898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
Size

184KB
MD5

19ff13b0582f63b5cf351636f4c83545
SHA1

271eaa2801055ab3625456d766b4f270bbb773a3
SHA256

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8
SHA512

933e009d611a5e8fc6fb518ce6e20c12e03888ac0b328fde5bdf62ca531f0d6fec8a502280b67177b421d65fb9352a1f0203a57a49f40f7f48ba0f1985216fe5
SSDEEP

3072:y8SA6goJxnUsdtfoe1LOBZJSIBYGzol1s+nJKO5eUskYulnV8FmnT:y8Xo0YtfVOTJSI4jnIvulnV8Fm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-32784.exeUnicorn-23716.exeUnicorn-56886.exeUnicorn-10109.exeUnicorn-43471.exeUnicorn-40857.exeUnicorn-60836.exeUnicorn-15164.exeUnicorn-56309.exeUnicorn-58836.exeUnicorn-13164.exeUnicorn-60694.exeUnicorn-28863.exeUnicorn-39765.exeUnicorn-33926.exeUnicorn-22686.exeUnicorn-2820.exeUnicorn-13012.exeUnicorn-32878.exeUnicorn-61701.exeUnicorn-62967.exeUnicorn-54509.exeUnicorn-55775.exeUnicorn-31954.exeUnicorn-14569.exeUnicorn-46562.exeUnicorn-13506.exeUnicorn-49583.exeUnicorn-24467.exeUnicorn-46872.exeUnicorn-47562.exeUnicorn-1890.exeUnicorn-24525.exeUnicorn-45770.exeUnicorn-55272.exeUnicorn-1056.exeUnicorn-11248.exeUnicorn-56920.exeUnicorn-49209.exeUnicorn-39535.exeUnicorn-62380.exeUnicorn-52209.exeUnicorn-52707.exeUnicorn-22420.exeUnicorn-60878.exeUnicorn-822.exeUnicorn-56188.exeUnicorn-8746.exeUnicorn-16207.exeUnicorn-5765.exeUnicorn-25631.exeUnicorn-34322.exeUnicorn-54188.exeUnicorn-30820.exeUnicorn-53915.exeUnicorn-11414.exeUnicorn-45955.exeUnicorn-45955.exeUnicorn-283.exeUnicorn-35405.exeUnicorn-56837.exeUnicorn-703.exeUnicorn-34357.exeUnicorn-42001.exe

pid	process
1688	Unicorn-32784.exe
2148	Unicorn-23716.exe
2724	Unicorn-56886.exe
1992	Unicorn-10109.exe
2792	Unicorn-43471.exe
2516	Unicorn-40857.exe
2580	Unicorn-60836.exe
2828	Unicorn-15164.exe
2480	Unicorn-56309.exe
376	Unicorn-58836.exe
2244	Unicorn-13164.exe
852	Unicorn-60694.exe
2004	Unicorn-28863.exe
2500	Unicorn-39765.exe
3056	Unicorn-33926.exe
1856	Unicorn-22686.exe
664	Unicorn-2820.exe
1480	Unicorn-13012.exe
1200	Unicorn-32878.exe
776	Unicorn-61701.exe
1772	Unicorn-62967.exe
1316	Unicorn-54509.exe
2152	Unicorn-55775.exe
316	Unicorn-31954.exe
676	Unicorn-14569.exe
2036	Unicorn-46562.exe
2920	Unicorn-13506.exe
2024	Unicorn-49583.exe
880	Unicorn-24467.exe
1864	Unicorn-46872.exe
1580	Unicorn-47562.exe
2600	Unicorn-1890.exe
2144	Unicorn-24525.exe
2676	Unicorn-45770.exe
2268	Unicorn-55272.exe
2540	Unicorn-1056.exe
2988	Unicorn-11248.exe
2080	Unicorn-56920.exe
2848	Unicorn-49209.exe
2864	Unicorn-39535.exe
2968	Unicorn-62380.exe
1664	Unicorn-52209.exe
2240	Unicorn-52707.exe
1628	Unicorn-22420.exe
1496	Unicorn-60878.exe
1236	Unicorn-822.exe
2116	Unicorn-56188.exe
2616	Unicorn-8746.exe
2760	Unicorn-16207.exe
1932	Unicorn-5765.exe
2096	Unicorn-25631.exe
1176	Unicorn-34322.exe
804	Unicorn-54188.exe
1220	Unicorn-30820.exe
840	Unicorn-53915.exe
2960	Unicorn-11414.exe
296	Unicorn-45955.exe
2412	Unicorn-45955.exe
2372	Unicorn-283.exe
2916	Unicorn-35405.exe
2860	Unicorn-56837.exe
2644	Unicorn-703.exe
2540	Unicorn-34357.exe
1632	Unicorn-42001.exe

