96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
Size

184KB
MD5

a241f45f90a596ed523871360a674c45
SHA1

60eabe5aea066ccf0c714d9d3c20512ca01fa962
SHA256

96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768
SHA512

920dfe916a62e30bf83e32d8220027207a799a08903c1003d90697c9db954d3ad36aef1b3fbf40f96acc7aa53d32d3d2a53375ac9a04776c007d91639f06aa80
SSDEEP

3072:+JZzOfoT7JOdjAAWenHLwwshhlnViFdns:+JMoAFAAdLtshhlnViFd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-52567.exeUnicorn-50905.exeUnicorn-31039.exeUnicorn-24277.exeUnicorn-59279.exeUnicorn-56767.exeUnicorn-2832.exeUnicorn-60497.exeUnicorn-5245.exeUnicorn-40631.exeUnicorn-42900.exeUnicorn-786.exeUnicorn-34096.exeUnicorn-16848.exeUnicorn-45498.exeUnicorn-22416.exeUnicorn-35353.exeUnicorn-19920.exeUnicorn-30972.exeUnicorn-43029.exeUnicorn-40184.exeUnicorn-13070.exeUnicorn-52162.exeUnicorn-27596.exeUnicorn-50834.exeUnicorn-14523.exeUnicorn-65307.exeUnicorn-62463.exeUnicorn-16792.exeUnicorn-62811.exeUnicorn-12411.exeUnicorn-34382.exeUnicorn-63224.exeUnicorn-17361.exeUnicorn-26702.exeUnicorn-6836.exeUnicorn-9872.exeUnicorn-9680.exeUnicorn-35450.exeUnicorn-62145.exeUnicorn-50708.exeUnicorn-29411.exeUnicorn-29411.exeUnicorn-52052.exeUnicorn-62337.exeUnicorn-45472.exeUnicorn-60609.exeUnicorn-49172.exeUnicorn-8009.exeUnicorn-60794.exeUnicorn-15122.exeUnicorn-14162.exeUnicorn-35792.exeUnicorn-28863.exeUnicorn-5833.exeUnicorn-16886.exeUnicorn-49689.exeUnicorn-49689.exeUnicorn-49689.exeUnicorn-27327.exeUnicorn-27327.exeUnicorn-37925.exeUnicorn-54946.exeUnicorn-29669.exe

pid	process
1520	Unicorn-52567.exe
2236	Unicorn-50905.exe
2992	Unicorn-31039.exe
2432	Unicorn-24277.exe
2584	Unicorn-59279.exe
2560	Unicorn-56767.exe
1952	Unicorn-2832.exe
2720	Unicorn-60497.exe
1944	Unicorn-5245.exe
2756	Unicorn-40631.exe
2700	Unicorn-42900.exe
1320	Unicorn-786.exe
2920	Unicorn-34096.exe
2940	Unicorn-16848.exe
2604	Unicorn-45498.exe
2300	Unicorn-22416.exe
780	Unicorn-35353.exe
996	Unicorn-19920.exe
940	Unicorn-30972.exe
2128	Unicorn-43029.exe
1384	Unicorn-40184.exe
1200	Unicorn-13070.exe
820	Unicorn-52162.exe
1988	Unicorn-27596.exe
1568	Unicorn-50834.exe
2964	Unicorn-14523.exe
1668	Unicorn-65307.exe
1312	Unicorn-62463.exe
1736	Unicorn-16792.exe
1672	Unicorn-62811.exe
2848	Unicorn-12411.exe
2664	Unicorn-34382.exe
2452	Unicorn-63224.exe
2328	Unicorn-17361.exe
2536	Unicorn-26702.exe
2440	Unicorn-6836.exe
2908	Unicorn-9872.exe
2736	Unicorn-9680.exe
2760	Unicorn-35450.exe
2696	Unicorn-62145.exe
1104	Unicorn-50708.exe
1956	Unicorn-29411.exe
840	Unicorn-29411.exe
2904	Unicorn-52052.exe
1628	Unicorn-62337.exe
764	Unicorn-45472.exe
2520	Unicorn-60609.exe
2928	Unicorn-49172.exe
2280	Unicorn-8009.exe
2288	Unicorn-60794.exe
1756	Unicorn-15122.exe
924	Unicorn-14162.exe
1776	Unicorn-35792.exe
2368	Unicorn-28863.exe
564	Unicorn-5833.exe
2020	Unicorn-16886.exe
1584	Unicorn-49689.exe
1596	Unicorn-49689.exe
1588	Unicorn-49689.exe
2224	Unicorn-27327.exe
2096	Unicorn-27327.exe
2448	Unicorn-37925.exe
2672	Unicorn-54946.exe
2444	Unicorn-29669.exe

Loads dropped DLL 64 IoCs

Processes:

