aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
Size

184KB
MD5

94afdcbdffcdcc6cab5f13db6e8b6730
SHA1

7c803ff413f5c737959bd5933e75b76203878e2c
SHA256

aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe
SHA512

5d840b415ba3337b75fe56b7d384e34f306dd943d838541a614516de4a9a14255fbe00dccd8579126bbcf1b50443da812a9742379bbf42d2b0e31521747009c2
SSDEEP

3072:wBNdEgM+vpaudRhYeaqxn6mYCYox6ox39TY+5qbUYZhlnPOFr:wBLMfqRhtt6mYGtY/hlnPOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-51441.exeUnicorn-16141.exeUnicorn-7266.exeUnicorn-37371.exeUnicorn-6452.exeUnicorn-4568.exeUnicorn-31217.exeUnicorn-22726.exeUnicorn-31025.exeUnicorn-55783.exeUnicorn-10111.exeUnicorn-19487.exeUnicorn-64966.exeUnicorn-30774.exeUnicorn-43903.exeUnicorn-8770.exeUnicorn-61692.exeUnicorn-39669.exeUnicorn-19803.exeUnicorn-50660.exeUnicorn-37592.exeUnicorn-7764.exeUnicorn-38168.exeUnicorn-22674.exeUnicorn-18267.exeUnicorn-22482.exeUnicorn-16513.exeUnicorn-36379.exeUnicorn-27555.exeUnicorn-45344.exeUnicorn-41321.exeUnicorn-60995.exeUnicorn-8457.exeUnicorn-28323.exeUnicorn-10943.exeUnicorn-33009.exeUnicorn-45816.exeUnicorn-3792.exeUnicorn-47648.exeUnicorn-36849.exeUnicorn-16983.exeUnicorn-28358.exeUnicorn-36657.exeUnicorn-49656.exeUnicorn-15744.exeUnicorn-55225.exeUnicorn-52573.exeUnicorn-7477.exeUnicorn-40342.exeUnicorn-44182.exeUnicorn-43990.exeUnicorn-35717.exeUnicorn-20066.exeUnicorn-39932.exeUnicorn-55453.exeUnicorn-41276.exeUnicorn-41276.exeUnicorn-54083.exeUnicorn-32252.exeUnicorn-27845.exeUnicorn-47711.exeUnicorn-155.exeUnicorn-65500.exeUnicorn-15807.exe

pid	process
1716	Unicorn-51441.exe
3028	Unicorn-16141.exe
2604	Unicorn-7266.exe
3048	Unicorn-37371.exe
2692	Unicorn-6452.exe
2668	Unicorn-4568.exe
1648	Unicorn-31217.exe
2484	Unicorn-22726.exe
2684	Unicorn-31025.exe
1968	Unicorn-55783.exe
2228	Unicorn-10111.exe
2592	Unicorn-19487.exe
1404	Unicorn-64966.exe
1720	Unicorn-30774.exe
1908	Unicorn-43903.exe
2000	Unicorn-8770.exe
536	Unicorn-61692.exe
1356	Unicorn-39669.exe
1760	Unicorn-19803.exe
2364	Unicorn-50660.exe
1552	Unicorn-37592.exe
1380	Unicorn-7764.exe
804	Unicorn-38168.exe
1808	Unicorn-22674.exe
676	Unicorn-18267.exe
2204	Unicorn-22482.exe
1440	Unicorn-16513.exe
2252	Unicorn-36379.exe
2396	Unicorn-27555.exe
2256	Unicorn-45344.exe
2636	Unicorn-41321.exe
2716	Unicorn-60995.exe
2612	Unicorn-8457.exe
2656	Unicorn-28323.exe
2500	Unicorn-10943.exe
2516	Unicorn-33009.exe
2992	Unicorn-45816.exe
2740	Unicorn-3792.exe
2748	Unicorn-47648.exe
1676	Unicorn-36849.exe
2972	Unicorn-16983.exe
304	Unicorn-28358.exe
1612	Unicorn-36657.exe
1644	Unicorn-49656.exe
1796	Unicorn-15744.exe
1496	Unicorn-55225.exe
1624	Unicorn-52573.exe
876	Unicorn-7477.exe
2136	Unicorn-40342.exe
284	Unicorn-44182.exe
936	Unicorn-43990.exe
1460	Unicorn-35717.exe
772	Unicorn-20066.exe
2044	Unicorn-39932.exe
1500	Unicorn-55453.exe
1620	Unicorn-41276.exe
2248	Unicorn-41276.exe
2976	Unicorn-54083.exe
2708	Unicorn-32252.exe
2504	Unicorn-27845.exe
2792	Unicorn-47711.exe
2544	Unicorn-155.exe
1764	Unicorn-65500.exe
2732	Unicorn-15807.exe

Loads dropped DLL 64 IoCs

Processes:

aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exeUnicorn-51441.exeUnicorn-7266.exeUnicorn-16141.exeWerFault.exeUnicorn-6452.exeUnicorn-4568.exeUnicorn-37371.exeWerFault.exeWerFault.exeUnicorn-31217.exeUnicorn-31025.exeUnicorn-22726.exeUnicorn-55783.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
1716	Unicorn-51441.exe
1716	Unicorn-51441.exe
1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
2604	Unicorn-7266.exe
2604	Unicorn-7266.exe
3028	Unicorn-16141.exe
3028	Unicorn-16141.exe
1716	Unicorn-51441.exe
1716	Unicorn-51441.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2692	Unicorn-6452.exe
2692	Unicorn-6452.exe
3028	Unicorn-16141.exe
3028	Unicorn-16141.exe
2668	Unicorn-4568.exe
2668	Unicorn-4568.exe
2604	Unicorn-7266.exe
3048	Unicorn-37371.exe
2604	Unicorn-7266.exe
3048	Unicorn-37371.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
1648	Unicorn-31217.exe
1648	Unicorn-31217.exe
2692	Unicorn-6452.exe
2692	Unicorn-6452.exe
2684	Unicorn-31025.exe
2684	Unicorn-31025.exe
2484	Unicorn-22726.exe
2484	Unicorn-22726.exe
3048	Unicorn-37371.exe
3048	Unicorn-37371.exe
1968	Unicorn-55783.exe
1968	Unicorn-55783.exe
380	WerFault.exe
380	WerFault.exe
380	WerFault.exe
380	WerFault.exe
380	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2876	1996	WerFault.exe	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
2948	1716	WerFault.exe	Unicorn-51441.exe
1736	2604	WerFault.exe	Unicorn-7266.exe
2472	3028	WerFault.exe	Unicorn-16141.exe
380	2692	WerFault.exe	Unicorn-6452.exe
1472	2668	WerFault.exe	Unicorn-4568.exe
288	3048	WerFault.exe	Unicorn-37371.exe
2140	1648	WerFault.exe	Unicorn-31217.exe
2068	2684	WerFault.exe	Unicorn-31025.exe
2936	2228	WerFault.exe	Unicorn-10111.exe
1704	2484	WerFault.exe	Unicorn-22726.exe
1740	1968	WerFault.exe	Unicorn-55783.exe
2012	2592	WerFault.exe	Unicorn-19487.exe
1292	1404	WerFault.exe	Unicorn-64966.exe
2380	1720	WerFault.exe	Unicorn-30774.exe
1316	1908	WerFault.exe	Unicorn-43903.exe
2848	2000	WerFault.exe	Unicorn-8770.exe
1184	536	WerFault.exe	Unicorn-61692.exe
1036	2636	WerFault.exe	Unicorn-41321.exe
1100	1760	WerFault.exe	Unicorn-19803.exe
2456	1356	WerFault.exe	Unicorn-39669.exe
1072	2364	WerFault.exe	Unicorn-50660.exe
2324	1552	WerFault.exe	Unicorn-37592.exe
1536	804	WerFault.exe	Unicorn-38168.exe
1328	1380	WerFault.exe	Unicorn-7764.exe
1344	2204	WerFault.exe	Unicorn-22482.exe
2336	676	WerFault.exe	Unicorn-18267.exe
2440	1808	WerFault.exe	Unicorn-22674.exe
1588	2252	WerFault.exe	Unicorn-36379.exe
2696	1440	WerFault.exe	Unicorn-16513.exe
2632	876	WerFault.exe	Unicorn-7477.exe
1940	2544	WerFault.exe	Unicorn-155.exe
1468	1764	WerFault.exe	Unicorn-65500.exe
2372	2396	WerFault.exe	Unicorn-27555.exe
3020	2612	WerFault.exe	Unicorn-8457.exe
2520	2716	WerFault.exe	Unicorn-60995.exe
2760	2656	WerFault.exe	Unicorn-28323.exe
896	2256	WerFault.exe	Unicorn-45344.exe
3120	2500	WerFault.exe	Unicorn-10943.exe
3144	1796	WerFault.exe	Unicorn-15744.exe
3168	1676	WerFault.exe	Unicorn-36849.exe
3176	2992	WerFault.exe	Unicorn-45816.exe
3192	304	WerFault.exe	Unicorn-28358.exe
3224	2516	WerFault.exe	Unicorn-33009.exe
3264	2740	WerFault.exe	Unicorn-3792.exe
3536	1644	WerFault.exe	Unicorn-49656.exe
3648	2972	WerFault.exe	Unicorn-16983.exe
3820	1612	WerFault.exe	Unicorn-36657.exe
3844	2748	WerFault.exe	Unicorn-47648.exe
3624	1496	WerFault.exe	Unicorn-55225.exe
3216	284	WerFault.exe	Unicorn-44182.exe
3752	3308	WerFault.exe	Unicorn-65213.exe
3864	1620	WerFault.exe	Unicorn-41276.exe
3924	468	WerFault.exe	Unicorn-33020.exe
3992	2468	WerFault.exe	Unicorn-33596.exe
3996	2968	WerFault.exe	Unicorn-2163.exe
840	2136	WerFault.exe	Unicorn-40342.exe
3088	936	WerFault.exe	Unicorn-43990.exe
3804	2792	WerFault.exe	Unicorn-47711.exe
3920	3316	WerFault.exe	Unicorn-65213.exe
3620	2008	WerFault.exe	Unicorn-64452.exe
3744	684	WerFault.exe	Unicorn-60612.exe
3816	1624	WerFault.exe	Unicorn-52573.exe
3600	772	WerFault.exe	Unicorn-20066.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exeUnicorn-51441.exeUnicorn-7266.exeUnicorn-16141.exeUnicorn-37371.exeUnicorn-6452.exeUnicorn-4568.exeUnicorn-31217.exeUnicorn-10111.exeUnicorn-22726.exeUnicorn-55783.exeUnicorn-31025.exeUnicorn-19487.exeUnicorn-64966.exeUnicorn-30774.exeUnicorn-43903.exeUnicorn-8770.exeUnicorn-61692.exeUnicorn-39669.exeUnicorn-19803.exeUnicorn-50660.exeUnicorn-37592.exeUnicorn-7764.exeUnicorn-38168.exeUnicorn-22674.exeUnicorn-22482.exeUnicorn-18267.exeUnicorn-36379.exeUnicorn-16513.exeUnicorn-27555.exeUnicorn-41321.exeUnicorn-45344.exeUnicorn-8457.exeUnicorn-60995.exeUnicorn-28323.exeUnicorn-10943.exeUnicorn-33009.exeUnicorn-45816.exeUnicorn-3792.exeUnicorn-47648.exeUnicorn-36849.exeUnicorn-16983.exeUnicorn-28358.exeUnicorn-36657.exeUnicorn-49656.exeUnicorn-15744.exeUnicorn-55225.exeUnicorn-52573.exeUnicorn-7477.exeUnicorn-40342.exeUnicorn-44182.exeUnicorn-43990.exeUnicorn-35717.exeUnicorn-39932.exeUnicorn-20066.exeUnicorn-55453.exeUnicorn-41276.exeUnicorn-41276.exeUnicorn-54083.exeUnicorn-47711.exeUnicorn-32252.exeUnicorn-155.exeUnicorn-27845.exeUnicorn-2163.exe

pid	process
1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
1716	Unicorn-51441.exe
2604	Unicorn-7266.exe
3028	Unicorn-16141.exe
3048	Unicorn-37371.exe
2692	Unicorn-6452.exe
2668	Unicorn-4568.exe
1648	Unicorn-31217.exe
2228	Unicorn-10111.exe
2484	Unicorn-22726.exe
1968	Unicorn-55783.exe
2684	Unicorn-31025.exe
2592	Unicorn-19487.exe
1404	Unicorn-64966.exe
1720	Unicorn-30774.exe
1908	Unicorn-43903.exe
2000	Unicorn-8770.exe
536	Unicorn-61692.exe
1356	Unicorn-39669.exe
1760	Unicorn-19803.exe
2364	Unicorn-50660.exe
1552	Unicorn-37592.exe
1380	Unicorn-7764.exe
804	Unicorn-38168.exe
1808	Unicorn-22674.exe
2204	Unicorn-22482.exe
676	Unicorn-18267.exe
2252	Unicorn-36379.exe
1440	Unicorn-16513.exe
2396	Unicorn-27555.exe
2636	Unicorn-41321.exe
2256	Unicorn-45344.exe
2612	Unicorn-8457.exe
2716	Unicorn-60995.exe
2656	Unicorn-28323.exe
2500	Unicorn-10943.exe
2516	Unicorn-33009.exe
2992	Unicorn-45816.exe
2740	Unicorn-3792.exe
2748	Unicorn-47648.exe
1676	Unicorn-36849.exe
2972	Unicorn-16983.exe
304	Unicorn-28358.exe
1612	Unicorn-36657.exe
1644	Unicorn-49656.exe
1796	Unicorn-15744.exe
1496	Unicorn-55225.exe
1624	Unicorn-52573.exe
876	Unicorn-7477.exe
2136	Unicorn-40342.exe
284	Unicorn-44182.exe
936	Unicorn-43990.exe
1460	Unicorn-35717.exe
2044	Unicorn-39932.exe
772	Unicorn-20066.exe
1500	Unicorn-55453.exe
2248	Unicorn-41276.exe
1620	Unicorn-41276.exe
2976	Unicorn-54083.exe
2792	Unicorn-47711.exe
2708	Unicorn-32252.exe
2544	Unicorn-155.exe
2504	Unicorn-27845.exe
2968	Unicorn-2163.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exeUnicorn-51441.exeUnicorn-7266.exeUnicorn-16141.exeUnicorn-6452.exeUnicorn-4568.exeUnicorn-37371.exeUnicorn-31217.exe

description	pid	process	target process
PID 1996 wrote to memory of 1716	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-51441.exe
PID 1996 wrote to memory of 1716	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-51441.exe
PID 1996 wrote to memory of 1716	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-51441.exe
PID 1996 wrote to memory of 1716	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-51441.exe
PID 1716 wrote to memory of 3028	1716	Unicorn-51441.exe	Unicorn-16141.exe
PID 1716 wrote to memory of 3028	1716	Unicorn-51441.exe	Unicorn-16141.exe
PID 1716 wrote to memory of 3028	1716	Unicorn-51441.exe	Unicorn-16141.exe
PID 1716 wrote to memory of 3028	1716	Unicorn-51441.exe	Unicorn-16141.exe
PID 1996 wrote to memory of 2604	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-7266.exe
PID 1996 wrote to memory of 2604	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-7266.exe
PID 1996 wrote to memory of 2604	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-7266.exe
PID 1996 wrote to memory of 2604	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	Unicorn-7266.exe
PID 1996 wrote to memory of 2876	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	WerFault.exe
PID 1996 wrote to memory of 2876	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	WerFault.exe
PID 1996 wrote to memory of 2876	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	WerFault.exe
PID 1996 wrote to memory of 2876	1996	aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe	WerFault.exe
PID 2604 wrote to memory of 3048	2604	Unicorn-7266.exe	Unicorn-37371.exe
PID 2604 wrote to memory of 3048	2604	Unicorn-7266.exe	Unicorn-37371.exe
PID 2604 wrote to memory of 3048	2604	Unicorn-7266.exe	Unicorn-37371.exe
PID 2604 wrote to memory of 3048	2604	Unicorn-7266.exe	Unicorn-37371.exe
PID 3028 wrote to memory of 2692	3028	Unicorn-16141.exe	Unicorn-6452.exe
PID 3028 wrote to memory of 2692	3028	Unicorn-16141.exe	Unicorn-6452.exe
PID 3028 wrote to memory of 2692	3028	Unicorn-16141.exe	Unicorn-6452.exe
PID 3028 wrote to memory of 2692	3028	Unicorn-16141.exe	Unicorn-6452.exe
PID 1716 wrote to memory of 2668	1716	Unicorn-51441.exe	Unicorn-4568.exe
PID 1716 wrote to memory of 2668	1716	Unicorn-51441.exe	Unicorn-4568.exe
PID 1716 wrote to memory of 2668	1716	Unicorn-51441.exe	Unicorn-4568.exe
PID 1716 wrote to memory of 2668	1716	Unicorn-51441.exe	Unicorn-4568.exe
PID 1716 wrote to memory of 2948	1716	Unicorn-51441.exe	WerFault.exe
PID 1716 wrote to memory of 2948	1716	Unicorn-51441.exe	WerFault.exe
PID 1716 wrote to memory of 2948	1716	Unicorn-51441.exe	WerFault.exe
PID 1716 wrote to memory of 2948	1716	Unicorn-51441.exe	WerFault.exe
PID 2692 wrote to memory of 1648	2692	Unicorn-6452.exe	Unicorn-31217.exe
PID 2692 wrote to memory of 1648	2692	Unicorn-6452.exe	Unicorn-31217.exe
PID 2692 wrote to memory of 1648	2692	Unicorn-6452.exe	Unicorn-31217.exe
PID 2692 wrote to memory of 1648	2692	Unicorn-6452.exe	Unicorn-31217.exe
PID 3028 wrote to memory of 2484	3028	Unicorn-16141.exe	Unicorn-22726.exe
PID 3028 wrote to memory of 2484	3028	Unicorn-16141.exe	Unicorn-22726.exe
PID 3028 wrote to memory of 2484	3028	Unicorn-16141.exe	Unicorn-22726.exe
PID 3028 wrote to memory of 2484	3028	Unicorn-16141.exe	Unicorn-22726.exe
PID 2668 wrote to memory of 2684	2668	Unicorn-4568.exe	Unicorn-31025.exe
PID 2668 wrote to memory of 2684	2668	Unicorn-4568.exe	Unicorn-31025.exe
PID 2668 wrote to memory of 2684	2668	Unicorn-4568.exe	Unicorn-31025.exe
PID 2668 wrote to memory of 2684	2668	Unicorn-4568.exe	Unicorn-31025.exe
PID 2604 wrote to memory of 1968	2604	Unicorn-7266.exe	Unicorn-55783.exe
PID 2604 wrote to memory of 1968	2604	Unicorn-7266.exe	Unicorn-55783.exe
PID 2604 wrote to memory of 1968	2604	Unicorn-7266.exe	Unicorn-55783.exe
PID 2604 wrote to memory of 1968	2604	Unicorn-7266.exe	Unicorn-55783.exe
PID 3048 wrote to memory of 2228	3048	Unicorn-37371.exe	Unicorn-10111.exe
PID 3048 wrote to memory of 2228	3048	Unicorn-37371.exe	Unicorn-10111.exe
PID 3048 wrote to memory of 2228	3048	Unicorn-37371.exe	Unicorn-10111.exe
PID 3048 wrote to memory of 2228	3048	Unicorn-37371.exe	Unicorn-10111.exe
PID 2604 wrote to memory of 1736	2604	Unicorn-7266.exe	WerFault.exe
PID 2604 wrote to memory of 1736	2604	Unicorn-7266.exe	WerFault.exe
PID 2604 wrote to memory of 1736	2604	Unicorn-7266.exe	WerFault.exe
PID 2604 wrote to memory of 1736	2604	Unicorn-7266.exe	WerFault.exe
PID 3028 wrote to memory of 2472	3028	Unicorn-16141.exe	WerFault.exe
PID 3028 wrote to memory of 2472	3028	Unicorn-16141.exe	WerFault.exe
PID 3028 wrote to memory of 2472	3028	Unicorn-16141.exe	WerFault.exe
PID 3028 wrote to memory of 2472	3028	Unicorn-16141.exe	WerFault.exe
PID 1648 wrote to memory of 2592	1648	Unicorn-31217.exe	Unicorn-19487.exe
PID 1648 wrote to memory of 2592	1648	Unicorn-31217.exe	Unicorn-19487.exe
PID 1648 wrote to memory of 2592	1648	Unicorn-31217.exe	Unicorn-19487.exe
PID 1648 wrote to memory of 2592	1648	Unicorn-31217.exe	Unicorn-19487.exe

C:\Users\Admin\AppData\Local\Temp\aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe
"C:\Users\Admin\AppData\Local\Temp\aab100034d3443f77fbabe1902a2927248f483c7d5602ece2c600b5a3001e8fe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
10⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
11⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
12⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
13⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-34984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34984.exe
14⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
15⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
15⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
14⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
13⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
12⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
11⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
10⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
11⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
12⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
13⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
14⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
15⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
14⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
13⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
11⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
9⤵
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
10⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
12⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
13⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
14⤵
PID:11488

C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
15⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
14⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
13⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
11⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 236
10⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
9⤵
- Program crash
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
9⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
11⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
12⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
13⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
14⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
15⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
14⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
13⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
12⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
11⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
10⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
12⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
13⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
14⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 220
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
12⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
8⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
9⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
10⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
11⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
12⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
13⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
14⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
14⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
13⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 236
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
11⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
10⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
9⤵
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
8⤵
- Program crash
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
9⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
10⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
11⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
12⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
13⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
14⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
14⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
13⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
12⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 236
11⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
10⤵
- Program crash
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
9⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
8⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
11⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
12⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
13⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
12⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
10⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
9⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
8⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
8⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
9⤵
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 200
10⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
11⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 236
10⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
7⤵
- Program crash
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
10⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
11⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
13⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
14⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
13⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
12⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
11⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 216
9⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
11⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
12⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
13⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
14⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 220
13⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
12⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
10⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
9⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
8⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
10⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-50186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50186.exe
11⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
12⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
13⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
13⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
9⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
11⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
12⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
12⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
8⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
7⤵
- Program crash
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-50157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50157.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
12⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
13⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
14⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
13⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
11⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
10⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
11⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
12⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
13⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
12⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
11⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
11⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
12⤵
PID:11932

C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
13⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
8⤵
- Program crash
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
11⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 220
12⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
11⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
8⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
7⤵
- Program crash
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
6⤵
- Program crash
PID:1292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
9⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
11⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
12⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
13⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
14⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 236
14⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
13⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
12⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
11⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
11⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
12⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
13⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
12⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
11⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
8⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
11⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
12⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
13⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
13⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
12⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
9⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
8⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
10⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
11⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
12⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
13⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
14⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
12⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
11⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
10⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
11⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 240
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
11⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
8⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
8⤵
- Program crash
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
7⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
6⤵
- Program crash
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
7⤵
- Executes dropped EXE
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
8⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
11⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
12⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
13⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
13⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
12⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
10⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-6006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6006.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
10⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
11⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
12⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
13⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
12⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
11⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
10⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 220
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
7⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
10⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
12⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
11⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
8⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
7⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
7⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
9⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
11⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
12⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
13⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
10⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
8⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
7⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
6⤵
- Program crash
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
5⤵
- Program crash
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
8⤵
- Executes dropped EXE
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
9⤵
- Program crash
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
8⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
11⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
12⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
13⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
12⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 220
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
9⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
8⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
7⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
8⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
11⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
12⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
13⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 236
13⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
12⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 236
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 220
10⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
10⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
11⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 204
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
11⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
10⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 220
9⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
8⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
7⤵
- Program crash
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
10⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
11⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-50459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50459.exe
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 236
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
8⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
7⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
6⤵
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
11⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
12⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 236
12⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
10⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
9⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
8⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
7⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
10⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
11⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
12⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
11⤵
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
7⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
12⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
13⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
10⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
8⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
9⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
10⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
10⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
8⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
6⤵
- Program crash
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
5⤵
- Program crash
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
9⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 200
10⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
11⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
12⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
13⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
8⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
7⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
9⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 188
10⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
8⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
7⤵
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
7⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
10⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
11⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
11⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
9⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
8⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
7⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
8⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
9⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
11⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 220
11⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
10⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
9⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
8⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
7⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
6⤵
- Program crash
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
5⤵
- Program crash
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
7⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
11⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
12⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
13⤵
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 220
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
12⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
9⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 220
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 220
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
7⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
9⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-45323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45323.exe
10⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
11⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 220
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
8⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 220
7⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
6⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
7⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
10⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
11⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
12⤵
PID:12260

C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
12⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
10⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
7⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
10⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
9⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
8⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
7⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
6⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
7⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
10⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
11⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
10⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
7⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
9⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
10⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
11⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 220
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
10⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
8⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
7⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
6⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
9⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
11⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 236
11⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
10⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
8⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
7⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
6⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
5⤵
- Program crash
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
8⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
10⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
12⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
13⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
12⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 236
11⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
8⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
7⤵
PID:1188

C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
11⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
12⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 236
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
8⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
7⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-35027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35027.exe
6⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
7⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
11⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
11⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
7⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
9⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
10⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 220
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
10⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
8⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
7⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
6⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
7⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
10⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-42434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42434.exe
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 236
11⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
10⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
8⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 236
7⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
6⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
7⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
8⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
9⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
10⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
11⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
10⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
9⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 220
8⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
7⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
6⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
5⤵
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-17368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17368.exe
6⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
7⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9934.exe
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
10⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
11⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
10⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 236
9⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
8⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
7⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
6⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
5⤵
- Program crash
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
4⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
2⤵
- Program crash
PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe

Filesize
184KB

MD5
8eef013df78074e8433264bfe0cd5af3

SHA1
8091472bb7664344d173e05e1170d8be6150665f

SHA256
b14f8e8d12bf3453ce31eb2756d20f83f29845e7d4a4ae2f38be0ee723db5b9c

SHA512
678128413b64f1c9a8e2e6fbbff9b61d7d7190c20dbbdb6c420d8fbf46a606c9e82e258f7fc371228b984e7e9cb69813ede5a5a49b11e220e3a1fc8982899a5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe

Filesize
184KB

MD5
beedeadebf611bb73488e8f2f881fa26

SHA1
483ae90e137d2ddb54351be813a94344eb33c28c

SHA256
c1ffd12b97c1574c387b41483d2046e1c339d20fce876f96bf38a41271e8c571

SHA512
33f6a2b2057cad0bb74c03936e1ed7d4914c2923873b5252fd9433307ea200359e85338b5313b6bfd5a3d90b368504d4612a09aaa1819d3bbbcdb495be4fb1a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe

Filesize
184KB

MD5
82e6be5f2863011f3fe1d82ae1074bac

SHA1
a00a02f4b5dbc6e44ce95490b189fe6873138a82

SHA256
34e30c22954c17a027b493d3ab15b5166124ad4b88c5375347e0de4a45ab71cb

SHA512
402f778fd22a9af227e11eb74b7c036e98ffdea4050f45f220ffa36ddd17394d2af9df535a85c431a4122a8d3e3529e3dbd431c0c3ac420941c779cb43430e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe

Filesize
184KB

MD5
4f0ca63e2ed67f046144fc45735629de

SHA1
55631f8ca314a17ebdac9e03a67c7b2dd2188056

SHA256
25b38140f6635c2d71f49b8f8716277ac8519b38ffb79e694e51dbfbddc40c7d

SHA512
184d23a4eca3949d18620f9d02b240864785d39af3e0bdf3e91aa3c6338c6afcefcdf8b73ba2b935dc771e5ba00303f63fbb807409e45299bb7e805205bdb68f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe

Filesize
184KB

MD5
d96451402a551be0a3906f680dd92b5e

SHA1
09c480715bd48349d62af1770c8e261c5f4af6ea

SHA256
e8b2c0ba14dac98b79d8a010fee31159884bc05778ac1b74aecf3ae27c89346f

SHA512
d6372288c67d5eb1de753f5a908ae96db6868fffa318e54c679006fb3e93c191f6b7ba84359ea41731fe4fafcc58566738631ee1f4d6b66bbd5c5c112ca6d867

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe

Filesize
184KB

MD5
800d688bb3ea95fa4b08c013eefef8e7

SHA1
ca95b85929e74d015ff396360b2dee657bb8848b

SHA256
95eabfe105dc7dcf4b8e62c32c52db14847adc9da814eaad3c243359706dc1ea

SHA512
547fafd02cb2678bcba686f8ece0619dcc4cd0894652bf7007122867be16994dc389a11c1698bfd014b4a19f50d7356c74227032fe9f015ed7473047b1abc125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe

Filesize
184KB

MD5
9d50c5ceaed179cdff95362d4e74126a

SHA1
32c8df656688ec75b542ef008ab8f313a493b5e8

SHA256
23c1165f51b5419c3123c02dec147e793578bdd184fcd88416813bc59ee9c835

SHA512
0b6fcf0267396762b40e367e3d7ffeb5a394b919f35eb037869f64e628bc37d75d9b96a04ac8a91e6a3825dda7f3d54325d92b62fe821b3b834e13b3492ba690

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe

Filesize
184KB

MD5
499e212948668ee1bddb8986b1dd9d11

SHA1
f3e858ecad9f2cb9fda12466d1ea7022812b954d

SHA256
1e27973ade231229b02140c6313dc46a12807ec32caeb76f52febb76911b326e

SHA512
8c33d7da8cbb44bd13c92884e31ec661ae109dc7bfa79ddf127873233d9fb70063504e83d09cf22fd714180d1d897f64fe193c21f4f62feaa096769894eae2c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe

Filesize
184KB

MD5
55e42080a533b71a910fc01a67f31748

SHA1
730db57f36250583792c16e71ce21602ed9ba10a

SHA256
a6ea230085e37ad74d252f5b51864f7d763cbabaf86e2347279589f245a8a888

SHA512
bebf4a8c7f53c95c91161d517a4069a566e218213b7ff16b6fabe8253dfd0a9970f65f406131c3e19d59586a10c633596bea5e26aadb7679c2eb08f58f04b838

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe

Filesize
184KB

MD5
2f9089a91b92870aff158844b83976ae

SHA1
51459b951a269641f2a04384104486a1627f62f2

SHA256
ab63eb48d38ad148aee36c0ee0eda78c492272e4f745083458e666b1b8144ee9

SHA512
854833155eaf49689a9e11b7380eacc5e75c910ad0b17ef37f70b1897efb9e8a44eed61c7808dc0a434053aed4a54e313d72d0312ef1a329801a21bcf3bc645e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe

Filesize
184KB

MD5
fa68d1b888d04e8ca2c2a6d998abc6be

SHA1
4b2c03da5d789b3cde9785c76c0c9b2427e4add7

SHA256
7bd32ee8173712636c12328db57b27bd26d0e9ed7bae7b1a0205d32f4bdd9607

SHA512
31a9ad43b848590af3d37f505a2b07828008e418a31bdb96026cfc4d3d83999c56e244266db2bc9856cc79532aaa7d6ac60f51fabc33746fb9640f4a15ab6b1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe

Filesize
184KB

MD5
47572b25a50ae4859681c3ae6fc11b61

SHA1
c8940e68fd4787bdcd74e265d50f1f943df5bfbc

SHA256
f37dc316e05db5c56327996bf391ae4da7ab96e32d38f0442299e11bcb9d6f2b

SHA512
23b26663809466355163febb852ca1105172dc4ad2f9b8cf80b577992b602a39ff4bd8d7393dfb76365d14c48881939fadd5656d00d8fc841ca1ace14ba5d899

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe

Filesize
184KB

MD5
4aec249cd8e4f9d27de8d95bada49ad9

SHA1
e29c709ff6b5428f23d4339cbcc13f274f19d621

SHA256
ad730c813443099f00e196b8df7f13477be03cdde3a1a7d219c04075c2572dd7

SHA512
1389438f039802b6d5a14901f0587a45a049d58e17e0bc35e66742cd86b01d6471c69121289f104b81f4239d8194b4dea4fcffcbd4e1a01bbb7727815ab5a675

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe

Filesize
184KB

MD5
7ca7a7aca35c3f3e89053d74bba6f7fc

SHA1
7b87a636f59be79a0a97c479f0f8161af2b4e5fa

SHA256
41977535842c8a5990e9460de8f25f99cfbc2431898ea935241c242ff17d9266

SHA512
da32d1c768a30e8168528d1b3319caf2ffbb41bcfc8a37155f18bd061b99285c0b29381e5627abf64c8e77739a09ea7c813d9740305a95fbb0c2bcbe2b74bed7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe

Filesize
184KB

MD5
5d14623af3bca5ac57fa2eb87b4787c7

SHA1
80a93fd0012f8a5033fac951afe34d968464a84f

SHA256
c6e8227af7faeec14be2698e6eff51291e19a98a642787241cac1af41c8d9cad

SHA512
2b0f889f4be87326fa83829cbca1cff36cad44f0a019715089f260cd8de66b51218e27de2e7792a720c63a1320f3fffe7d401a7a0daa7d98746f86258bbba7c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe

Filesize
184KB

MD5
b6d9403aa83c14ffb4074238dcdbbaf6

SHA1
110f5f933641349dbc1697017ac16de317d1bd09

SHA256
49b151d5f807e4b29fff8c83ea763beece13500655b2425481cffe6236926521

SHA512
e8111136c28461beb1cc70f3d8b5a617d50616d44f7371c2207131b3e2eab05259a9f53d18fe30cb1dd8c05fdcdebf3a54fc55fcf80df860c10dd6919b8fc277

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe

Filesize
184KB

MD5
d060897b5d99ac602333078f30de691d

SHA1
bc937f2b9b47021008c65671a1600244bdf34277

SHA256
8f6f92487b0b2529dd91d71dcedd2359e0ed02bdff5d5048cd76e548357f22e2

SHA512
8c00ced77d230bf9c3b07cc37b6b7ab223a560de0f161d374b9785b1db83f488cb136239378de0443d6c03bb316773481c33a9c313de4af1531ac58720aaf5bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe

Filesize
184KB

MD5
ec35f5878e1ec679230424dd2fe7c9e6

SHA1
e5380c96866f20a5835194f8369fc5495ffb5931

SHA256
7954f9722092d3f300e7cc9b918f99c4cebb6970e7bb94d73c2d7510978ff0e7

SHA512
528d7958763fdd6ce444e81ecd840dedd36813ca34a55e96371766675f8213b2aec0b068984a9d93b1f48c8273de27035a2f3e67cdb25bc28328787fad23f759

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe

Filesize
184KB

MD5
c59f79b2f2b7225197c67e52e4b995c6

SHA1
61b34c79fbee3b43eef2b1c07fce47622e4af7cf

SHA256
96e83ee11053eac61bd5b09252654536bbd0e827b651cc671fd746c127b04f4c

SHA512
f15ded05c73abe94d71c95b44adf8525388ca5e6ecbdaf891953fc258db819a3dfcbf6377aae320dd45443fdd9d45cadf9b6e7ae5d2a2e9b2763b3e94a492658

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe

Filesize
184KB

MD5
859551af3b17e7b7672bfceaad1aad16

SHA1
f61bd58b3747ea1ada283ee7e9ee4c269ba72764

SHA256
59c6bad50eb827807f1ea87a075e2b476daeeba0078928bc19b424544ea03ee7

SHA512
5d1a7f5e6caf01be958b9e27a3942714a142ff633882432ee347b5e40e2ae4834cef83a86011e56c68c5c444a80db94d9c55ba34b18521e249aca47a68aebe59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe

Filesize
184KB

MD5
7d2a4eec89a00001ce1ba82f0a9fbd1d

SHA1
782f614af2204b70d6bd79caaccc485c6940604d

SHA256
24ec1930bba8c813b0bd87fefe2521c0f3263291f03fb06d65f5025aad015468

SHA512
79c42fdc4a6825ca9c98a0ab78f459ee8f19e0b034f2aedf798bf175ba9946263e516688ada4f05bac6168bb712a616437b48249d375296cd0403ef35d356e05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe

Filesize
184KB

MD5
c244dfc750bc0566000c218597186c05

SHA1
5a54253c7efa5f43f5235b822469e6c5a7b3d68c

SHA256
279b555a2d6b551175dc54dffb6f52585202ab786457979916c500f7dded4ab8

SHA512
03cfbafe8335f6dd70b906bdac893022db7ea6fcf0df51fa6bcd67d20ff89c9827fcec721a918e06ebe297445eccf65a573074cb0144e3e93158b1d48509d0ca

Download Submit