Loads dropped DLL 64 IoCs

Processes:

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exeUnicorn-32784.exeUnicorn-23716.exeUnicorn-56886.exeWerFault.exeUnicorn-10109.exeUnicorn-40857.exeUnicorn-43471.exeWerFault.exeWerFault.exeUnicorn-60836.exeUnicorn-15164.exeUnicorn-13164.exeUnicorn-58836.exeUnicorn-56309.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
1688	Unicorn-32784.exe
1688	Unicorn-32784.exe
1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
2148	Unicorn-23716.exe
2148	Unicorn-23716.exe
1688	Unicorn-32784.exe
1688	Unicorn-32784.exe
2724	Unicorn-56886.exe
2724	Unicorn-56886.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
2148	Unicorn-23716.exe
2148	Unicorn-23716.exe
1992	Unicorn-10109.exe
1992	Unicorn-10109.exe
2516	Unicorn-40857.exe
2516	Unicorn-40857.exe
2724	Unicorn-56886.exe
2724	Unicorn-56886.exe
2792	Unicorn-43471.exe
2792	Unicorn-43471.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
2580	Unicorn-60836.exe
2580	Unicorn-60836.exe
2828	Unicorn-15164.exe
2828	Unicorn-15164.exe
1992	Unicorn-10109.exe
1992	Unicorn-10109.exe
2244	Unicorn-13164.exe
2244	Unicorn-13164.exe
376	Unicorn-58836.exe
2792	Unicorn-43471.exe
376	Unicorn-58836.exe
2792	Unicorn-43471.exe
2516	Unicorn-40857.exe
2480	Unicorn-56309.exe
2516	Unicorn-40857.exe
2480	Unicorn-56309.exe
1564	WerFault.exe
1564	WerFault.exe
1564	WerFault.exe
1564	WerFault.exe
1564	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
2492	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2624	1848	WerFault.exe	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
1808	1688	WerFault.exe	Unicorn-32784.exe
1692	2148	WerFault.exe	Unicorn-23716.exe
1512	2724	WerFault.exe	Unicorn-56886.exe
1564	1992	WerFault.exe	Unicorn-10109.exe
1184	2516	WerFault.exe	Unicorn-40857.exe
2492	2792	WerFault.exe	Unicorn-43471.exe
2104	2580	WerFault.exe	Unicorn-60836.exe
1048	2828	WerFault.exe	Unicorn-15164.exe
2656	2244	WerFault.exe	Unicorn-13164.exe
2636	376	WerFault.exe	Unicorn-58836.exe
2632	2480	WerFault.exe	Unicorn-56309.exe
1520	852	WerFault.exe	Unicorn-60694.exe
1784	2004	WerFault.exe	Unicorn-28863.exe
2964	2500	WerFault.exe	Unicorn-39765.exe
2436	3056	WerFault.exe	Unicorn-33926.exe
1556	1856	WerFault.exe	Unicorn-22686.exe
1988	664	WerFault.exe	Unicorn-2820.exe
1700	1200	WerFault.exe	Unicorn-32878.exe
1656	1480	WerFault.exe	Unicorn-13012.exe
2708	776	WerFault.exe	Unicorn-61701.exe
2780	1772	WerFault.exe	Unicorn-62967.exe
3040	1316	WerFault.exe	Unicorn-54509.exe
2820	2152	WerFault.exe	Unicorn-55775.exe
2892	316	WerFault.exe	Unicorn-31954.exe
2788	676	WerFault.exe	Unicorn-14569.exe
1884	2036	WerFault.exe	Unicorn-46562.exe