96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exeUnicorn-52567.exeUnicorn-50905.exeUnicorn-31039.exeWerFault.exeUnicorn-56767.exeUnicorn-24277.exeUnicorn-59279.exeWerFault.exeWerFault.exeUnicorn-2832.exeUnicorn-60497.exeUnicorn-5245.exeUnicorn-40631.exeUnicorn-42900.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
1520	Unicorn-52567.exe
1520	Unicorn-52567.exe
1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
2236	Unicorn-50905.exe
2992	Unicorn-31039.exe
2236	Unicorn-50905.exe
2992	Unicorn-31039.exe
1520	Unicorn-52567.exe
1520	Unicorn-52567.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2560	Unicorn-56767.exe
2560	Unicorn-56767.exe
2432	Unicorn-24277.exe
2992	Unicorn-31039.exe
2432	Unicorn-24277.exe
2992	Unicorn-31039.exe
2236	Unicorn-50905.exe
2236	Unicorn-50905.exe
2584	Unicorn-59279.exe
2584	Unicorn-59279.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
1952	Unicorn-2832.exe
1952	Unicorn-2832.exe
2560	Unicorn-56767.exe
2560	Unicorn-56767.exe
2720	Unicorn-60497.exe
2720	Unicorn-60497.exe
2432	Unicorn-24277.exe
2432	Unicorn-24277.exe
1944	Unicorn-5245.exe
1944	Unicorn-5245.exe
2756	Unicorn-40631.exe
2756	Unicorn-40631.exe
2700	Unicorn-42900.exe
2700	Unicorn-42900.exe
2584	Unicorn-59279.exe
2584	Unicorn-59279.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
664	WerFault.exe
664	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
664	WerFault.exe
1936	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2652	1632	WerFault.exe	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
2896	1520	WerFault.exe	Unicorn-52567.exe
1796	2236	WerFault.exe	Unicorn-50905.exe
2400	2992	WerFault.exe	Unicorn-31039.exe
1816	2560	WerFault.exe	Unicorn-56767.exe
664	2432	WerFault.exe	Unicorn-24277.exe
1936	2584	WerFault.exe	Unicorn-59279.exe
1572	2920	WerFault.exe	Unicorn-34096.exe
1968	1952	WerFault.exe	Unicorn-2832.exe
2788	2720	WerFault.exe	Unicorn-60497.exe
2996	1944	WerFault.exe	Unicorn-5245.exe
2552	2756	WerFault.exe	Unicorn-40631.exe
2620	2700	WerFault.exe	Unicorn-42900.exe
2252	1668	WerFault.exe	Unicorn-65307.exe
688	1320	WerFault.exe	Unicorn-786.exe
1092	2940	WerFault.exe	Unicorn-16848.exe
1496	2604	WerFault.exe	Unicorn-45498.exe
816	2300	WerFault.exe	Unicorn-22416.exe
3052	780	WerFault.exe	Unicorn-35353.exe
1140	940	WerFault.exe	Unicorn-30972.exe
2004	996	WerFault.exe	Unicorn-19920.exe
2820	2128	WerFault.exe	Unicorn-43029.exe
2076	1200	WerFault.exe	Unicorn-13070.exe
1148	1384	WerFault.exe	Unicorn-40184.exe
2524	820	WerFault.exe	Unicorn-52162.exe
400	1988	WerFault.exe	Unicorn-27596.exe
964	2848	WerFault.exe	Unicorn-12411.exe
3040	1736	WerFault.exe	Unicorn-16792.exe
1548	1312	WerFault.exe	Unicorn-62463.exe
2956	2964	WerFault.exe	Unicorn-14523.exe
2856	1568	WerFault.exe	Unicorn-50834.exe
2192	1672	WerFault.exe	Unicorn-62811.exe
1696	2664	WerFault.exe	Unicorn-34382.exe
2464	2328	WerFault.exe	Unicorn-17361.exe
2676	2696	WerFault.exe	Unicorn-62145.exe
3152	1104	WerFault.exe	Unicorn-50708.exe
3144	840	WerFault.exe	Unicorn-29411.exe
3136	1628	WerFault.exe	Unicorn-62337.exe
3128	2904	WerFault.exe	Unicorn-52052.exe
3232	2280	WerFault.exe	Unicorn-8009.exe
3268	2928	WerFault.exe	Unicorn-49172.exe
3468	764	WerFault.exe	Unicorn-45472.exe
3476	2452	WerFault.exe	Unicorn-63224.exe
3500	2908	WerFault.exe	Unicorn-9872.exe
3540	2440	WerFault.exe	Unicorn-6836.exe
3880	2536	WerFault.exe	Unicorn-26702.exe
3872	2288	WerFault.exe	Unicorn-60794.exe
3704	924	WerFault.exe	Unicorn-14162.exe
3740	564	WerFault.exe	Unicorn-5833.exe
3752	2736	WerFault.exe	Unicorn-9680.exe
3764	2096	WerFault.exe	Unicorn-27327.exe
3796	2020	WerFault.exe	Unicorn-16886.exe
3820	1956	WerFault.exe	Unicorn-29411.exe
3868	2448	WerFault.exe	Unicorn-37925.exe
3952	1584	WerFault.exe	Unicorn-49689.exe
4008	2672	WerFault.exe	Unicorn-54946.exe
4016	1576	WerFault.exe	Unicorn-47266.exe
4032	1596	WerFault.exe	Unicorn-49689.exe
3112	884	WerFault.exe	Unicorn-42885.exe
3176	2444	WerFault.exe	Unicorn-29669.exe
3184	1040	WerFault.exe	Unicorn-2329.exe
3996	1756	WerFault.exe	Unicorn-15122.exe
3444	2748	WerFault.exe	Unicorn-42885.exe
4068	2688	WerFault.exe	Unicorn-16606.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exeUnicorn-52567.exeUnicorn-50905.exeUnicorn-31039.exeUnicorn-59279.exeUnicorn-24277.exeUnicorn-56767.exeUnicorn-2832.exeUnicorn-60497.exeUnicorn-5245.exeUnicorn-40631.exeUnicorn-42900.exeUnicorn-786.exeUnicorn-34096.exeUnicorn-16848.exeUnicorn-45498.exeUnicorn-22416.exeUnicorn-35353.exeUnicorn-19920.exeUnicorn-30972.exeUnicorn-43029.exeUnicorn-40184.exeUnicorn-13070.exeUnicorn-52162.exeUnicorn-27596.exeUnicorn-50834.exeUnicorn-14523.exeUnicorn-65307.exeUnicorn-62463.exeUnicorn-16792.exeUnicorn-12411.exeUnicorn-62811.exeUnicorn-34382.exeUnicorn-63224.exeUnicorn-17361.exeUnicorn-6836.exeUnicorn-26702.exeUnicorn-9872.exeUnicorn-9680.exeUnicorn-62145.exeUnicorn-29411.exeUnicorn-50708.exeUnicorn-29411.exeUnicorn-52052.exeUnicorn-62337.exeUnicorn-60609.exeUnicorn-45472.exeUnicorn-49172.exeUnicorn-8009.exeUnicorn-60794.exeUnicorn-15122.exeUnicorn-14162.exeUnicorn-35792.exeUnicorn-28863.exeUnicorn-5833.exeUnicorn-16886.exeUnicorn-49689.exeUnicorn-49689.exeUnicorn-49689.exeUnicorn-27327.exeUnicorn-27327.exeUnicorn-37925.exeUnicorn-54946.exeUnicorn-29669.exe

