize
184KB

MD5
57690c0a1b4028a6a2ac2e03d2f63d8b

SHA1
0c2c9e9dce45eaad849840166547fdc6f3925976

SHA256
d37390661e263a15cc21a6d1ed67b2ff0190980275c2303b70276c54ad74362c

SHA512
f6bd63bc4cd414c724f6d60baed46887a69c9c014902a41f3891c169814e9091e7e302a349bf2bfda60e5dc2e5bb8630fed512cd513c925c629476123071c125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe

Filesize
184KB

MD5
83e6fdcc32add20191d86b651460cd15

SHA1
0de93b9a1a500bce86a4a1c7bb317955a836d18f

SHA256
a2eb986d469dbbee5886a6f5f189279b328d12a3ec00344b6bc859ea5dc18293

SHA512
1e390e7e624dae4f80df4c9ef997a4195a13710d0e7f4e8f41b87d33faa41b4d72037ce5b61384514e465c9e1a8f3d09f3f9d87608bc9c13a508f7ddb3df5e30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe

Filesize
184KB

MD5
e24e6362cd53f06af7bc939d24bd9bfc

SHA1
0eb88fefd873a1bc1d47c638ab11014244843ec6

SHA256
56117462dc8842cfa490fc9e2b4988897be118b5f21588ba3e33c6e4fab29146

SHA512
f59e8030c5bc96438afc5fe06161420dec4acd250d0e955c215599655f383d3c2695ac9306ff7f94b1d2c4983ea2e55591a0873f35b936518dca76469810a8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe

Filesize
184KB

MD5
8eab656a8345c35f2e0d917bee3593e6

SHA1
f99f7dd9dc938b4203a039b3b3f0a8979f0feb77

SHA256
714df2d0d3bce6977e21d209bcfefd28289b979c76f52ae00b56b543762eeef6

SHA512
f23f388ace8a18cdab9a44fda5935d50073e10b58d25c81a9c33688ae54b28a186c2540454639b1488286081eae6e555e5479580cf1e627cdfc2bec79cdd2752

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe

Filesize
184KB

MD5
cb15c5bdd7013f0d26bc2e2d170023d0

SHA1
71029a67760c13e2e92799504fcaaac0c291a708

SHA256
6b327979f6e58a577ac412a53bda4e3e6d6607381ca2f9929c75b4d72e2b70e7

SHA512
42e1637f6f9b55192e3d374c8af730e9b4e27c7d589fbfd06d216df117022ceb82a48995d63dfd0e6c28a929154819e77a0e709b11cbbd70c0e519fa44126a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe

Filesize
184KB

MD5
00b45db277b53dcafb36df40f0cdcd33

SHA1
e1173f411b9c45c0b1fd36387bbf137d7bb93c78

SHA256
7d40879c36adfcf8cb765d2b1d3cce77ba627e54a32643111bab4ffd4939fc07

SHA512
195e42bd004d8534ec109eb7861615884e9e9a266eacf28466f9c7c9f41d32cc9f1a8fefa2df52fd01f0b6e91f99d469c82d150b9a01b8770ee41d82fb2d4ae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe

Filesize
184KB

MD5
4ea81292c1f7b096628db3f4041130ac

SHA1
900905c4d6637919dfa45a3021872e1ba7405d5c

SHA256
c28d8861c377454f209f75993b3f9a4ba7e49fe120052e1b8b7b40f4b43db45e

SHA512
f00255642caffcfae44c03d2e9af54a10bb0a886968a6367c0220b51107a0150d1ca4d3e1af37575dd818fd043448859d192562f76d2034c847648cccb38c6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe

Filesize
184KB

MD5
c2e65870f55990eef23b6270521bda44

SHA1
b549c7a3c81a8d8b32305f9db3aeb77eb8fedda8

SHA256
3c7b17a937e631bfceb3f961056cd93f69c34f34a44fef7b90159d428f0cdf4c

SHA512
91352ea536b1e3e22a309f48604bbe8ee4254dfa34bd774b5f50ce0ce007842bd40005faea0ad81d1d63260f72bc3d712402addf4e9c56caf5fba64d8433cb10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe

Filesize
184KB

MD5
f6a98582c08b5f6613f0517bb766857d

SHA1
e9b09c0a9fde24d2826c443733e1b190dc54eae3

SHA256
b9eb8b6299eb23030ab074f81e6719803878e01e00355f12fe4321da09882a9f

SHA512
026dd1d2342b03baac07ba79826f8c7a79b59bd7e5d1d5afa95f15d2d2524adc0c6ab6d54d052da3a7c05326efb8b7decfc30817bbdcba6e199fdb153e030b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe

Filesize
184KB

MD5
0e28f81e1d519763df60bdaa64490392

SHA1
eb0deae52d546483519baacf1e57af7e7d3de8bd

SHA256
504e756755d416c4f2d7e44c017a8e72fe740dde1d1486425bee6455cd01a3d2

SHA512
08b4d5c9f196dc2b437f10fccd5b7c14740134bb6287a301610463465ee32b2fbc2db7472786a071a15d191337f835aea407fd1fc02cd8192e7b4d70c977f260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe

Filesize
184KB

MD5
7be5a8825407e255e3c106cc18f15275

SHA1
3a37d8069a360c70059df73b677cce078e6d38c1

SHA256
8ad1981a30ec0abe99969a83a84b4c5a376f7314dc3a176c1bd5e925e233b157

SHA512
9ee50e83d92bc17576568725af6bb267d5d02f3db2e0a35b0f14e822e7efacc021c1b1a36396e81a934f9cdf84a1e919411c18b295caf02875af9a287a5d7675

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe

Filesize
184KB

MD5
2ff9f8504f146f9f6bbf41c344b5f49c

SHA1
5dc562ebf93054a143ffc7874124282554a8c8ce

SHA256
ed5f2061082e2ef644d420cc4146ce95f60d2ba95d3697582d4b851ed68835db

SHA512
6d495e7ba965a4aa1d2feb513125d730cc9cf2cdc3d30e6070aaef66f6c7d52d7b1d6d95f3441f3356886504bee6f9745e9f02f5936e0d4b1d891d0cece85381

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe

Filesize
184KB

MD5
a9f33f8b1f32e36ef08b267d2fcbfe7c

SHA1
7ca97684ed644d73be27b2387c5976303ebb2878

SHA256
c72a5c9fcb26af0e5e3c6432445c6bcf6f140e48272ee76da0a6adb1de0a19b8

SHA512
b99af7a662f225ed8b8bdbb495ae83e27a73022f39bd2c9289bf8ea7d8e45b1ba6f78f698c4b3d5851558e13708e39e0c78b190154c300b007f2f891b58aefcc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe

Filesize
184KB

MD5
d1d11c6be18eafcab84e48c912c90409

SHA1
9f0259a863b4dc4e2f96bd73b81825845d03ea23

SHA256
7a18e008f05af9a961b679d52af86008cba3b826b7fd64498887506ad862a494

SHA512
cca218a009f7000fcf580cf66255ea62288934a10e78baf047d0b5c4d7e0418332de489d924a0fef46210ebc66cb1b392d7c8f2f48512b904d9dd3ec70201e04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe

Filesize
184KB

MD5
6ababa0b7a792ca548f60c6952f5dd72

SHA1
4c5fa17d2b6d19825c6b0c5aca3ec32ed2dbce93

SHA256
5e59fd5a8d0ec43002e47f30e32dce91f8e91243493d5fb03134dbb2dd982644

SHA512
c8e5f3035105ff14201f8270bbeac94ca953e5faf6cd41645e55b7fa571b705d3717daddabba61fc3e0df982ad617a8dabe481a58ee5b70d9d03f69cedcc195d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe

Filesize
184KB

MD5
7d6b8ea88c3af2802db07b21c99471c9

SHA1
723ab1b7fdd285f221ce94380d4e12b1a9a670c0

SHA256
9f16046eb0d8f95e22c304eb1e9f57ac1c411e73ef4b9df995ff377026737fa2

SHA512
120547d241c79673afea840c1d84d6674374646ffbef61502b84900e877c4c3d6730a776db587627ac04be7070abe13c883c8e544bd294b95b3cf6927ef1032f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe

Filesize
184KB

MD5
845846465945846bfc8ed575f2d2dac6

SHA1
6565aa9f6b5d7a77844cf43e3aa2f8a83c6299e8

SHA256
5cc89f4c3e5bb0be45cee560689e4287cdf24d8e9740d2c62b49fd053ee5a325

SHA512
0bb94e6e09a95570dcef780f6f3ea75fb9858624509e7d4e728913f43b41189b32357ff08624eb26564ced3a4b53b8800fc411d3cfe8f08f5bb0aff106f7ea13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe

Filesize
184KB

MD5
0ab4407e4acdd70aaee99b0d7aa305a1

SHA1
bb0b125c631a8c90e4040fb31c5edce5fb3a1eed

SHA256
0e77e76f5aaf19ea9d0e0c95e970bb4184bfe38ea261e6fad4494868bfca5cbd

SHA512
d790dfc74c8c305edab8331fab10f6d8d0ae561e1734e8ca77017839cc5efd9f68d74dfa6e9ee678769a4ba8361d51f03a0dc7836bc1a8afcbae7051ebe5a991

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe

Filesize
184KB

MD5
a8874dc6766b03dc76db1c3242617a65

SHA1
85dff3d5a181267e4ef782b89f20d42fbdbf57e4

SHA256
dbe630e27268d444978b4c7550d8713ef62fde40f183bc24be732a41dde869ee

SHA512
9d4f334e59f9e3ae1b08d0d4252952197b444a8aa9459f2161e4af06e5c4b11b46269cb07d4b34f6c48ba13dad724303cc7ead0fbbed85ed793a71f780d2b493

Download Submit