1348	2920	WerFault.exe	Unicorn-13506.exe
2380	2024	WerFault.exe	Unicorn-49583.exe
2440	880	WerFault.exe	Unicorn-24467.exe
1472	1864	WerFault.exe	Unicorn-46872.exe
760	2600	WerFault.exe	Unicorn-1890.exe
1488	1580	WerFault.exe	Unicorn-47562.exe
2260	2372	WerFault.exe	Unicorn-283.exe
3480	2144	WerFault.exe	Unicorn-24525.exe
3612	2268	WerFault.exe	Unicorn-55272.exe
3620	2676	WerFault.exe	Unicorn-45770.exe
3912	2080	WerFault.exe	Unicorn-56920.exe
3920	2848	WerFault.exe	Unicorn-49209.exe
4060	2616	WerFault.exe	Unicorn-8746.exe
4068	2096	WerFault.exe	Unicorn-25631.exe
3080	1176	WerFault.exe	Unicorn-34322.exe
3164	804	WerFault.exe	Unicorn-54188.exe
3284	1888	WerFault.exe	Unicorn-41312.exe
3644	1236	WerFault.exe	Unicorn-822.exe
3848	2988	WerFault.exe	Unicorn-11248.exe
3932	2116	WerFault.exe	Unicorn-56188.exe
3968	1220	WerFault.exe	Unicorn-30820.exe
3176	2412	WerFault.exe	Unicorn-45955.exe
3604	2240	WerFault.exe	Unicorn-52707.exe
3632	1932	WerFault.exe	Unicorn-5765.exe
3656	2968	WerFault.exe	Unicorn-62380.exe
3896	1496	WerFault.exe	Unicorn-60878.exe
4052	2864	WerFault.exe	Unicorn-39535.exe
3128	2760	WerFault.exe	Unicorn-16207.exe
3240	1628	WerFault.exe	Unicorn-22420.exe
3376	2888	WerFault.exe	Unicorn-33309.exe
3384	2336	WerFault.exe	Unicorn-7232.exe
3524	1792	WerFault.exe	Unicorn-33309.exe
3544	2972	WerFault.exe	Unicorn-4326.exe
3512	1604	WerFault.exe	Unicorn-22069.exe
4032	1664	WerFault.exe	Unicorn-52209.exe
3988	584	WerFault.exe	Unicorn-9780.exe
3372	2852	WerFault.exe	Unicorn-44212.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exeUnicorn-32784.exeUnicorn-23716.exeUnicorn-56886.exeUnicorn-10109.exeUnicorn-43471.exeUnicorn-40857.exeUnicorn-60836.exeUnicorn-15164.exeUnicorn-56309.exeUnicorn-13164.exeUnicorn-58836.exeUnicorn-60694.exeUnicorn-28863.exeUnicorn-39765.exeUnicorn-33926.exeUnicorn-22686.exeUnicorn-2820.exeUnicorn-32878.exeUnicorn-13012.exeUnicorn-61701.exeUnicorn-62967.exeUnicorn-54509.exeUnicorn-55775.exeUnicorn-31954.exeUnicorn-46562.exeUnicorn-14569.exeUnicorn-13506.exeUnicorn-49583.exeUnicorn-24467.exeUnicorn-46872.exeUnicorn-1890.exeUnicorn-47562.exeUnicorn-24525.exeUnicorn-45770.exeUnicorn-55272.exeUnicorn-49209.exeUnicorn-11248.exeUnicorn-56920.exeUnicorn-39535.exeUnicorn-62380.exeUnicorn-52209.exeUnicorn-52707.exeUnicorn-22420.exeUnicorn-60878.exeUnicorn-822.exeUnicorn-56188.exeUnicorn-8746.exeUnicorn-16207.exeUnicorn-25631.exeUnicorn-5765.exeUnicorn-54188.exeUnicorn-34322.exeUnicorn-30820.exeUnicorn-53915.exeUnicorn-283.exeUnicorn-45955.exeUnicorn-45955.exeUnicorn-11414.exeUnicorn-35405.exeUnicorn-56837.exeUnicorn-703.exeUnicorn-34357.exeUnicorn-42001.exe

pid	process
1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
1688	Unicorn-32784.exe
2148	Unicorn-23716.exe
2724	Unicorn-56886.exe
1992	Unicorn-10109.exe
2792	Unicorn-43471.exe
2516	Unicorn-40857.exe
2580	Unicorn-60836.exe
2828	Unicorn-15164.exe
2480	Unicorn-56309.exe
2244	Unicorn-13164.exe
376	Unicorn-58836.exe
852	Unicorn-60694.exe
2004	Unicorn-28863.exe
2500	Unicorn-39765.exe
3056	Unicorn-33926.exe
1856	Unicorn-22686.exe
664	Unicorn-2820.exe
1200	Unicorn-32878.exe
1480	Unicorn-13012.exe
776	Unicorn-61701.exe
1772	Unicorn-62967.exe
1316	Unicorn-54509.exe
2152	Unicorn-55775.exe
316	Unicorn-31954.exe
2036	Unicorn-46562.exe
676	Unicorn-14569.exe
2920	Unicorn-13506.exe
2024	Unicorn-49583.exe
880	Unicorn-24467.exe
1864	Unicorn-46872.exe
2600	Unicorn-1890.exe
1580	Unicorn-47562.exe
2144	Unicorn-24525.exe
2676	Unicorn-45770.exe
2268	Unicorn-55272.exe
2848	Unicorn-49209.exe
2988	Unicorn-11248.exe
2080	Unicorn-56920.exe
2864	Unicorn-39535.exe
2968	Unicorn-62380.exe
1664	Unicorn-52209.exe
2240	Unicorn-52707.exe
1628	Unicorn-22420.exe
1496	Unicorn-60878.exe
1236	Unicorn-822.exe
2116	Unicorn-56188.exe
2616	Unicorn-8746.exe
2760	Unicorn-16207.exe
2096	Unicorn-25631.exe
1932	Unicorn-5765.exe
804	Unicorn-54188.exe
1176	Unicorn-34322.exe
1220	Unicorn-30820.exe
840	Unicorn-53915.exe
2372	Unicorn-283.exe
296	Unicorn-45955.exe
2412	Unicorn-45955.exe
2960	Unicorn-11414.exe
2916	Unicorn-35405.exe
2860	Unicorn-56837.exe
2644	Unicorn-703.exe
2540	Unicorn-34357.exe
1632	Unicorn-42001.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exeUnicorn-32784.exeUnicorn-23716.exeUnicorn-56886.exeUnicorn-10109.exeUnicorn-40857.exeUnicorn-43471.exeUnicorn-60836.exe

description	pid	process	target process
PID 1848 wrote to memory of 1688	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-32784.exe
PID 1848 wrote to memory of 1688	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-32784.exe
PID 1848 wrote to memory of 1688	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-32784.exe
PID 1848 wrote to memory of 1688	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-32784.exe
PID 1688 wrote to memory of 2148	1688	Unicorn-32784.exe	Unicorn-23716.exe
PID 1688 wrote to memory of 2148	1688	Unicorn-32784.exe	Unicorn-23716.exe
PID 1688 wrote to memory of 2148	1688	Unicorn-32784.exe	Unicorn-23716.exe
PID 1688 wrote to memory of 2148	1688	Unicorn-32784.exe	Unicorn-23716.exe
PID 1848 wrote to memory of 2724	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-56886.exe
PID 1848 wrote to memory of 2724	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-56886.exe
PID 1848 wrote to memory of 2724	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-56886.exe
PID 1848 wrote to memory of 2724	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-56886.exe
PID 1848 wrote to memory of 2624	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	WerFault.exe
PID 1848 wrote to memory of 2624	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	WerFault.exe
PID 1848 wrote to memory of 2624	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	WerFault.exe
PID 1848 wrote to memory of 2624	1848	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	WerFault.exe
PID 2148 wrote to memory of 1992	2148	Unicorn-23716.exe	Unicorn-10109.exe
PID 2148 wrote to memory of 1992	2148	Unicorn-23716.exe	Unicorn-10109.exe
PID 2148 wrote to memory of 1992	2148	Unicorn-23716.exe	Unicorn-10109.exe
PID 2148 wrote to memory of 1992	2148	Unicorn-23716.exe	Unicorn-10109.exe
PID 1688 wrote to memory of 2792	1688	Unicorn-32784.exe	Unicorn-43471.exe
PID 1688 wrote to memory of 2792	1688	Unicorn-32784.exe	Unicorn-43471.exe
PID 1688 wrote to memory of 2792	1688	Unicorn-32784.exe	Unicorn-43471.exe
PID 1688 wrote to memory of 2792	1688	Unicorn-32784.exe	Unicorn-43471.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-56886.exe	Unicorn-40857.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-56886.exe	Unicorn-40857.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-56886.exe	Unicorn-40857.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-56886.exe	Unicorn-40857.exe
PID 1688 wrote to memory of 1808	1688	Unicorn-32784.exe	WerFault.exe
PID 1688 wrote to memory of 1808	1688	Unicorn-32784.exe	WerFault.exe
PID 1688 wrote to memory of 1808	1688	Unicorn-32784.exe	WerFault.exe
PID 1688 wrote to memory of 1808	1688	Unicorn-32784.exe	WerFault.exe
PID 2148 wrote to memory of 2580	2148	Unicorn-23716.exe	Unicorn-60836.exe
PID 2148 wrote to memory of 2580	2148	Unicorn-23716.exe	Unicorn-60836.exe
PID 2148 wrote to memory of 2580	2148	Unicorn-23716.exe	Unicorn-60836.exe
PID 2148 wrote to memory of 2580	2148	Unicorn-23716.exe	Unicorn-60836.exe
PID 1992 wrote to memory of 2828	1992	Unicorn-10109.exe	Unicorn-15164.exe
PID 1992 wrote to memory of 2828	1992	Unicorn-10109.exe	Unicorn-15164.exe
PID 1992 wrote to memory of 2828	1992	Unicorn-10109.exe	Unicorn-15164.exe
PID 1992 wrote to memory of 2828	1992	Unicorn-10109.exe	Unicorn-15164.exe
PID 2516 wrote to memory of 2480	2516	Unicorn-40857.exe	Unicorn-56309.exe
PID 2516 wrote to memory of 2480	2516	Unicorn-40857.exe	Unicorn-56309.exe
PID 2516 wrote to memory of 2480	2516	Unicorn-40857.exe	Unicorn-56309.exe
PID 2516 wrote to memory of 2480	2516	Unicorn-40857.exe	Unicorn-56309.exe
PID 2724 wrote to memory of 376	2724	Unicorn-56886.exe	Unicorn-58836.exe
PID 2724 wrote to memory of 376	2724	Unicorn-56886.exe	Unicorn-58836.exe
PID 2724 wrote to memory of 376	2724	Unicorn-56886.exe	Unicorn-58836.exe
PID 2724 wrote to memory of 376	2724	Unicorn-56886.exe	Unicorn-58836.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-43471.exe	Unicorn-13164.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-43471.exe	Unicorn-13164.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-43471.exe	Unicorn-13164.exe
PID 2792 wrote to memory of 2244	2792	Unicorn-43471.exe	Unicorn-13164.exe
PID 2148 wrote to memory of 1692	2148	Unicorn-23716.exe	WerFault.exe
PID 2148 wrote to memory of 1692	2148	Unicorn-23716.exe	WerFault.exe
PID 2148 wrote to memory of 1692	2148	Unicorn-23716.exe	WerFault.exe
PID 2148 wrote to memory of 1692	2148	Unicorn-23716.exe	WerFault.exe
PID 2724 wrote to memory of 1512	2724	Unicorn-56886.exe	WerFault.exe
PID 2724 wrote to memory of 1512	2724	Unicorn-56886.exe	WerFault.exe
PID 2724 wrote to memory of 1512	2724	Unicorn-56886.exe	WerFault.exe
PID 2724 wrote to memory of 1512	2724	Unicorn-56886.exe	WerFault.exe
PID 2580 wrote to memory of 852	2580	Unicorn-60836.exe	Unicorn-60694.exe
PID 2580 wrote to memory of 852	2580	Unicorn-60836.exe	Unicorn-60694.exe
PID 2580 wrote to memory of 852	2580	Unicorn-60836.exe	Unicorn-60694.exe
PID 2580 wrote to memory of 852	2580	Unicorn-60836.exe	Unicorn-60694.exe

C:\Users\Admin\AppData\Local\Temp\898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
"C:\Users\Admin\AppData\Local\Temp\898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
8⤵
- Executes dropped EXE
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
9⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
10⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
11⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
12⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
13⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
14⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 236
14⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
13⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
12⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
11⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-22322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22322.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
11⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
12⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
13⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
12⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
9⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
8⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exe
9⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
11⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
12⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
13⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
14⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
14⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
13⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
12⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
11⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
10⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
11⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
13⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 236
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
8⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
9⤵
- Program crash
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
8⤵
- Program crash
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
7⤵
- Program crash
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
10⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
11⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
12⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
13⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
13⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
12⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
11⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
8⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
12⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
13⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
12⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
7⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
10⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
11⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
8⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
6⤵
- Program crash
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
9⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
10⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
11⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
12⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
13⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
14⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
14⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
13⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
12⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
11⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
11⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
11⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
8⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
10⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
11⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
12⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
13⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 236
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
11⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 236
9⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
10⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
11⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
12⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
13⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 236
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
10⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
10⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
11⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
12⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 236
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
8⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
7⤵
- Program crash
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
8⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
10⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
11⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
12⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
13⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 220
12⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 220
11⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
9⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
8⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
9⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
10⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
11⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
11⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
10⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
9⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
8⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
7⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
6⤵
- Program crash
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exe
9⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
10⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
11⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
12⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
13⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
14⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
15⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
14⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
13⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
12⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
11⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
11⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
12⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
13⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
14⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
10⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
11⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
12⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
13⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
14⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
13⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
12⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
11⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
9⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
9⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
11⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
11⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
12⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
13⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 220
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
12⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 240
11⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
10⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
11⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
12⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
11⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
9⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
8⤵
- Program crash
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
8⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
10⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
11⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
12⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
14⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 220
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
11⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
10⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
11⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
11⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
10⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
12⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
11⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
7⤵
- Program crash
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
8⤵
- Program crash
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
10⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
11⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
12⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
8⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
7⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
6⤵
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
8⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
11⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
12⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
13⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
12⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
11⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
8⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
11⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
12⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
11⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
10⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
7⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
10⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
11⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
12⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 216
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
11⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
- Program crash
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
7⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
10⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
8⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
7⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
6⤵
- Program crash
PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
5⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
8⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
10⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
11⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
12⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
13⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 220
13⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
11⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
10⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
11⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
12⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 220
12⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 220
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
8⤵
- Program crash
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
7⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
7⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
8⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
11⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
12⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
13⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
8⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
7⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
9⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
10⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
11⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
10⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
7⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
6⤵
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
7⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
8⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
11⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
7⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
9⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
10⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
11⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
10⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
9⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
8⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
7⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
6⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
7⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-35402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35402.exe
8⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
9⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
10⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
10⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
9⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
7⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
6⤵
- Program crash
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
5⤵
- Program crash
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-21621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21621.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
11⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
12⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
9⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
7⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
9⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
10⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
11⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
12⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
8⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
7⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
6⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
7⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
9⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
10⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
11⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
10⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
9⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
8⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
7⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
6⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
6⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
7⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-21621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21621.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
8⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
9⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
10⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
11⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
10⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
9⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
8⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
7⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
6⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
7⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
8⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
9⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
10⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 236
10⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
9⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
8⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
7⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
6⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
5⤵
- Program crash
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
8⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
9⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
12⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
13⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
14⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 236
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
12⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
11⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
11⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
12⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
13⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
11⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
8⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
11⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
12⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
10⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
8⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
12⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
13⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 220
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 216
9⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
8⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
7⤵
- Program crash
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
7⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
10⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 220
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 216
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
8⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
9⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
10⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 200
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
10⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
9⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
8⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
7⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
6⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
7⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
10⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
11⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
10⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
8⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
7⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
6⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 220
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
9⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
8⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
7⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
6⤵
- Program crash
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
5⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
7⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
11⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
12⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
13⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
9⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
10⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
11⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
11⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
10⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
8⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
7⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
6⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
7⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
9⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
10⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
11⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 220
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 220
10⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
9⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
7⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
6⤵
- Program crash
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
6⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
7⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
9⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
10⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
11⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
11⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
10⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
8⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
7⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 216
6⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
5⤵
- Program crash
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
7⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
8⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
10⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
11⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
12⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
11⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
9⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
8⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
7⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
8⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
9⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
10⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
11⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
11⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
10⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
9⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
8⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
7⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
6⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
7⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
10⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
11⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
12⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
10⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
9⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-22234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22234.exe
10⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
11⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
10⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
9⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
8⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
7⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
6⤵
- Program crash
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
6⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
7⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
9⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
10⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 220
11⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 220
10⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
9⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
8⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
7⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
6⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
7⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
8⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
9⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
10⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
10⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
9⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
8⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
7⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
6⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
5⤵
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
6⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
7⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
9⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
10⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
10⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
9⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
8⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
7⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
6⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
7⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
9⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
10⤵
PID:11364

C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
11⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
10⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
9⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
8⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
7⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
6⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
5⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
6⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
7⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
8⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exe
9⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
9⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 236
8⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
7⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
6⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
5⤵
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
4⤵
- Program crash
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
2⤵
- Program crash
PID:2624

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
Filesize
184KB

MD5
e9c7cc2f768dd0ab0ac8b034fc287774

SHA1
427f6221e2724e719ba5a76c94b8c9c8ae2d2741

SHA256
a8d5ff738d09358d86ffb5799da8e83c1542109b3ce39155b49a7370f98d3fb8

SHA512
ddcd6e20e547f5374630ffbcf6fbe1735ecc496be0172862cecc313c64e68494fa3a35ed2a1258a24ebb764538b3992d369ccbcabd389886402093ade66cc880

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
Filesize
184KB

MD5
225ccfac933a3d1d8d2262dcb7bd81cd

SHA1
13e81b895d89a0c1649a13625a5e51d80cd69a1e

SHA256
a147b5550ca00970be39a50def45b28c6a14132ec0f7c848082ea5d8db3cdb85

SHA512
1d764f69b9f19a3c41454498e4d47d5996ee2c1bc7b59d19e8086a66b5332e352d7d8eb30ecd5d401321e18525df3f451961bdb8eb02b83b2cf7000114e5071f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
Filesize
184KB

MD5
210dda3b83f9f1aaa6cc1e809c189397

SHA1
7c3c5172a0d87302088e11e41b98ab3b5dcf3ad2

SHA256
d156bbc07d2da34a6a6651782de1a913448577a931b74991a2e13da9eb850afa

SHA512
117bb13685ef23dea167a0730ff70c06e01c835d5b453085bbc5aaf41ee0d388ea60b2d37d319a2d535a0f78c2001e3faa2ba3ce956737024d7895680eaebcd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
Filesize
184KB

MD5
028a02a0996d3467a04670fe578fc7aa

SHA1
2cf7b086b43fdf79e72ae206dc28f97442b3907c

SHA256
594195b5c3c660a11339b456d73092181d62c1b0e66931f93d1f69ced0453d2b

SHA512
f0acfce8f0f494c01717f0628138900b9b641bf280718e5d763504d0e8d27aae56124de29294e50ac944621a81e712785781b64b6c8ba298aadaa076463be41d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
Filesize
184KB

MD5
a85b1926028226ae73d2530bf276050e

SHA1
8eaae48f4c864d79b962e7ee113d9600a74e2c7b

SHA256
2df2b95344a5bd37a7775a4b6e27aa7c7eb7a093e5cb7dcd77593583351eed55

SHA512
b22acadc84b0f0da2427d4a2b4b18308276e72b635e2371da57253529d26bbdcddab966af748133a21f07770067bec13d1dd385fba03f74208e1c09878635c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
Filesize
184KB

MD5
b4a866c0a8647cad4780f58078db07ae

SHA1
e1dad74c1ff6f004418ecb12b91ebd8823cdd223

SHA256
ca7159aed3641a3871f8940ca755851b8b7d46aa499096e5e990beebf3b7bec7

SHA512
a40c4ee1b9929891daf06b7cf20b5386824ee58096d766a130a5643b8843f4d965bf7fa8d1351faf3c2104d92706da381819a9b0ba7210109d815e3bc6ee439e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
Filesize
184KB

MD5
2771017aabb9eb3821e90e5225e819c5

SHA1
fd68f6958443eca88d5d96549c73bcbd096975b3

SHA256
d56b2b38c016188905ef9529cf90a08d157467a6e0526d15e4d02bb0663e6f8e

SHA512
c77c1e58a13ff30c77325fc8ee0dc49e7f79308658d9d633c57ceb3eeb966488c171c1d3b169a231c3e5838718b3d07e8bf70d60745d7e6f939f710e1df4f042

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
Filesize
184KB

MD5
e0902709fdbe423073405bd05d5d8820

SHA1
29781cf88d01f35975daecd5acc336289cfe5058

SHA256
f2de89ab3fd749ddde6058c80df9fb30dfb141e0bf53025702d648179052afce

SHA512
394365bf04f7ba42b4fc75fd2c7afdf49d2bad250a54c734eca80e717978b4e640a21d423b74ef9af1dc91b47f8fd8973914ebf6468b0ae1e1c822d1eb76868d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
Filesize
184KB

MD5
b3a9317f9e2e44661e9c3825fb6b4168

SHA1
b3bd6d0da1a51eb436acc8060cdf478327ce49c3

SHA256
8f7c0fbc2bcdc9b96bf6e1b5d546a1f1ef7bd54769721d9cdbfdce57e8cbd8e5

SHA512
5b0743fa73e2209ac1f578ef0f3ba9787695a2ac200d9721aaeb29f199081e9e5821a95ff7e9e246ef07b57bd2c36e6e401624b003b3279906410134f8e0123d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
Filesize
184KB

MD5
3a5072252eb3fd1c7ee2db4197b6c589

SHA1
4936de72456d97f5c30c964ccacb6faee1bc09a7

SHA256
074015a11c093645088ca15c14b06d21601ee03133a90d2d514b0ab0f7973df4

SHA512
ad2dcc56b75e2c03fb477db04fd957bc7880e1a0dd0b437e0725d1bba26b1abbf11c816acba85126808fba9811649b7478fb814d84ed4e68a66610d003f77d23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
Filesize
184KB

MD5
6c5d28f30722dab599f56e80e55f295f

SHA1
d91fa4ce6b8e3c0b3b637e540bcafcf030afc0fa

SHA256
377bff51efb6012f0b1449fb8cf2af4502accbe6f5ad47d2f817691542e1c1ef

SHA512
c6eafeba87b603184139362bb96c4b7381810aee64574bd72000b0b257942278dc84b4874c75c07a5e8dab77123eaf703bc645f871e4d571407bbb2f29ca2c5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
Filesize
184KB

MD5
c21e4486ef5728832ad46c59330958b0

SHA1
d6944ba73a1c8aba966f832f7ad2930faecfeb44

SHA256
969c4c7d671620c7712df293c5165e1da9f99d04324620db7b8d0bfa0e5afd8c

SHA512
dab215e4985adffed14dffcfbf6ac046657ce7e33ef79bafde0c55577edf9be754d97a74f801d71602450517f0c64433ae2ba035216f1f4a1b2a3413178e14cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
Filesize
184KB

MD5
f69cbf96b52b105c7844fed86738a401

SHA1
05aa20a1a7cf44372ee2bf04472ebce15f956d1b

SHA256
b568c3190a5004e8c4ca490c5e44d7bdf8c23aa81aa9a574d6356ee57196aabd

SHA512
6aac0c32ee041fd22283bc22d1f1048ed2013436a19cc50796718ff7e30e78b8a2d54a27538d9776253a56d0d431eb29525dd64054616a383261688a929ad42a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
Filesize
184KB

MD5
943013beed1d7a92fe5edc3927001f40

SHA1
3bca70ba331a763fc888232acad58c39980f1345

SHA256
64ec3d333d64acfa822c814b388d3050be717a76e378e0b40cb96ab7422cf5d9

SHA512
bafc89587367eb9d3f14aa1fdef3effa45d312a7a5174af41eaf1de57f94cd656c241041803efe64faaa421217349483fd3de2c8f12ae8449a6f2e2c05d8cd89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
Filesize
184KB

MD5
ea4dd57b79adfe439a51817d6114834e

SHA1
cb190bc93687e058f9c898541202c44a148ab11b

SHA256
07a0704e3121ec9e4bf9bc2caa95fc975193e0f9f12b435d762272f1533d2812

SHA512
bc789162ac25d8d54650a8c015463f9e25f289221e11886193200c092f3014be416e0556ad1b6954437f05fabfaa96693320bf9482313766b8104ebee3d2dd3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
Filesize
184KB

MD5
c67c526b5a04c9747f2a5b1844c15a88

SHA1
f45ee131070d3f0c93a99825ccd02ab4329982f7

SHA256
6e17753d5cd535d524aaaaff463b0e95f88972edc3d05dfd64bf4179306824d4

SHA512
c374762957d1bf57fd5817d5edae4e1e42f39ee6ba95be0576c0c6ace14b7628ef7404cf2f3f1e09f0a67847d81bd4555475221aaf86a192c143f48cb54abe57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
Filesize
184KB

MD5
580f07510086da5078af3dfc7ec80343

SHA1
80899918708d3abc2b40b581f175fd3475694967

SHA256
8f8e193160469587ea125367afd18556b3aec60966a750e815bef1ce879d19b5

SHA512
ee0335d282098320eec918edd8edc9c98e65a1c7d937cb7df0c0e565627f5b8fc34dab52233a55454d9a9f1adaee62b61222efe6e0313038554f2ab386bd841d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
Filesize
184KB

MD5
48f6e8e08b74c975c03070ce3807066a

SHA1
bbb6a9a6d9252158c804a541fa318374d8b5313b

SHA256
be714834b6eb657317b1598a0fba5e4a3ef51b40de8c7fd9f0060aa82749b9b3

SHA512
6227173ea627cecb99fb664aba54841ac8a318dbf6e9cf517edb559e6c7dd0f5ced307ad4a81aa4a934edfb846eaa43ad26ad7e4423156c53b55e7516843e190

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads