aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
Size

184KB
MD5

1d183fda55887f7133c97208b8fea8a6
SHA1

d6e9b504b915146b3bafc8b609e247ddda13d2bd
SHA256

aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e
SHA512

1688651b91620309e772c0dbb49653c1603ce75cc86fbc1e96b3228848f771b2cfce62d8f152d216407baa4396510bd671a5a3b22dabd1ecc0a1b1af5af5320c
SSDEEP

1536:pBe46AZlu3Ixoqx1t43AlhwSGD9yv8c8omddjnLNCVzetGhl5hj5nizpvP:b093IxoG743cjGhWzunLNWsGhlnViFn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47718.exeUnicorn-30739.exeUnicorn-10681.exeUnicorn-43666.exeUnicorn-39259.exeUnicorn-22869.exeUnicorn-12200.exeUnicorn-28044.exeUnicorn-23637.exeUnicorn-34609.exeUnicorn-50286.exeUnicorn-45880.exeUnicorn-208.exeUnicorn-63093.exeUnicorn-17422.exeUnicorn-33150.exeUnicorn-53016.exeUnicorn-18808.exeUnicorn-18616.exeUnicorn-44690.exeUnicorn-40283.exeUnicorn-9687.exeUnicorn-40091.exeUnicorn-60149.exeUnicorn-57565.exeUnicorn-41914.exeUnicorn-22048.exeUnicorn-10990.exeUnicorn-8338.exeUnicorn-47809.exeUnicorn-2137.exeUnicorn-59532.exeUnicorn-55126.exeUnicorn-9454.exeUnicorn-39474.exeUnicorn-59340.exeUnicorn-59340.exeUnicorn-22645.exeUnicorn-42511.exeUnicorn-59060.exeUnicorn-26388.exeUnicorn-6522.exeUnicorn-35729.exeUnicorn-31706.exeUnicorn-36305.exeUnicorn-3824.exeUnicorn-64955.exeUnicorn-19284.exeUnicorn-1328.exeUnicorn-14903.exeUnicorn-38609.exeUnicorn-55822.exeUnicorn-51608.exeUnicorn-23918.exeUnicorn-16819.exeUnicorn-49683.exeUnicorn-56590.exeUnicorn-36724.exeUnicorn-36724.exeUnicorn-49491.exeUnicorn-37300.exeUnicorn-15705.exeUnicorn-50942.exeUnicorn-30884.exe

pid	process
2092	Unicorn-47718.exe
2308	Unicorn-30739.exe
2184	Unicorn-10681.exe
2744	Unicorn-43666.exe
2248	Unicorn-39259.exe
2516	Unicorn-22869.exe
1712	Unicorn-12200.exe
2116	Unicorn-28044.exe
2404	Unicorn-23637.exe
2676	Unicorn-34609.exe
640	Unicorn-50286.exe
2120	Unicorn-45880.exe
3016	Unicorn-208.exe
1876	Unicorn-63093.exe
2256	Unicorn-17422.exe
2932	Unicorn-33150.exe
592	Unicorn-53016.exe
2156	Unicorn-18808.exe
2984	Unicorn-18616.exe
1768	Unicorn-44690.exe
1820	Unicorn-40283.exe
1224	Unicorn-9687.exe
1172	Unicorn-40091.exe
1096	Unicorn-60149.exe
1984	Unicorn-57565.exe
900	Unicorn-41914.exe
2144	Unicorn-22048.exe
1720	Unicorn-10990.exe
1988	Unicorn-8338.exe
1696	Unicorn-47809.exe
2224	Unicorn-2137.exe
1068	Unicorn-59532.exe
2832	Unicorn-55126.exe
2600	Unicorn-9454.exe
2752	Unicorn-39474.exe
2608	Unicorn-59340.exe
2560	Unicorn-59340.exe
2444	Unicorn-22645.exe
2508	Unicorn-42511.exe
1908	Unicorn-59060.exe
2356	Unicorn-26388.exe
2968	Unicorn-6522.exe
1432	Unicorn-35729.exe
2084	Unicorn-31706.exe
1948	Unicorn-36305.exe
588	Unicorn-3824.exe
736	Unicorn-64955.exe
800	Unicorn-19284.exe
3000	Unicorn-1328.exe
2392	Unicorn-14903.exe
472	Unicorn-38609.exe
1680	Unicorn-55822.exe
1080	Unicorn-51608.exe
580	Unicorn-23918.exe
1184	Unicorn-16819.exe
3008	Unicorn-49683.exe
1604	Unicorn-56590.exe
1104	Unicorn-36724.exe
2524	Unicorn-36724.exe
2396	Unicorn-49491.exe
968	Unicorn-37300.exe
2756	Unicorn-15705.exe
2912	Unicorn-50942.exe
2192	Unicorn-30884.exe

Loads dropped DLL 64 IoCs

Processes:

aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exeUnicorn-47718.exeUnicorn-10681.exeWerFault.exeUnicorn-30739.exeUnicorn-39259.exeUnicorn-43666.exeWerFault.exeWerFault.exeUnicorn-22869.exeUnicorn-12200.exeUnicorn-23637.exeUnicorn-28044.exeWerFault.exeWerFault.exeUnicorn-34609.exeUnicorn-45880.exeUnicorn-208.exeUnicorn-50286.exe

pid	process
1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
2092	Unicorn-47718.exe
2092	Unicorn-47718.exe
1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
2184	Unicorn-10681.exe
2092	Unicorn-47718.exe
2184	Unicorn-10681.exe
2092	Unicorn-47718.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2308	Unicorn-30739.exe
2308	Unicorn-30739.exe
2248	Unicorn-39259.exe
2744	Unicorn-43666.exe
2248	Unicorn-39259.exe
2744	Unicorn-43666.exe
2184	Unicorn-10681.exe
2184	Unicorn-10681.exe
1836	WerFault.exe
1928	WerFault.exe
1836	WerFault.exe
1928	WerFault.exe
1836	WerFault.exe
1836	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
2516	Unicorn-22869.exe
1928	WerFault.exe
2516	Unicorn-22869.exe
1836	WerFault.exe
1712	Unicorn-12200.exe
1712	Unicorn-12200.exe
2404	Unicorn-23637.exe
2404	Unicorn-23637.exe
2248	Unicorn-39259.exe
2248	Unicorn-39259.exe
2744	Unicorn-43666.exe
2744	Unicorn-43666.exe
2116	Unicorn-28044.exe
2116	Unicorn-28044.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe
888	WerFault.exe
888	WerFault.exe
888	WerFault.exe
888	WerFault.exe
784	WerFault.exe
888	WerFault.exe
2516	Unicorn-22869.exe
2676	Unicorn-34609.exe
2516	Unicorn-22869.exe
2676	Unicorn-34609.exe
2120	Unicorn-45880.exe
2120	Unicorn-45880.exe
3016	Unicorn-208.exe
3016	Unicorn-208.exe
640	Unicorn-50286.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2696	1072	WerFault.exe	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
2504	2092	WerFault.exe	Unicorn-47718.exe
1836	2184	WerFault.exe	Unicorn-10681.exe
1928	2308	WerFault.exe	Unicorn-30739.exe
784	2248	WerFault.exe	Unicorn-39259.exe
888	2744	WerFault.exe	Unicorn-43666.exe
2080	2516	WerFault.exe	Unicorn-22869.exe
2872	1712	WerFault.exe	Unicorn-12200.exe
2964	2404	WerFault.exe	Unicorn-23637.exe
1772	2116	WerFault.exe	Unicorn-28044.exe
1700	2676	WerFault.exe	Unicorn-34609.exe
2456	2120	WerFault.exe	Unicorn-45880.exe
2416	3016	WerFault.exe	Unicorn-208.exe
2632	640	WerFault.exe	Unicorn-50286.exe
2216	1876	WerFault.exe	Unicorn-63093.exe
1480	2256	WerFault.exe	Unicorn-17422.exe
2492	2932	WerFault.exe	Unicorn-33150.exe
2836	592	WerFault.exe	Unicorn-53016.exe
2228	2156	WerFault.exe	Unicorn-18808.exe
2644	2984	WerFault.exe	Unicorn-18616.exe
1236	1096	WerFault.exe	Unicorn-60149.exe
2776	1224	WerFault.exe	Unicorn-9687.exe
3056	1820	WerFault.exe	Unicorn-40283.exe
1548	1768	WerFault.exe	Unicorn-44690.exe
384	1172	WerFault.exe	Unicorn-40091.exe
108	900	WerFault.exe	Unicorn-41914.exe
1092	1984	WerFault.exe	Unicorn-57565.exe
1448	2144	WerFault.exe	Unicorn-22048.exe
1748	1720	WerFault.exe	Unicorn-10990.exe
1124	1988	WerFault.exe	Unicorn-8338.exe
2572	2224	WerFault.exe	Unicorn-2137.exe
1728	1696	WerFault.exe	Unicorn-47809.exe
2172	1068	WerFault.exe	Unicorn-59532.exe
3004	2608	WerFault.exe	Unicorn-59340.exe
1624	2832	WerFault.exe	Unicorn-55126.exe
2540	2444	WerFault.exe	Unicorn-22645.exe
1300	2600	WerFault.exe	Unicorn-9454.exe
392	2560	WerFault.exe	Unicorn-59340.exe
1160	2752	WerFault.exe	Unicorn-39474.exe
2784	2508	WerFault.exe	Unicorn-42511.exe
3532	1908	WerFault.exe	Unicorn-59060.exe
3620	2356	WerFault.exe	Unicorn-26388.exe
3604	2968	WerFault.exe	Unicorn-6522.exe
3888	1948	WerFault.exe	Unicorn-36305.exe
3188	736	WerFault.exe	Unicorn-64955.exe
3644	3008	WerFault.exe	Unicorn-49683.exe
3332	1080	WerFault.exe	Unicorn-51608.exe
3148	1604	WerFault.exe	Unicorn-56590.exe
3176	800	WerFault.exe	Unicorn-19284.exe
3436	472	WerFault.exe	Unicorn-38609.exe
3628	588	WerFault.exe	Unicorn-3824.exe
3664	2756	WerFault.exe	Unicorn-15705.exe
3932	3000	WerFault.exe	Unicorn-1328.exe
3452	1924	WerFault.exe	Unicorn-60563.exe
3836	2392	WerFault.exe	Unicorn-14903.exe
4072	2864	WerFault.exe	Unicorn-53822.exe
3136	1756	WerFault.exe	Unicorn-21150.exe
3440	1932	WerFault.exe	Unicorn-36993.exe
3636	2524	WerFault.exe	Unicorn-36724.exe
3716	2876	WerFault.exe	Unicorn-19780.exe
3776	968	WerFault.exe	Unicorn-37300.exe
4128	2924	WerFault.exe	Unicorn-47086.exe
4132	2376	WerFault.exe	Unicorn-33511.exe
4176	2140	WerFault.exe	Unicorn-49800.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exeUnicorn-47718.exeUnicorn-30739.exeUnicorn-10681.exeUnicorn-39259.exeUnicorn-43666.exeUnicorn-22869.exeUnicorn-12200.exeUnicorn-28044.exeUnicorn-23637.exeUnicorn-34609.exeUnicorn-50286.exeUnicorn-45880.exeUnicorn-208.exeUnicorn-17422.exeUnicorn-63093.exeUnicorn-33150.exeUnicorn-53016.exeUnicorn-18808.exeUnicorn-18616.exeUnicorn-40283.exeUnicorn-44690.exeUnicorn-9687.exeUnicorn-60149.exeUnicorn-40091.exeUnicorn-57565.exeUnicorn-22048.exeUnicorn-41914.exeUnicorn-10990.exeUnicorn-8338.exeUnicorn-2137.exeUnicorn-47809.exeUnicorn-59532.exeUnicorn-9454.exeUnicorn-59340.exeUnicorn-39474.exeUnicorn-59340.exeUnicorn-55126.exeUnicorn-22645.exeUnicorn-42511.exeUnicorn-59060.exeUnicorn-6522.exeUnicorn-26388.exeUnicorn-35729.exeUnicorn-31706.exeUnicorn-36305.exeUnicorn-3824.exeUnicorn-64955.exeUnicorn-19284.exeUnicorn-1328.exeUnicorn-14903.exeUnicorn-38609.exeUnicorn-55822.exeUnicorn-51608.exeUnicorn-16819.exeUnicorn-49683.exeUnicorn-23918.exeUnicorn-36724.exeUnicorn-56590.exeUnicorn-49491.exeUnicorn-37300.exeUnicorn-15705.exeUnicorn-50942.exeUnicorn-30884.exe