pid	process
1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
1520	Unicorn-52567.exe
2236	Unicorn-50905.exe
2992	Unicorn-31039.exe
2584	Unicorn-59279.exe
2432	Unicorn-24277.exe
2560	Unicorn-56767.exe
1952	Unicorn-2832.exe
2720	Unicorn-60497.exe
1944	Unicorn-5245.exe
2756	Unicorn-40631.exe
2700	Unicorn-42900.exe
1320	Unicorn-786.exe
2920	Unicorn-34096.exe
2940	Unicorn-16848.exe
2604	Unicorn-45498.exe
2300	Unicorn-22416.exe
780	Unicorn-35353.exe
996	Unicorn-19920.exe
940	Unicorn-30972.exe
2128	Unicorn-43029.exe
1384	Unicorn-40184.exe
1200	Unicorn-13070.exe
820	Unicorn-52162.exe
1988	Unicorn-27596.exe
1568	Unicorn-50834.exe
2964	Unicorn-14523.exe
1668	Unicorn-65307.exe
1312	Unicorn-62463.exe
1736	Unicorn-16792.exe
2848	Unicorn-12411.exe
1672	Unicorn-62811.exe
2664	Unicorn-34382.exe
2452	Unicorn-63224.exe
2328	Unicorn-17361.exe
2440	Unicorn-6836.exe
2536	Unicorn-26702.exe
2908	Unicorn-9872.exe
2736	Unicorn-9680.exe
2696	Unicorn-62145.exe
840	Unicorn-29411.exe
1104	Unicorn-50708.exe
1956	Unicorn-29411.exe
2904	Unicorn-52052.exe
1628	Unicorn-62337.exe
2520	Unicorn-60609.exe
764	Unicorn-45472.exe
2928	Unicorn-49172.exe
2280	Unicorn-8009.exe
2288	Unicorn-60794.exe
1756	Unicorn-15122.exe
924	Unicorn-14162.exe
1776	Unicorn-35792.exe
2368	Unicorn-28863.exe
564	Unicorn-5833.exe
2020	Unicorn-16886.exe
1588	Unicorn-49689.exe
1596	Unicorn-49689.exe
1584	Unicorn-49689.exe
2224	Unicorn-27327.exe
2096	Unicorn-27327.exe
2448	Unicorn-37925.exe
2672	Unicorn-54946.exe
2444	Unicorn-29669.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exeUnicorn-52567.exeUnicorn-50905.exeUnicorn-31039.exeUnicorn-56767.exeUnicorn-24277.exeUnicorn-59279.exeUnicorn-2832.exe

description	pid	process	target process
PID 1632 wrote to memory of 1520	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-52567.exe
PID 1632 wrote to memory of 1520	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-52567.exe
PID 1632 wrote to memory of 1520	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-52567.exe
PID 1632 wrote to memory of 1520	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-52567.exe
PID 1520 wrote to memory of 2236	1520	Unicorn-52567.exe	Unicorn-50905.exe
PID 1520 wrote to memory of 2236	1520	Unicorn-52567.exe	Unicorn-50905.exe
PID 1520 wrote to memory of 2236	1520	Unicorn-52567.exe	Unicorn-50905.exe
PID 1520 wrote to memory of 2236	1520	Unicorn-52567.exe	Unicorn-50905.exe
PID 1632 wrote to memory of 2992	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-31039.exe
PID 1632 wrote to memory of 2992	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-31039.exe
PID 1632 wrote to memory of 2992	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-31039.exe
PID 1632 wrote to memory of 2992	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	Unicorn-31039.exe
PID 1632 wrote to memory of 2652	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	WerFault.exe
PID 1632 wrote to memory of 2652	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	WerFault.exe
PID 1632 wrote to memory of 2652	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	WerFault.exe
PID 1632 wrote to memory of 2652	1632	96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe	WerFault.exe
PID 2236 wrote to memory of 2432	2236	Unicorn-50905.exe	Unicorn-24277.exe
PID 2236 wrote to memory of 2432	2236	Unicorn-50905.exe	Unicorn-24277.exe
PID 2236 wrote to memory of 2432	2236	Unicorn-50905.exe	Unicorn-24277.exe
PID 2236 wrote to memory of 2432	2236	Unicorn-50905.exe	Unicorn-24277.exe
PID 2992 wrote to memory of 2584	2992	Unicorn-31039.exe	Unicorn-59279.exe
PID 2992 wrote to memory of 2584	2992	Unicorn-31039.exe	Unicorn-59279.exe
PID 2992 wrote to memory of 2584	2992	Unicorn-31039.exe	Unicorn-59279.exe
PID 2992 wrote to memory of 2584	2992	Unicorn-31039.exe	Unicorn-59279.exe
PID 1520 wrote to memory of 2560	1520	Unicorn-52567.exe	Unicorn-56767.exe
PID 1520 wrote to memory of 2560	1520	Unicorn-52567.exe	Unicorn-56767.exe
PID 1520 wrote to memory of 2560	1520	Unicorn-52567.exe	Unicorn-56767.exe
PID 1520 wrote to memory of 2560	1520	Unicorn-52567.exe	Unicorn-56767.exe
PID 1520 wrote to memory of 2896	1520	Unicorn-52567.exe	WerFault.exe
PID 1520 wrote to memory of 2896	1520	Unicorn-52567.exe	WerFault.exe
PID 1520 wrote to memory of 2896	1520	Unicorn-52567.exe	WerFault.exe
PID 1520 wrote to memory of 2896	1520	Unicorn-52567.exe	WerFault.exe
PID 2560 wrote to memory of 1952	2560	Unicorn-56767.exe	Unicorn-2832.exe
PID 2560 wrote to memory of 1952	2560	Unicorn-56767.exe	Unicorn-2832.exe
PID 2560 wrote to memory of 1952	2560	Unicorn-56767.exe	Unicorn-2832.exe
PID 2560 wrote to memory of 1952	2560	Unicorn-56767.exe	Unicorn-2832.exe
PID 2432 wrote to memory of 2720	2432	Unicorn-24277.exe	Unicorn-60497.exe
PID 2432 wrote to memory of 2720	2432	Unicorn-24277.exe	Unicorn-60497.exe
PID 2432 wrote to memory of 2720	2432	Unicorn-24277.exe	Unicorn-60497.exe
PID 2432 wrote to memory of 2720	2432	Unicorn-24277.exe	Unicorn-60497.exe
PID 2992 wrote to memory of 2756	2992	Unicorn-31039.exe	Unicorn-40631.exe
PID 2992 wrote to memory of 2756	2992	Unicorn-31039.exe	Unicorn-40631.exe
PID 2992 wrote to memory of 2756	2992	Unicorn-31039.exe	Unicorn-40631.exe
PID 2992 wrote to memory of 2756	2992	Unicorn-31039.exe	Unicorn-40631.exe
PID 2236 wrote to memory of 1944	2236	Unicorn-50905.exe	Unicorn-5245.exe
PID 2236 wrote to memory of 1944	2236	Unicorn-50905.exe	Unicorn-5245.exe
PID 2236 wrote to memory of 1944	2236	Unicorn-50905.exe	Unicorn-5245.exe
PID 2236 wrote to memory of 1944	2236	Unicorn-50905.exe	Unicorn-5245.exe
PID 2584 wrote to memory of 2700	2584	Unicorn-59279.exe	Unicorn-42900.exe
PID 2584 wrote to memory of 2700	2584	Unicorn-59279.exe	Unicorn-42900.exe
PID 2584 wrote to memory of 2700	2584	Unicorn-59279.exe	Unicorn-42900.exe
PID 2584 wrote to memory of 2700	2584	Unicorn-59279.exe	Unicorn-42900.exe
PID 2236 wrote to memory of 1796	2236	Unicorn-50905.exe	WerFault.exe
PID 2236 wrote to memory of 1796	2236	Unicorn-50905.exe	WerFault.exe
PID 2236 wrote to memory of 1796	2236	Unicorn-50905.exe	WerFault.exe
PID 2236 wrote to memory of 1796	2236	Unicorn-50905.exe	WerFault.exe
PID 2992 wrote to memory of 2400	2992	Unicorn-31039.exe	WerFault.exe
PID 2992 wrote to memory of 2400	2992	Unicorn-31039.exe	WerFault.exe
PID 2992 wrote to memory of 2400	2992	Unicorn-31039.exe	WerFault.exe
PID 2992 wrote to memory of 2400	2992	Unicorn-31039.exe	WerFault.exe
PID 1952 wrote to memory of 1320	1952	Unicorn-2832.exe	Unicorn-786.exe
PID 1952 wrote to memory of 1320	1952	Unicorn-2832.exe	Unicorn-786.exe
PID 1952 wrote to memory of 1320	1952	Unicorn-2832.exe	Unicorn-786.exe
PID 1952 wrote to memory of 1320	1952	Unicorn-2832.exe	Unicorn-786.exe

C:\Users\Admin\AppData\Local\Temp\96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe
"C:\Users\Admin\AppData\Local\Temp\96ee0ac00c522c51a8509e982b44e94838f85507bfeb45ae4922f341833be768.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-35792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35792.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
10⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
11⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
12⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
13⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
14⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
15⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
15⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
14⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
13⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
12⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
11⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
11⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
12⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
13⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
14⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
14⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 236
13⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
12⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 220
10⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
9⤵
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
9⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
10⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
12⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
13⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
14⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
14⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
13⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
11⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
10⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
12⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
13⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 236
13⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
11⤵
PID:1436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
10⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
9⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
8⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
9⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
11⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
12⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
13⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
14⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
13⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
12⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
10⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
9⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
8⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
9⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
8⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
7⤵
- Program crash
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-50980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50980.exe
9⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
11⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
12⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
13⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
14⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
14⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
13⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
12⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
10⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
9⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
8⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
11⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
12⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
13⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 236
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
11⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
8⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
11⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
12⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
13⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
13⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
12⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
8⤵
- Program crash
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
7⤵
- Program crash
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
6⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-9680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9680.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
9⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
10⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
11⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
13⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
14⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 220
14⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
13⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
10⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
9⤵
- Program crash
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
11⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
12⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
13⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 236
13⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
8⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
9⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
11⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
12⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 236
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
10⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
11⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
12⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
11⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
8⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
7⤵
- Program crash
PID:400

C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
6⤵
- Executes dropped EXE
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
6⤵
- Program crash
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
9⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
11⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-53690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53690.exe
12⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
13⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
14⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
15⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
14⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
13⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
12⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
11⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
13⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
12⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
11⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
10⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
12⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
13⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 220
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
11⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
9⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 220
8⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
7⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
8⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
10⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 300
11⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-63502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63502.exe
10⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
11⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
12⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
13⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 236
12⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
11⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
8⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
7⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
8⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
10⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
11⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
12⤵
PID:9356

C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
13⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 220
13⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
10⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
9⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
8⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
10⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
11⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
12⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
8⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
6⤵
- Program crash
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
9⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
11⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-64926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64926.exe
12⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
13⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
9⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
8⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
7⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
10⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
11⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
11⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 236
10⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
8⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
7⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
6⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
10⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-43956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43956.exe
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
11⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
8⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
9⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
10⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
11⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
11⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
10⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
9⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
8⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
7⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
6⤵
- Program crash
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
5⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
9⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
10⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
11⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
12⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
13⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
14⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
15⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 236
14⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
13⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
12⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
11⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
10⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
11⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
12⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
13⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
14⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 236
13⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
9⤵
- Program crash
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
8⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
11⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
12⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
13⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
13⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
12⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
11⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
9⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
8⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
8⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
9⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
10⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
11⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
12⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
13⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
14⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 236
14⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
13⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
12⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
11⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
10⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
10⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
11⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
12⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
13⤵
PID:11636

C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
14⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
13⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
12⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 236
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
8⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
10⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
11⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
12⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
13⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
14⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
9⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
8⤵
- Program crash
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
7⤵
- Program crash
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63224.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
8⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
11⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-24823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24823.exe
12⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
13⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
13⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
12⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
8⤵
- Program crash
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
11⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
12⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
11⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
8⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
7⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
6⤵
- Program crash
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-40184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40184.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
8⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
11⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
12⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
13⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
13⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
12⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 236
11⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-43202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43202.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
11⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
11⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 220
12⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 220
11⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
10⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
11⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
12⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
11⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
8⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
7⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
10⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
11⤵
PID:9284

C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
12⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 236
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
10⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
8⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
7⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
6⤵
- Program crash
PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
5⤵
- Program crash
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
5⤵
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
9⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
10⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
11⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
12⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
13⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
14⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
14⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 220
13⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
12⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
11⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
10⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
10⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
11⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
12⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
13⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 220
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
12⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
11⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
10⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
8⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
10⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
11⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
12⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
13⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
14⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
13⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
12⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
11⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
9⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
8⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
11⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
12⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
13⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 216
13⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 220
12⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
10⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
12⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
11⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
10⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
8⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
11⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
12⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
13⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 220
13⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
12⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
10⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
11⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
9⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
9⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
10⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
11⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
12⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
13⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
12⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
11⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
7⤵
- Program crash
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
6⤵
- Program crash
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
7⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
8⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-35106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35106.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
11⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
12⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
13⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
12⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
9⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
6⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
7⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
11⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
12⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 236
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 236
11⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
8⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
7⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-25143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25143.exe
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
10⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
10⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
9⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
8⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
7⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
6⤵
- Program crash
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
5⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
7⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
10⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
11⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 236
12⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
9⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 216
8⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
7⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
6⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
10⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
11⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
11⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
12⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 220
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
8⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
7⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
6⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
6⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
7⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
12⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 236
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
11⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
9⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
11⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
10⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
9⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
8⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
7⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
6⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
7⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
9⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
10⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
8⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
7⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
6⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
5⤵
- Program crash
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
6⤵
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
7⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
11⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 236
12⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 216
8⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
7⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
6⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
8⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
9⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
10⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
11⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
10⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
9⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
8⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
7⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
6⤵
- Program crash
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
5⤵
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
6⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
7⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
10⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
11⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 240
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
9⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
8⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
7⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
6⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
5⤵
- Program crash
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
4⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
2⤵
- Program crash
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe

Filesize
184KB

MD5
50f82fec2386345779887d901fee179c

SHA1
f66a483052739668068b13b463fed3b9d75b16d1

SHA256
2f6a3f81457a6135da04c6c556ebcf30d207c4546b839c876bde74ad8a328313

SHA512
7b8dec3ae8118fc66c6d7294142dee16cda7498c9a0e2f7a91fdb24a1826731b0f9ca88c58cbaee29402dbcef8c92446ca96cea7fb6101b187d98b1239e5108d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe

Filesize
184KB

MD5
163106cc7df7f180465a5e87e7daaf08

SHA1
9db87cd0fd3900d20c29dfc402f8e48dfe4c4eb8

SHA256
b631288330a659818314b494cdb694c2e1a7bc83deefb536d07e67d0f9079c2c

SHA512
74be960ca68844a0014462da764811d0ec80184856b978377c20b6d186fca8a1fd5834c17c59be60afb8602b1a376ba4aae8022aaa18f472b42b7466a3cbd7a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe

Filesize
184KB

MD5
a014af33cbb4246c10c99ba0e2c61faf

SHA1
800fbbe9e91a1a59fd485a009bb7cb34649cfe0b

SHA256
f15973b990e159447a43118a7e36434219de86b724e235c932eb2779cb161b7a

SHA512
e2370c32dc5eea2826af259bf34c48d512ba368fbc24f4a5dae3ac38545a4de126d2d452e052aedb5aea884b23cd69406c452236a5fcbc42403932d6a3a7b835

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe

Filesize
184KB

MD5
77bd160a356b73593a721a90a5510165

SHA1
04e6721e18836bd31de1be31755be6dc5f1a8a7b

SHA256
37a53f05171c32794eebd8d613f00d1ec4e97ef998c4dce21858ecc148da423e

SHA512
ed92b8a03252e5c7b1cdbd5f5a5e3f96666aca7dd45753e2bd21f9ec0a0493b499e90446b494abbb94e27f9e39ea064085281c94f0187781b249ae5075cc3bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe

Filesize
184KB

MD5
3dda0c5da129077cedf67f5adef8a6bf

SHA1
de96fb42dcd115ddfd22544f0bf11d7f8f7e4c13

SHA256
5e40c07bffade5f2adb59bf110b3819f24265afd1dedaddcac169fc15518c0e4

SHA512
f6b27f3507eab5cac33eaafe73d22167cebf14c326e62dc9e4014b167722e5f41e37ad198b69ba4b1a29d248806cf9abb5d4ce408497d3e4851f56ffde81fb98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40184.exe

Filesize
184KB

MD5
0267ced7033bd13e69a1e1a8c51bf478

SHA1
62ef9996c94d884f629d6ab72faa0c16d91aac2c

SHA256
3405290b93a1915a00916778f84fc4d0566da2e36774af9d389e13314fa77ee7

SHA512
5ddc35f921300cd7d0320bdbff2f80b38d7d14842a8de25903e552997c40bb14406cbf42676cd54fdad87313e24fd17182f988fd78bd4411c524756a806f1f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe

Filesize
184KB

MD5
fcd6d9d22c54f87aacc5d49c936216b6

SHA1
64603940264dcf94ca64a033cfc352071f173317

SHA256
efdd602d1fbf2316166305a5ee3b82ee51737ff1c4d91ba381095f2e280ec5bc

SHA512
a70e2bcf770e7a28b9a503cd81f477ae6a67c57acca288300c06be663ba73647e601576517224c6800dae868a81d541cbc229554c0253be70cf65d02d579afe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe

Filesize
184KB

MD5
d5369baee424cb06ac466d27da0f8557

SHA1
994bd65bbc404ddb07106419a7dd7240c9367e90

SHA256
af7f880a104e07364d02e7b361c7298d06bcb87b830e99f70fac1eeb27fe4fed

SHA512
811ccafed3c0750402043d4ab2d3ae227a7e5e155b7c1f99e431766713a237693d409b1c759a62cf7ae85fdbf70cc4517b0d48fe153a928e17329a7f6103c453

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe

Filesize
184KB

MD5
c03ab9ad59e68854a4267be7aef80c8d

SHA1
d86b0720280ae7b8ddcba591636e49f78a60d547

SHA256
f4c019d928c43894303a1d244f179c871c93953c0fe9e55a0dc79c46c0970765

SHA512
dabb108295562dd6741a279ab3931a8b69644cac0fcf62bc6c7af9fbb65fa2265a6e37ae9bcb0159627a7b5c16add354e90a630cd5acece5938a3cdd9acda828

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe

Filesize
184KB

MD5
2c487190ae02153d2cefdf1b0aceaaa2

SHA1
8eccfcfaca32507998e217392ccca6ae9e971a96

SHA256
8a73e23d6e8f816daa55244502099614d3d699bca75788b780ed2a0571390717

SHA512
19bbcede7207ea52c31af30b33937d8f526542fcabc517601ead0d928cc385c216ea8e8c624ac9cb763785e51e033d65c06351ebb6c1497644e6fbdd7dfa8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe

Filesize
184KB

MD5
9495a4d009295cdcd8fb110ff5473196

SHA1
4765a26a6a3af3687d6f8ea4e4a2f0784679fd59

SHA256
42c10abe1e75866fccbf5bd118d76e06062e42e996e5136e365b35edbe1b0484

SHA512
bb53949476d2fff58e637c789fbff40f12343dedf23a5e4045187ff671d648d377ecd1c9454b622a4a80ce8be73b1779f73f121d8075e66b696a7c61e943ac7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe

Filesize
184KB

MD5
59fd1d4828c6c13447bc5acc8cb483c7

SHA1
3a59f02c4317d7da48090b4f6693d7a03e7b352c

SHA256
033ba655fda5c5534a85a3d172bb034e4b955f9e7d87d9dd7dd54a32bdf3239b

SHA512
40c620228f75dcd84cc03f40a2b9e518c7ffa3ac269b530b179e5a3c45763bcdbed9fc5b9a6eeaa32e8aac5dfa904cae9f3bc67ef1da88ca289c46a712d4e1f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe

Filesize
184KB

MD5
35e12fa2d031d644020c5a867cd17809

SHA1
67ec9e31575be14749dcedd1eb37648daa29f4f0

SHA256
04d4be434d2dab878cf3a59e781f9da84c29e30f8d10aace1b57b777f3451be9

SHA512
3ecb231f355e96386c2e76c0d179b3f84bc164c73dafb9a6797a7648a06b67b28bbb0b5d85e36d10111c0dfb454e666dc44ba10b5b366b40f558966a1ae2345e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe

Filesize
184KB

MD5
a0397a9491007b771bfdcb135ad910e6

SHA1
23142acbba51f53607d34e40c27427c8a24c5e70

SHA256
9441397d47b7d37a95654c9e47d04c75254406f9abb03b437b2920eea2aa73df

SHA512
d714e90352ffea280a67176d40de4958390d97aaebd702e7faa8eac58f212b8161c887c3128094ce58259fbe72f8da976ed6a8eeb538b76533116419a7a59456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe

Filesize
184KB

MD5
2479bb210428c6f6ae2d0030228ac63e

SHA1
ac13e90540180911875e5d7913237ff37aa019f4

SHA256
7c3d597e22a8ceaca8e1a0ccfd8ad97ccadd5b62ec3f4f56291c9c53618113b3

SHA512
8f1c9b2088d0dba8c18155ccdbe4a1f85a115fd2600a536cd4fbb60d7cbd3b4c6253d95288a677476c9ebba2d917a4016340d5aebb847b261fcdbfbbe8cfc8bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe

Filesize
184KB

MD5
b4e5e5c8528d81a63b78c22b29ecd31b

SHA1
91ae58d07fbde5915b79d453d0a6cab295198c55

SHA256
9e08770dcdfaa3fc2048124b49d1a7c0e42c9cdc7d88ae2cdaad4773e9428a0c

SHA512
6d67276c384165ea182c55788af21426e0652e69610c1baf2564d2b74f9c32e9a3918f39c9fbb637853109a07e54ed5524ad8967941631439e81cd36b76af97d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe

Filesize
184KB

MD5
c312943508afc7d4132d5a433e33397d

SHA1
1fd69f955c30641ec5557d341c48aa739244af12

SHA256
94fa4cec45810a2af89641a5f261fe47d362b49f1bdd3f6ac1d6db089f020bcd

SHA512
97e411e6886a1ff9530e88010c55f393fdd58b515a3570949c2b523230e026c7980e126b0bea84b95608fc23b1f0db61de56a2bf14e6cc1148b9c973d170be06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe

Filesize
184KB

MD5
365b39dcddb3976177965aa019873eda

SHA1
6eb80bdd317b1b8c7c51f028d341f77e4b97d088

SHA256
1225f52d93e1d16b002e597f8b571baa7043e13044731a98b293e75142e43395

SHA512
33b6f6e576c96209e3b34aba5cd59f47962f4253028d2105ddeb7124ed729592d155584fc284ad7fb0a3f357fb0e4e40053c23e17ade82e378398010d51943ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe

Filesize
184KB

MD5
d067f4cb619f36135407afebf2e974d9

SHA1
6bcaec6151317d03e380b839418456612ccea316

SHA256
243e1f29af56f4a5a3e690c6e966559b981e1be625f19e79d37fa8aa6301385a

SHA512
ffa326168250559f64b7fa90c98c2150309d0027560f354fcc4010d07370c349dd338648fbf8729d8377b98e8473b28dbb5c8d504b4d91b45f31081e8cbdff55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe

Filesize
184KB

MD5
225d8c616c3c8a7d919fce733982c46d

SHA1
f42237c94c98c77bd6b66f8c7e2e7e81157faf6f

SHA256
f996e3e2838cfe1ec1919717e4c4e066af20c83fa370abefafae02fdea0c3c5e

SHA512
d5a217f98d64babec9518f5bd87743345bae195790940e85c5eaee9dd4e0fdd02627ab897503b4433ac992f8cf8a97422c00c1dba9e079d7df25c57eddb36f4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe

Filesize
184KB

MD5
e9734ecd35292a00c1b7636774664e34

SHA1
f9146e7f9215e733a7d0e7c5023cd5c0f26ce47f

SHA256
9dee9a5af8e839fd8fc776234a4df19e5155671a80cf37a2fb546cd707e90107

SHA512
6b26596ce1f69c57b142330d7ca4f6173ce501ccfbf72dcb12b934a6c7900a7bb2d4639269e28ef2ad7097bcc8f3158c38f59be11769caa9f55dd5567a6ebb5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe

Filesize
184KB

MD5
12683d7dbe7bdc0e221dcf1dcd7280a1

SHA1
ad38279e1ef22b8d1ca9a5d8d3ae4966f47e59dc

SHA256
f5e1de4cc059289235fb26911bf5b59cacf435319ab14667450a089f44a9abb9

SHA512
9a98e53b532d93eeaf364566440d6afa232db3e959557099301c75be2232d4fa2f903206c496756b73ad3ed355e23c1ee89630683c4fc9890e9a9c435ab66fb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-786.exe

Filesize
184KB

MD5
bf9b85a24dab2e9b807f61c9a5968f25

SHA1
89b83d57148aa8ca4f2530cdd8b9a0e0496da825

SHA256
beab2ace632f74a334ac5624d7eba744f27dd57016fc335700dec55a392fdcb6

SHA512
0f72dfc49a42c807e5973c413a87431aa08ea74592bd15ac512c7db9b7f609f8ad1761e55f7dc08e84a657dbfc55a1f602e1aad36fc0e8417bfe6bdf4a359d96

Download Submit