pid	process
1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
2092	Unicorn-47718.exe
2308	Unicorn-30739.exe
2184	Unicorn-10681.exe
2248	Unicorn-39259.exe
2744	Unicorn-43666.exe
2516	Unicorn-22869.exe
1712	Unicorn-12200.exe
2116	Unicorn-28044.exe
2404	Unicorn-23637.exe
2676	Unicorn-34609.exe
640	Unicorn-50286.exe
2120	Unicorn-45880.exe
3016	Unicorn-208.exe
2256	Unicorn-17422.exe
1876	Unicorn-63093.exe
2932	Unicorn-33150.exe
592	Unicorn-53016.exe
2156	Unicorn-18808.exe
2984	Unicorn-18616.exe
1820	Unicorn-40283.exe
1768	Unicorn-44690.exe
1224	Unicorn-9687.exe
1096	Unicorn-60149.exe
1172	Unicorn-40091.exe
1984	Unicorn-57565.exe
2144	Unicorn-22048.exe
900	Unicorn-41914.exe
1720	Unicorn-10990.exe
1988	Unicorn-8338.exe
2224	Unicorn-2137.exe
1696	Unicorn-47809.exe
1068	Unicorn-59532.exe
2600	Unicorn-9454.exe
2608	Unicorn-59340.exe
2752	Unicorn-39474.exe
2560	Unicorn-59340.exe
2832	Unicorn-55126.exe
2444	Unicorn-22645.exe
2508	Unicorn-42511.exe
1908	Unicorn-59060.exe
2968	Unicorn-6522.exe
2356	Unicorn-26388.exe
1432	Unicorn-35729.exe
2084	Unicorn-31706.exe
1948	Unicorn-36305.exe
588	Unicorn-3824.exe
736	Unicorn-64955.exe
800	Unicorn-19284.exe
3000	Unicorn-1328.exe
2392	Unicorn-14903.exe
472	Unicorn-38609.exe
1680	Unicorn-55822.exe
1080	Unicorn-51608.exe
1184	Unicorn-16819.exe
3008	Unicorn-49683.exe
580	Unicorn-23918.exe
1104	Unicorn-36724.exe
1604	Unicorn-56590.exe
2396	Unicorn-49491.exe
968	Unicorn-37300.exe
2756	Unicorn-15705.exe
2912	Unicorn-50942.exe
2192	Unicorn-30884.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exeUnicorn-47718.exeUnicorn-10681.exeUnicorn-30739.exeUnicorn-39259.exeUnicorn-43666.exeUnicorn-22869.exeUnicorn-12200.exeUnicorn-23637.exe

description	pid	process	target process
PID 1072 wrote to memory of 2092	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-47718.exe
PID 1072 wrote to memory of 2092	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-47718.exe
PID 1072 wrote to memory of 2092	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-47718.exe
PID 1072 wrote to memory of 2092	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-47718.exe
PID 2092 wrote to memory of 2308	2092	Unicorn-47718.exe	Unicorn-30739.exe
PID 2092 wrote to memory of 2308	2092	Unicorn-47718.exe	Unicorn-30739.exe
PID 2092 wrote to memory of 2308	2092	Unicorn-47718.exe	Unicorn-30739.exe
PID 2092 wrote to memory of 2308	2092	Unicorn-47718.exe	Unicorn-30739.exe
PID 1072 wrote to memory of 2184	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-10681.exe
PID 1072 wrote to memory of 2184	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-10681.exe
PID 1072 wrote to memory of 2184	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-10681.exe
PID 1072 wrote to memory of 2184	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	Unicorn-10681.exe
PID 1072 wrote to memory of 2696	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	WerFault.exe
PID 1072 wrote to memory of 2696	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	WerFault.exe
PID 1072 wrote to memory of 2696	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	WerFault.exe
PID 1072 wrote to memory of 2696	1072	aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe	WerFault.exe
PID 2184 wrote to memory of 2744	2184	Unicorn-10681.exe	Unicorn-43666.exe
PID 2184 wrote to memory of 2744	2184	Unicorn-10681.exe	Unicorn-43666.exe
PID 2184 wrote to memory of 2744	2184	Unicorn-10681.exe	Unicorn-43666.exe
PID 2184 wrote to memory of 2744	2184	Unicorn-10681.exe	Unicorn-43666.exe
PID 2092 wrote to memory of 2248	2092	Unicorn-47718.exe	Unicorn-39259.exe
PID 2092 wrote to memory of 2248	2092	Unicorn-47718.exe	Unicorn-39259.exe
PID 2092 wrote to memory of 2248	2092	Unicorn-47718.exe	Unicorn-39259.exe
PID 2092 wrote to memory of 2248	2092	Unicorn-47718.exe	Unicorn-39259.exe
PID 2092 wrote to memory of 2504	2092	Unicorn-47718.exe	WerFault.exe
PID 2092 wrote to memory of 2504	2092	Unicorn-47718.exe	WerFault.exe
PID 2092 wrote to memory of 2504	2092	Unicorn-47718.exe	WerFault.exe
PID 2092 wrote to memory of 2504	2092	Unicorn-47718.exe	WerFault.exe
PID 2308 wrote to memory of 2516	2308	Unicorn-30739.exe	Unicorn-22869.exe
PID 2308 wrote to memory of 2516	2308	Unicorn-30739.exe	Unicorn-22869.exe
PID 2308 wrote to memory of 2516	2308	Unicorn-30739.exe	Unicorn-22869.exe
PID 2308 wrote to memory of 2516	2308	Unicorn-30739.exe	Unicorn-22869.exe
PID 2248 wrote to memory of 1712	2248	Unicorn-39259.exe	Unicorn-12200.exe
PID 2248 wrote to memory of 1712	2248	Unicorn-39259.exe	Unicorn-12200.exe
PID 2248 wrote to memory of 1712	2248	Unicorn-39259.exe	Unicorn-12200.exe
PID 2248 wrote to memory of 1712	2248	Unicorn-39259.exe	Unicorn-12200.exe
PID 2744 wrote to memory of 2116	2744	Unicorn-43666.exe	Unicorn-28044.exe
PID 2744 wrote to memory of 2116	2744	Unicorn-43666.exe	Unicorn-28044.exe
PID 2744 wrote to memory of 2116	2744	Unicorn-43666.exe	Unicorn-28044.exe
PID 2744 wrote to memory of 2116	2744	Unicorn-43666.exe	Unicorn-28044.exe
PID 2184 wrote to memory of 2404	2184	Unicorn-10681.exe	Unicorn-23637.exe
PID 2184 wrote to memory of 2404	2184	Unicorn-10681.exe	Unicorn-23637.exe
PID 2184 wrote to memory of 2404	2184	Unicorn-10681.exe	Unicorn-23637.exe
PID 2184 wrote to memory of 2404	2184	Unicorn-10681.exe	Unicorn-23637.exe
PID 2184 wrote to memory of 1836	2184	Unicorn-10681.exe	WerFault.exe
PID 2184 wrote to memory of 1836	2184	Unicorn-10681.exe	WerFault.exe
PID 2184 wrote to memory of 1836	2184	Unicorn-10681.exe	WerFault.exe
PID 2184 wrote to memory of 1836	2184	Unicorn-10681.exe	WerFault.exe
PID 2308 wrote to memory of 1928	2308	Unicorn-30739.exe	WerFault.exe
PID 2308 wrote to memory of 1928	2308	Unicorn-30739.exe	WerFault.exe
PID 2308 wrote to memory of 1928	2308	Unicorn-30739.exe	WerFault.exe
PID 2308 wrote to memory of 1928	2308	Unicorn-30739.exe	WerFault.exe
PID 2516 wrote to memory of 2676	2516	Unicorn-22869.exe	Unicorn-34609.exe
PID 2516 wrote to memory of 2676	2516	Unicorn-22869.exe	Unicorn-34609.exe
PID 2516 wrote to memory of 2676	2516	Unicorn-22869.exe	Unicorn-34609.exe
PID 2516 wrote to memory of 2676	2516	Unicorn-22869.exe	Unicorn-34609.exe
PID 1712 wrote to memory of 640	1712	Unicorn-12200.exe	Unicorn-50286.exe
PID 1712 wrote to memory of 640	1712	Unicorn-12200.exe	Unicorn-50286.exe
PID 1712 wrote to memory of 640	1712	Unicorn-12200.exe	Unicorn-50286.exe
PID 1712 wrote to memory of 640	1712	Unicorn-12200.exe	Unicorn-50286.exe
PID 2404 wrote to memory of 3016	2404	Unicorn-23637.exe	Unicorn-208.exe
PID 2404 wrote to memory of 3016	2404	Unicorn-23637.exe	Unicorn-208.exe
PID 2404 wrote to memory of 3016	2404	Unicorn-23637.exe	Unicorn-208.exe
PID 2404 wrote to memory of 3016	2404	Unicorn-23637.exe	Unicorn-208.exe

C:\Users\Admin\AppData\Local\Temp\aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe
"C:\Users\Admin\AppData\Local\Temp\aa82afbbf261c094b00120686e08b57c3e82856f6b7cfae450b0dff679ba713e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
9⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
10⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
11⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
12⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
13⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
14⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
14⤵
PID:13476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 220
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
11⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
11⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
12⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
13⤵
PID:13772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
9⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
8⤵
- Program crash
PID:108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
7⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
8⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
9⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
10⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
12⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
13⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
13⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
12⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
11⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 236
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
8⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
10⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
12⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 216
13⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
12⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
10⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
11⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
12⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
9⤵
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
8⤵
- Program crash
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
11⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 236
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
11⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
12⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
8⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
6⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
9⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
10⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
11⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
13⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
13⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
12⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
11⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
12⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
13⤵
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
8⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
11⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
12⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
13⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
12⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
9⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
8⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
8⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
9⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-53240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53240.exe
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
12⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
13⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 236
13⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
11⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
12⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
10⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
10⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
11⤵
PID:11280

C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
12⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 236
11⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
10⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 220
7⤵
- Program crash
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
7⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
11⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
12⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
10⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
11⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 220
12⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
8⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34787.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
10⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 236
11⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
8⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
7⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
6⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
5⤵
- Program crash
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
9⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
10⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
11⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
12⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-22858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22858.exe
13⤵
PID:10608

C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
14⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
12⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
11⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
11⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
12⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
13⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 240
9⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
11⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
12⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
13⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 216
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
11⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
9⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
8⤵
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-64630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64630.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
11⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
12⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
13⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
11⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
9⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 216
8⤵
- Program crash
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
8⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
11⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
12⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
13⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 220
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
10⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
11⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
12⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
11⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
7⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-43207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43207.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
11⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
12⤵
PID:14216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 220
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
8⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
7⤵
- Program crash
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
6⤵
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
5⤵
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
11⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
12⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
13⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
13⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
11⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
12⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
12⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
7⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
10⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
11⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-35666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35666.exe
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
12⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 220
10⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
7⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
11⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
12⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
12⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
10⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
7⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
9⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
10⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
11⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
11⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
10⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
9⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
6⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
11⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
12⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
13⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
13⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
11⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
12⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 220
12⤵
PID:14060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 240
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
11⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
12⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
12⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
11⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
9⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
8⤵
- Program crash
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
7⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
11⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 216
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
10⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
9⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
10⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
11⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 220
11⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 220
9⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 240
8⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
7⤵
- Program crash
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
6⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
7⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
9⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
10⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
11⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
10⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
7⤵
- Program crash
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
6⤵
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
5⤵
- Program crash
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
9⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
12⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
13⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 236
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
12⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
11⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35434.exe
10⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
11⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 236
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
11⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
8⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
11⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
12⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
9⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
8⤵
- Program crash
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
10⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 220
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-40315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40315.exe
11⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
10⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
7⤵
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
8⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
11⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 236
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
11⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
10⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 216
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
10⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
11⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
12⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
12⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
11⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
10⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
8⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
9⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
10⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 236
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
10⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
8⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
7⤵
- Program crash
PID:1160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
6⤵
- Program crash
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
8⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
10⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
11⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
12⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
13⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
13⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
10⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
10⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
11⤵
PID:9764

C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 236
12⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 236
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
10⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
12⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
11⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 220
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
7⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
12⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
12⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 236
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
8⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
7⤵
- Program crash
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
7⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
11⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
12⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
13⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 216
12⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
10⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
10⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
11⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
11⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
10⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
9⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
7⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-604.exe
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
9⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
10⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
11⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 220
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 220
10⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
9⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
8⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 220
7⤵
- Program crash
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
6⤵
- Program crash
PID:384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
5⤵
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
8⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
11⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
12⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
13⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
13⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 216
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
10⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
11⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
12⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 220
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 220
8⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
7⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
11⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
12⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
10⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
9⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
8⤵
- Program crash
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
7⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
7⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
10⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
11⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
10⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
8⤵
- Program crash
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
7⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
10⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
11⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 216
11⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 220
10⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
9⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
8⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
7⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
6⤵
- Program crash
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
7⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
10⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
11⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
11⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
7⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
8⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
9⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
10⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
11⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
10⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
9⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
8⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
7⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
6⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
9⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
10⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
11⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
11⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
10⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
9⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
7⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
5⤵
- Program crash
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
8⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
10⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 220
11⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
10⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
9⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
10⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
11⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 236
12⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
9⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
8⤵
- Program crash
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
7⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
11⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
10⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
11⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
7⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
10⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
11⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 236
11⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
8⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 216
7⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
6⤵
- Program crash
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
7⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
11⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
12⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
13⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 236
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
11⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 216
12⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
11⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 220
10⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 240
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
10⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
11⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 204
12⤵
PID:14012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
11⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
9⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 220
8⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
7⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
9⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
10⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
11⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 220
11⤵
PID:13668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
10⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 236
9⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
8⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
7⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
6⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
8⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
9⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
10⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
11⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
11⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
10⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
9⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
8⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 236
7⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
6⤵
- Program crash
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
5⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
10⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
11⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 236
12⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
11⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
8⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
7⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
6⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
7⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
8⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-18826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18826.exe
9⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
10⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
11⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
9⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
8⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 216
7⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
6⤵
- Program crash
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
5⤵
- Executes dropped EXE
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
6⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
9⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
10⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
11⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
11⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
10⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
9⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
8⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
7⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-2743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2743.exe
6⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
7⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
8⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
9⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
10⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
10⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
9⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
8⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
7⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
6⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
5⤵
- Program crash
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
4⤵
- Program crash
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
2⤵
- Program crash
PID:2696

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
Filesize
184KB

MD5
26df2d13a46c4c05053c61ada2a3c4c2

SHA1
c5dd26618b4e862bad0ca2d27008154f3268ca65

SHA256
b902c90737e3ea8c2b73d1e44bc52b096ad46f27b867dd03ae4a643621d91785

SHA512
c0dc2bedbdc6b3439ea66720f1287dba0a5a480bf290aec3f9b96e1b5c2b1d66dc43eaf2ea13e2b1f345dc43f5a15b1ba00cf006635304e32a258108060fb601

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
Filesize
184KB

MD5
b5396e69c1850ed1072cf324221ab0fe

SHA1
25c84e4640f27ae5b21e1422a0cd7d4d7781b1bd

SHA256
7d45ed85fd76a101426632ffb559ce89e052761bed67a0d1267468d06565f8c0

SHA512
e64788acf63f29a8615386e4568edf3a4361c95d3a44b7e89faadc387b76d09a2103fee4996b5eb1af30f9cb46e2bee3f0253db0a357c5bfb53f0788c566174e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
Filesize
184KB

MD5
5a8d93a96958b61fb9f671ca5606dde9

SHA1
10310582a84cffc38e5bdd739da62a98ea20bc5a

SHA256
e42e410414036b3dfb18a9349b12ab2fa943a9b14b572544ea4476d4055e901b

SHA512
3cd1d5271cc517e73d9fdf44a5c05b2b27a911046d27329c13162f97d2f6337dbbafee4e194bb780dfb1cb0ab14fcf641f187b672dd7937f2afc9f59be1669ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
Filesize
184KB

MD5
00d4b495745ce938d5fca1bdfc33b041

SHA1
12a1050d8eb587fa819e3dc9f1516852d6565c75

SHA256
9a4fa7fc5ad5b09c8653bda4ef8d21688b372b4ed5dd0332585513644efca4e8

SHA512
fe12b6a6bf6b34c88b5ea0e23521e474508f7f8d29312e1da2ccf24a065529cfd043091be8e89b7d8c41b7794020418b74e043075612f37e821f4f136087f869

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
Filesize
184KB

MD5
62ec19a5d7533fdc4eeb0154cf323616

SHA1
e13472975da939cea43620a6827a1ce5ed0b9b47

SHA256
ee549b1c7ed31beb3b47ee22e8b066bc741773f7ca19f716f5a2b504bec9ea9d

SHA512
9e65ea8b2a1660abff904d5e90040f0d1b51307f470597165da3e5fbd30a399dd7a1bac179cadf15eeef2257b72a081dbae6c5b893b18ab77af639fd5ced5d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
Filesize
184KB

MD5
f528bb951da2ddc951684232317bb1a4

SHA1
036775484d2f579f4affcd920a8a1d886860a2ca

SHA256
bd5caa53817354955db0da16de494384e8fdb42933612b8c1dac05fa8b0c0ba8

SHA512
981e7c597a677e1efbaff2a3160976d16779b8f35f6055397e46bd73546a105f5e3960a8f66f4ab43eb226fae5b11e3886f40300c7aafaa968842b05abb61bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
Filesize
184KB

MD5
7cc507b5486b06df3df2e96226ef114e

SHA1
f85cf6609ebc72959b2164ebd11c08bc51c354a3

SHA256
ec88b0710a38758670a9581f048889559fe21f6d80ec81bdc2932fc12388461b

SHA512
403d0f472deaf21dea143b4b835b8ab33660bfdda366b8116045893c6b042fdc470b09a7d5f802e7161f394b87d5dbb1c427e3c87153fc87f58f14063543d454

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
Filesize
184KB

MD5
68bebbdb45e45263e6717b09860bb201

SHA1
5c8d42dd585fafbb90c3e2c59cf326ae6287af36

SHA256
d999bf54f13b78ea58436b1a52d183d4f36662c13e9cdf9af589d9f7f8b9d700

SHA512
102a0266b5581f7dd1472bd166033bcb65143ede0eda100431ef5d2870a48d4591eee31cf52ac59db90da404ba7bb4b23d1fe37bd1fe2e3e11abdaace4088a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
Filesize
184KB

MD5
9e141a9789926498317f8df42925a919

SHA1
1cf897287f3ac286e09191447cf97d5b8e517c17

SHA256
78fa1d7e54485410aa9cb5fe078bb4be7b93916c318c577b92dd62ee7a14c72f

SHA512
e3da79befb54ebb188407cc9035de56eb7deec7b6bf09379db8b1150523c1a740cede89d3b19c916c5ca9da965fb74fb52d6cd77e9d44c2f99e88922a81bdfd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
Filesize
184KB

MD5
4825a700253d64174b854efa9aa7c22b

SHA1
8e1053a62568344205dd4d39d42a86a58367cbe4

SHA256
eb6bffccdc81a403115f8f08f49b1691a6cba190459c482ad053604b1710c802

SHA512
985f5d2aff8127736fcf78a5070218a2d0ae630a82ecbc10d9b7917f592318a265b6afa7cbce330045e3640b1dea96624a8447899991e7e44a36410a116cdcfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
Filesize
184KB

MD5
8741f6952f206c4c20110b415e09b12e

SHA1
fe2e4ebca34f6ce4d3af881c97c538efe82410b5

SHA256
b4e25a595a1dbac7762aa3ee30e932f6a192193f476532fa0510c8ba4f3e020a

SHA512
c475de038d14027d60f6c8fc8a6bfff171e67fd0b18bf5967526c612c7c1431d053115151938be7905e28321f417c9c6b9839c99475862b55560fab7af26fd9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
Filesize
184KB

MD5
da284de67582d3afffc4551bd29747c2

SHA1
fbc787f9c9bb0f02ebb510da5bcc0738896338a9

SHA256
ffee8a3d27c111bd30192fd1f58fbc8f66ed24f8d7c2fe598ace9fa63d694f36

SHA512
f8b0efdbc6cbf502c954cb27331bd32e3dd0c0d066bbde1ce88b432ab83f54fe4acdee909c063e384c1297fad950aabd8e1ceb1b083dae31b2ccfeb61e2b41c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
Filesize
184KB

MD5
d689389c518ad5b736106406d2bc42e4

SHA1
f90b24702917e2223933d2f24bb9dcadbebbffc0

SHA256
b564df484a7bc6cb73a45ab9994451daa5ea3eafb8a97a06abc1b86dba1900ca

SHA512
441821bb792de88a0d1688f84436a245d8103649500936b1a48bf2f2235d904cf681410edf37f2a878c0a4fc9f56ee59542a5fcdd5634facb8cb62ede8872594

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
Filesize
184KB

MD5
457f0fad7854057f6eafff2627344116

SHA1
17eb0bcbc42e29617c983ef2a7d2ff253986b38d

SHA256
23185adaebf60c20d2550fada4e2edd6fc9b77e3af8e0735ad9c90c7af637f78

SHA512
9fd94a6090e0715a3819112eeec707e4821c8bb23141ad785a6158ea06794d1f26cf103d651d1310981814f903a11bc4523e908154a3814bae5f3c09fb3ee2cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
Filesize
184KB

MD5
e2b036e2e16bee23c680d897a248f931

SHA1
4d5268caf89f6837f8bb57f9ab4d2dac447cb62e

SHA256
97bcb9c5fbb0b06202c2082b6a20e26c4b9fb5d059e089f9efa21fdff46c193d

SHA512
4a8f4fae51d7e0e9e62899c6da67d7ab228aacda81f5e6a2cab73317ecbfc01606430950ab1b4995ee5b3dac28329312d6997044d64d4c8812431cb7590259e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
Filesize
184KB

MD5
6762bbb12658702d8b8fba9c358a3007

SHA1
5a49d0b0e51ae389c53ee8b4d54466501bbb448f

SHA256
cdebebbb1f66c96d7e5ee9e9e1d2161e7a0ccf31f04978696b45896295c1b9fe

SHA512
ac6ebd197e4d663c43a45a16c231b287a97ae0851f34fcbcf71f499e80b4fa2f9082956846ec0e819cc7e8d05c119a305b2ee3ade695e7b8ff13715e05ec696d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
Filesize
184KB

MD5
09281f2e8f2fe20467725d23a7f5d275

SHA1
081cbb4e6baafd0bd4c671a060e501a9e1a55e0b

SHA256
c320950e5dcf0986784b5c4524c8bada9cd48ec02d79719bf315ffebce71693c

SHA512
b81bf1ac76562912f39280f30318ed00ecc1011b4f3c97f51d47236264d147ad67f16922600a196ff550cdced8d6b40608020dad680cd6eb6e4147d09bc6bf4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
Filesize
184KB

MD5
27e4519767a9632a61a9974916f6f89e

SHA1
e43cdc6986a10d2ff1cf8e3f4a9d06e97ea7726d

SHA256
8999e598bf17df39c6a7850fdd212ac58f09728b54c6a5b53e51f250ab23c31d

SHA512
8089778fe1bb47d06ee1466a30c27c082717d112625f0ff56a7a419cf5012fe40233c25eac57836249954c4f5ccc02dc9aa2c1dd8bb82b3e33f23c4363017fbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
Filesize
184KB

MD5
3295bbaa60d2dd4df06b51369aa986cc

SHA1
6c72d33d81ea5b9c9903b646a615758f231bfa3f

SHA256
7018a6b5d43d5f34d09c71f0154c6fb4f0f3f24306c11d4159454106eec23e92

SHA512
84b8eb8d5d1629d74eb05082cd4d448980ddb41fd531fea09781da86c9a105b44356d098bbe2148c757b1d538e2f1054fc692d8a56680618b25c62c67ae2690f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
Filesize
184KB

MD5
ad02ec10d9d653cac1a4118076a8cab4

SHA1
1dd1733266e2c87bf8503b520566da06a4ff4899

SHA256
60779db79f8dc2298a76ad5dc6b3482a0b7e5d8be3a8dc66da2543daf9caca8f

SHA512
17101e0c5441a1294b819d791f0ded1b8c79bec0c4b377fb6b546005df67514b6ed858737bb7f99b93db9519216da26f76942853bc297cc133a86a8d9d77d136

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
Filesize
184KB

MD5
988ad13164b7bb7fcef83f3eebc9a92a

SHA1
7b4c0543c6c15c08510641151767c48c3a7c2ede

SHA256
88fc575df23f8ac391e325e0da3ea872b1475eb920ee1a84c4f260025640b9ea

SHA512
b23f092f89f55bb0240e4511f520574134d4b6fc62089356454f1853380909a8834deef74f7792f46a9a068861aa5cce50f63764f6a5abe2a59c750888638a6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
Filesize
184KB

MD5
f91cbde2f666db5f707d14f12c2c8466

SHA1
2e0103822b8548c8187bd9ae106c1a25ea8ee535

SHA256
2b0e0b72164f0e1b64d35b9df5b60e2af61e8e98a9be3f38a69302fe2631430f

SHA512
407e1d669f4cd67c18bf8b2e39d4a3aa43e289e5ec0a6f73bf2d58d96e15cd02b3442928891b4c4b19100034944f07054144eec6a17fd8b0f70f0cd1e11340be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads