ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
Size

184KB
MD5

b3a4b07a7761919fad203f1adb1d15d8
SHA1

f449b7db9d1b97f255c940a66628876cdb06f059
SHA256

ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9
SHA512

f1106dbf9d7175fc43a6c46aec029aba2dde4fd47aeb56287e5e0a97c19ee6997d0befc1cb7a3a621563d0edce605a0f06326855eeecd728ede9e7266211c047
SSDEEP

3072:R3K3rkoT74ZUdFYWeB5LRqsdhlnViFLn3:R31oyQFYVL4sdhlnViFL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-15724.exeUnicorn-38861.exeUnicorn-18995.exeUnicorn-11082.exeUnicorn-8202.exeUnicorn-53874.exeUnicorn-62790.exeUnicorn-45961.exeUnicorn-43885.exeUnicorn-13672.exeUnicorn-48182.exeUnicorn-2051.exeUnicorn-15050.exeUnicorn-7884.exeUnicorn-20883.exeUnicorn-57604.exeUnicorn-5580.exeUnicorn-5066.exeUnicorn-5772.exeUnicorn-24241.exeUnicorn-44107.exeUnicorn-26920.exeUnicorn-22897.exeUnicorn-46603.exeUnicorn-47179.exeUnicorn-27505.exeUnicorn-47371.exeUnicorn-64968.exeUnicorn-64968.exeUnicorn-60370.exeUnicorn-45295.exeUnicorn-14950.exeUnicorn-16041.exeUnicorn-16233.exeUnicorn-45703.exeUnicorn-46793.exeUnicorn-26927.exeUnicorn-64582.exeUnicorn-18345.exeUnicorn-48557.exeUnicorn-48303.exeUnicorn-28629.exeUnicorn-2309.exeUnicorn-24396.exeUnicorn-40047.exeUnicorn-59398.exeUnicorn-59398.exeUnicorn-37970.exeUnicorn-37970.exeUnicorn-20167.exeUnicorn-5117.exeUnicorn-8957.exeUnicorn-2605.exeUnicorn-2797.exeUnicorn-37956.exeUnicorn-52621.exeUnicorn-30276.exeUnicorn-10732.exeUnicorn-24307.exeUnicorn-39792.exeUnicorn-6928.exeUnicorn-42445.exeUnicorn-40368.exeUnicorn-60234.exe

pid	process
2044	Unicorn-15724.exe
2548	Unicorn-38861.exe
2584	Unicorn-18995.exe
2720	Unicorn-11082.exe
2708	Unicorn-8202.exe
2444	Unicorn-53874.exe
2768	Unicorn-62790.exe
2948	Unicorn-45961.exe
1880	Unicorn-43885.exe
1580	Unicorn-13672.exe
1960	Unicorn-48182.exe
1304	Unicorn-2051.exe
1724	Unicorn-15050.exe
2784	Unicorn-7884.exe
2848	Unicorn-20883.exe
324	Unicorn-57604.exe
1164	Unicorn-5580.exe
312	Unicorn-5066.exe
2168	Unicorn-5772.exe
1620	Unicorn-24241.exe
1540	Unicorn-44107.exe
1656	Unicorn-26920.exe
956	Unicorn-22897.exe
556	Unicorn-46603.exe
1144	Unicorn-47179.exe
2112	Unicorn-27505.exe
2388	Unicorn-47371.exe
304	Unicorn-64968.exe
3052	Unicorn-64968.exe
1636	Unicorn-60370.exe
2868	Unicorn-45295.exe
2624	Unicorn-14950.exe
2648	Unicorn-16041.exe
2568	Unicorn-16233.exe
2544	Unicorn-45703.exe
2240	Unicorn-46793.exe
2452	Unicorn-26927.exe
2488	Unicorn-64582.exe
2540	Unicorn-18345.exe
2068	Unicorn-48557.exe
1756	Unicorn-48303.exe
2184	Unicorn-28629.exe
1204	Unicorn-2309.exe
2500	Unicorn-24396.exe
2684	Unicorn-40047.exe
1824	Unicorn-59398.exe
2028	Unicorn-59398.exe
1380	Unicorn-37970.exe
2020	Unicorn-37970.exe
748	Unicorn-20167.exe
848	Unicorn-5117.exe
2396	Unicorn-8957.exe
1000	Unicorn-2605.exe
756	Unicorn-2797.exe
2376	Unicorn-37956.exe
2124	Unicorn-52621.exe
880	Unicorn-30276.exe
1560	Unicorn-10732.exe
1652	Unicorn-24307.exe
2596	Unicorn-39792.exe
2724	Unicorn-6928.exe
2712	Unicorn-42445.exe
2896	Unicorn-40368.exe
2904	Unicorn-60234.exe

Loads dropped DLL 64 IoCs

Processes:

ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exeUnicorn-15724.exeUnicorn-38861.exeUnicorn-18995.exeWerFault.exeUnicorn-53874.exeUnicorn-11082.exeUnicorn-8202.exeWerFault.exeWerFault.exeUnicorn-62790.exeUnicorn-45961.exeUnicorn-48182.exeUnicorn-13672.exeUnicorn-43885.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
2044	Unicorn-15724.exe
2044	Unicorn-15724.exe
2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
2548	Unicorn-38861.exe
2548	Unicorn-38861.exe
2584	Unicorn-18995.exe
2584	Unicorn-18995.exe
2044	Unicorn-15724.exe
2044	Unicorn-15724.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
2444	Unicorn-53874.exe
2444	Unicorn-53874.exe
2720	Unicorn-11082.exe
2720	Unicorn-11082.exe
2708	Unicorn-8202.exe
2708	Unicorn-8202.exe
2548	Unicorn-38861.exe
2548	Unicorn-38861.exe
2584	Unicorn-18995.exe
2584	Unicorn-18995.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
548	WerFault.exe
2768	Unicorn-62790.exe
2768	Unicorn-62790.exe
2444	Unicorn-53874.exe
2444	Unicorn-53874.exe
2948	Unicorn-45961.exe
2948	Unicorn-45961.exe
2720	Unicorn-11082.exe
2720	Unicorn-11082.exe
1960	Unicorn-48182.exe
1960	Unicorn-48182.exe
1580	Unicorn-13672.exe
1580	Unicorn-13672.exe
2708	Unicorn-8202.exe
2708	Unicorn-8202.exe
1880	Unicorn-43885.exe
1880	Unicorn-43885.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2732	2212	WerFault.exe	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
1708	2044	WerFault.exe	Unicorn-15724.exe
548	2548	WerFault.exe	Unicorn-38861.exe
2696	2584	WerFault.exe	Unicorn-18995.exe
1816	2444	WerFault.exe	Unicorn-53874.exe
1088	2720	WerFault.exe	Unicorn-11082.exe
2200	2708	WerFault.exe	Unicorn-8202.exe
2004	2768	WerFault.exe	Unicorn-62790.exe
1152	2948	WerFault.exe	Unicorn-45961.exe
2792	1960	WerFault.exe	Unicorn-48182.exe
2800	1580	WerFault.exe	Unicorn-13672.exe
2976	1880	WerFault.exe	Unicorn-43885.exe
2632	1304	WerFault.exe	Unicorn-2051.exe
2828	1724	WerFault.exe	Unicorn-15050.exe
800	2784	WerFault.exe	Unicorn-7884.exe
1240	2848	WerFault.exe	Unicorn-20883.exe
960	1164	WerFault.exe	Unicorn-5580.exe
2408	312	WerFault.exe	Unicorn-5066.exe
772	324	WerFault.exe	Unicorn-57604.exe
1020	2168	WerFault.exe	Unicorn-5772.exe
2824	1620	WerFault.exe	Unicorn-24241.exe
832	1540	WerFault.exe	Unicorn-44107.exe
2344	1656	WerFault.exe	Unicorn-26920.exe
2704	956	WerFault.exe	Unicorn-22897.exe
2980	556	WerFault.exe	Unicorn-46603.exe
2508	1144	WerFault.exe	Unicorn-47179.exe
2064	2112	WerFault.exe	Unicorn-27505.exe
1944	2868	WerFault.exe	Unicorn-45295.exe
2312	304	WerFault.exe	Unicorn-64968.exe
2084	3052	WerFault.exe	Unicorn-64968.exe
540	2388	WerFault.exe	Unicorn-47371.exe
688	1636	WerFault.exe	Unicorn-60370.exe
1036	2624	WerFault.exe	Unicorn-14950.exe
3108	2648	WerFault.exe	Unicorn-16041.exe
3200	2568	WerFault.exe	Unicorn-16233.exe
3460	2068	WerFault.exe	Unicorn-48557.exe
3548	2452	WerFault.exe	Unicorn-26927.exe
3560	1824	WerFault.exe	Unicorn-59398.exe
3664	2020	WerFault.exe	Unicorn-37970.exe
3160	2028	WerFault.exe	Unicorn-59398.exe
3184	1380	WerFault.exe	Unicorn-37970.exe
3232	1204	WerFault.exe	Unicorn-2309.exe
3248	2540	WerFault.exe	Unicorn-18345.exe
3300	2488	WerFault.exe	Unicorn-64582.exe
3424	2124	WerFault.exe	Unicorn-52621.exe
3456	2132	WerFault.exe	Unicorn-12496.exe
3500	1652	WerFault.exe	Unicorn-24307.exe
3488	1740	WerFault.exe	Unicorn-31402.exe
3528	2500	WerFault.exe	Unicorn-24396.exe
3568	1560	WerFault.exe	Unicorn-10732.exe
3596	1756	WerFault.exe	Unicorn-48303.exe
3644	2536	WerFault.exe	Unicorn-32362.exe
3652	2928	WerFault.exe	Unicorn-12242.exe
3848	2140	WerFault.exe	Unicorn-23129.exe
3876	2424	WerFault.exe	Unicorn-26009.exe
3972	2608	WerFault.exe	Unicorn-39019.exe
3100	2376	WerFault.exe	Unicorn-37956.exe
3388	2276	WerFault.exe	Unicorn-25433.exe
3676	2036	WerFault.exe	Unicorn-43234.exe
3776	2396	WerFault.exe	Unicorn-8957.exe
3792	848	WerFault.exe	Unicorn-5117.exe
3900	756	WerFault.exe	Unicorn-2797.exe
3920	1604	WerFault.exe	Unicorn-16203.exe
3988	904	WerFault.exe	Unicorn-15662.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exeUnicorn-15724.exeUnicorn-38861.exeUnicorn-18995.exeUnicorn-53874.exeUnicorn-8202.exeUnicorn-11082.exeUnicorn-62790.exeUnicorn-45961.exeUnicorn-48182.exeUnicorn-13672.exeUnicorn-43885.exeUnicorn-2051.exeUnicorn-15050.exeUnicorn-7884.exeUnicorn-20883.exeUnicorn-5580.exeUnicorn-57604.exeUnicorn-5066.exeUnicorn-5772.exeUnicorn-24241.exeUnicorn-44107.exeUnicorn-26920.exeUnicorn-22897.exeUnicorn-46603.exeUnicorn-47179.exeUnicorn-27505.exeUnicorn-47371.exeUnicorn-64968.exeUnicorn-64968.exeUnicorn-60370.exeUnicorn-45295.exeUnicorn-14950.exeUnicorn-16041.exeUnicorn-16233.exeUnicorn-45703.exeUnicorn-26927.exeUnicorn-46793.exeUnicorn-64582.exeUnicorn-18345.exeUnicorn-48557.exeUnicorn-48303.exeUnicorn-28629.exeUnicorn-2309.exeUnicorn-24396.exeUnicorn-40047.exeUnicorn-59398.exeUnicorn-59398.exeUnicorn-37970.exeUnicorn-37970.exeUnicorn-20167.exeUnicorn-5117.exeUnicorn-8957.exeUnicorn-2605.exeUnicorn-2797.exeUnicorn-37956.exeUnicorn-52621.exeUnicorn-30276.exeUnicorn-10732.exeUnicorn-24307.exeUnicorn-6928.exeUnicorn-42445.exeUnicorn-39792.exeUnicorn-40368.exe

pid	process
2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
2044	Unicorn-15724.exe
2548	Unicorn-38861.exe
2584	Unicorn-18995.exe
2444	Unicorn-53874.exe
2708	Unicorn-8202.exe
2720	Unicorn-11082.exe
2768	Unicorn-62790.exe
2948	Unicorn-45961.exe
1960	Unicorn-48182.exe
1580	Unicorn-13672.exe
1880	Unicorn-43885.exe
1304	Unicorn-2051.exe
1724	Unicorn-15050.exe
2784	Unicorn-7884.exe
2848	Unicorn-20883.exe
1164	Unicorn-5580.exe
324	Unicorn-57604.exe
312	Unicorn-5066.exe
2168	Unicorn-5772.exe
1620	Unicorn-24241.exe
1540	Unicorn-44107.exe
1656	Unicorn-26920.exe
956	Unicorn-22897.exe
556	Unicorn-46603.exe
1144	Unicorn-47179.exe
2112	Unicorn-27505.exe
2388	Unicorn-47371.exe
304	Unicorn-64968.exe
3052	Unicorn-64968.exe
1636	Unicorn-60370.exe
2868	Unicorn-45295.exe
2624	Unicorn-14950.exe
2648	Unicorn-16041.exe
2568	Unicorn-16233.exe
2544	Unicorn-45703.exe
2452	Unicorn-26927.exe
2240	Unicorn-46793.exe
2488	Unicorn-64582.exe
2540	Unicorn-18345.exe
2068	Unicorn-48557.exe
1756	Unicorn-48303.exe
2184	Unicorn-28629.exe
1204	Unicorn-2309.exe
2500	Unicorn-24396.exe
2684	Unicorn-40047.exe
2028	Unicorn-59398.exe
1824	Unicorn-59398.exe
2020	Unicorn-37970.exe
1380	Unicorn-37970.exe
748	Unicorn-20167.exe
848	Unicorn-5117.exe
2396	Unicorn-8957.exe
1000	Unicorn-2605.exe
756	Unicorn-2797.exe
2376	Unicorn-37956.exe
2124	Unicorn-52621.exe
880	Unicorn-30276.exe
1560	Unicorn-10732.exe
1652	Unicorn-24307.exe
2724	Unicorn-6928.exe
2712	Unicorn-42445.exe
2596	Unicorn-39792.exe
2896	Unicorn-40368.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exeUnicorn-15724.exeUnicorn-38861.exeUnicorn-18995.exeUnicorn-53874.exeUnicorn-11082.exeUnicorn-8202.exeUnicorn-62790.exe

description	pid	process	target process
PID 2212 wrote to memory of 2044	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-15724.exe
PID 2212 wrote to memory of 2044	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-15724.exe
PID 2212 wrote to memory of 2044	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-15724.exe
PID 2212 wrote to memory of 2044	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-15724.exe
PID 2044 wrote to memory of 2548	2044	Unicorn-15724.exe	Unicorn-38861.exe
PID 2044 wrote to memory of 2548	2044	Unicorn-15724.exe	Unicorn-38861.exe
PID 2044 wrote to memory of 2548	2044	Unicorn-15724.exe	Unicorn-38861.exe
PID 2044 wrote to memory of 2548	2044	Unicorn-15724.exe	Unicorn-38861.exe
PID 2212 wrote to memory of 2584	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-18995.exe
PID 2212 wrote to memory of 2584	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-18995.exe
PID 2212 wrote to memory of 2584	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-18995.exe
PID 2212 wrote to memory of 2584	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	Unicorn-18995.exe
PID 2212 wrote to memory of 2732	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	WerFault.exe
PID 2212 wrote to memory of 2732	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	WerFault.exe
PID 2212 wrote to memory of 2732	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	WerFault.exe
PID 2212 wrote to memory of 2732	2212	ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe	WerFault.exe
PID 2548 wrote to memory of 2720	2548	Unicorn-38861.exe	Unicorn-11082.exe
PID 2548 wrote to memory of 2720	2548	Unicorn-38861.exe	Unicorn-11082.exe
PID 2548 wrote to memory of 2720	2548	Unicorn-38861.exe	Unicorn-11082.exe
PID 2548 wrote to memory of 2720	2548	Unicorn-38861.exe	Unicorn-11082.exe
PID 2584 wrote to memory of 2708	2584	Unicorn-18995.exe	Unicorn-8202.exe
PID 2584 wrote to memory of 2708	2584	Unicorn-18995.exe	Unicorn-8202.exe
PID 2584 wrote to memory of 2708	2584	Unicorn-18995.exe	Unicorn-8202.exe
PID 2584 wrote to memory of 2708	2584	Unicorn-18995.exe	Unicorn-8202.exe
PID 2044 wrote to memory of 2444	2044	Unicorn-15724.exe	Unicorn-53874.exe
PID 2044 wrote to memory of 2444	2044	Unicorn-15724.exe	Unicorn-53874.exe
PID 2044 wrote to memory of 2444	2044	Unicorn-15724.exe	Unicorn-53874.exe
PID 2044 wrote to memory of 2444	2044	Unicorn-15724.exe	Unicorn-53874.exe
PID 2044 wrote to memory of 1708	2044	Unicorn-15724.exe	WerFault.exe
PID 2044 wrote to memory of 1708	2044	Unicorn-15724.exe	WerFault.exe
PID 2044 wrote to memory of 1708	2044	Unicorn-15724.exe	WerFault.exe
PID 2044 wrote to memory of 1708	2044	Unicorn-15724.exe	WerFault.exe
PID 2444 wrote to memory of 2768	2444	Unicorn-53874.exe	Unicorn-62790.exe
PID 2444 wrote to memory of 2768	2444	Unicorn-53874.exe	Unicorn-62790.exe
PID 2444 wrote to memory of 2768	2444	Unicorn-53874.exe	Unicorn-62790.exe
PID 2444 wrote to memory of 2768	2444	Unicorn-53874.exe	Unicorn-62790.exe
PID 2720 wrote to memory of 2948	2720	Unicorn-11082.exe	Unicorn-45961.exe
PID 2720 wrote to memory of 2948	2720	Unicorn-11082.exe	Unicorn-45961.exe
PID 2720 wrote to memory of 2948	2720	Unicorn-11082.exe	Unicorn-45961.exe
PID 2720 wrote to memory of 2948	2720	Unicorn-11082.exe	Unicorn-45961.exe
PID 2708 wrote to memory of 1580	2708	Unicorn-8202.exe	Unicorn-13672.exe
PID 2708 wrote to memory of 1580	2708	Unicorn-8202.exe	Unicorn-13672.exe
PID 2708 wrote to memory of 1580	2708	Unicorn-8202.exe	Unicorn-13672.exe
PID 2708 wrote to memory of 1580	2708	Unicorn-8202.exe	Unicorn-13672.exe
PID 2548 wrote to memory of 1880	2548	Unicorn-38861.exe	Unicorn-43885.exe
PID 2548 wrote to memory of 1880	2548	Unicorn-38861.exe	Unicorn-43885.exe
PID 2548 wrote to memory of 1880	2548	Unicorn-38861.exe	Unicorn-43885.exe
PID 2548 wrote to memory of 1880	2548	Unicorn-38861.exe	Unicorn-43885.exe
PID 2584 wrote to memory of 1960	2584	Unicorn-18995.exe	Unicorn-48182.exe
PID 2584 wrote to memory of 1960	2584	Unicorn-18995.exe	Unicorn-48182.exe
PID 2584 wrote to memory of 1960	2584	Unicorn-18995.exe	Unicorn-48182.exe
PID 2584 wrote to memory of 1960	2584	Unicorn-18995.exe	Unicorn-48182.exe
PID 2548 wrote to memory of 548	2548	Unicorn-38861.exe	WerFault.exe
PID 2548 wrote to memory of 548	2548	Unicorn-38861.exe	WerFault.exe
PID 2548 wrote to memory of 548	2548	Unicorn-38861.exe	WerFault.exe
PID 2548 wrote to memory of 548	2548	Unicorn-38861.exe	WerFault.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-18995.exe	WerFault.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-18995.exe	WerFault.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-18995.exe	WerFault.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-18995.exe	WerFault.exe
PID 2768 wrote to memory of 1304	2768	Unicorn-62790.exe	Unicorn-2051.exe
PID 2768 wrote to memory of 1304	2768	Unicorn-62790.exe	Unicorn-2051.exe
PID 2768 wrote to memory of 1304	2768	Unicorn-62790.exe	Unicorn-2051.exe
PID 2768 wrote to memory of 1304	2768	Unicorn-62790.exe	Unicorn-2051.exe

C:\Users\Admin\AppData\Local\Temp\ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe
"C:\Users\Admin\AppData\Local\Temp\ab45ece6f8fdebdceab6522120e79e181f5970b468290790aeb50356238535c9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
10⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
11⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
12⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
13⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
14⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
14⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
13⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
12⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
11⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
10⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
9⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
11⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
12⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
13⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
14⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
13⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
12⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 220
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
9⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
11⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
12⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
13⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
14⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
13⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
12⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
13⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
12⤵
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 220
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
9⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
8⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-60234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60234.exe
8⤵
- Executes dropped EXE
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
9⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
11⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
12⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
13⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
13⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
12⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
8⤵
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
8⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
9⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
10⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
11⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
13⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 236
13⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
12⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
10⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
10⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
11⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
13⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 236
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
11⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
9⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
8⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
8⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
10⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
11⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
12⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
13⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
12⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
11⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 216
9⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
7⤵
- Program crash
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
6⤵
- Program crash
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
10⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
11⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
12⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
13⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
14⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
15⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
14⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
13⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
12⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
11⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
10⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
11⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
12⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
13⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
14⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
13⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
12⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
11⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
8⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
10⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 220
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
9⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
11⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
12⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 236
12⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 236
11⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
10⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
9⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
8⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
7⤵
- Program crash
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
8⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
10⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
11⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
12⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
13⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
14⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
13⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 236
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
10⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
10⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
11⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
12⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
13⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
12⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
8⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
7⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
10⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
11⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
12⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
13⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
12⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
11⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
8⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
7⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
6⤵
- Program crash
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-24396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24396.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
9⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
10⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
11⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
12⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
13⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 236
13⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
12⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
11⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
10⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
10⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
11⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
9⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
7⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
11⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
12⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
13⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
12⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
9⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
8⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
7⤵
- Program crash
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
7⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
11⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
12⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
12⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 236
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
10⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
9⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
8⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
7⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
9⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
10⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
11⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
12⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 236
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
10⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
8⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 220
7⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
6⤵
- Program crash
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
7⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
10⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
11⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
12⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 236
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
11⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
10⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
8⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
7⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
6⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
7⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
8⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 188
9⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
8⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
6⤵
- Program crash
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
5⤵
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-45562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45562.exe
9⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
10⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
12⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
13⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
14⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 236
13⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
12⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
11⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
10⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
11⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
12⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
12⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
7⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
12⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
13⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
8⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
7⤵
- Program crash
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
6⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
8⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
10⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
11⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
12⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
13⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
14⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
13⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
12⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
11⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
10⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
11⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
12⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
11⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 220
10⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
9⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
8⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
7⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
11⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
12⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
13⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
10⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
9⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
8⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
7⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
7⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
10⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
11⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
12⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
12⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
11⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
8⤵
- Program crash
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
7⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
10⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
11⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
10⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
9⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
7⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
6⤵
- Program crash
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
5⤵
- Program crash
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
8⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
11⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
12⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
13⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
14⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
13⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
12⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
10⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
11⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
13⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 236
12⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
11⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
8⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-40363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40363.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
11⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
12⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
12⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
7⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
10⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
11⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
12⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 236
12⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
11⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
10⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
7⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
9⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
11⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
12⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
10⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
8⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
7⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
7⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
9⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
10⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
9⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
7⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
6⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
7⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
8⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
9⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
10⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
9⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
8⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 216
7⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
6⤵
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
5⤵
- Program crash
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
8⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
9⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
10⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
11⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
12⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
13⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
14⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
14⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
13⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
12⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
11⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
10⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
11⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
12⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
13⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
14⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
13⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
12⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
11⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
11⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
12⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
13⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 216
13⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 220
12⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
8⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
11⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
12⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
11⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
10⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
9⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
8⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
7⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
8⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
10⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
11⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
12⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
13⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
12⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 236
11⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 216
9⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
8⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
8⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
11⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
12⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
13⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
12⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 236
10⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
7⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
10⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
11⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
12⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
11⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
7⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
6⤵
- Program crash
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
7⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
12⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
13⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 236
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
8⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
7⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
9⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
10⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
11⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
12⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 236
11⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 236
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
9⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
7⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
6⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
9⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
10⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
11⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
10⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
9⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
8⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
7⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
6⤵
- Program crash
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
5⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
7⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
11⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
12⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
13⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
9⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
7⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
10⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
11⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
12⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
8⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
7⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
6⤵
- Program crash
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
6⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
7⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
9⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
10⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
11⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 236
10⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
8⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 216
7⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
6⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
5⤵
- Program crash
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
7⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
8⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
10⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
11⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
12⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
13⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
11⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
8⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
7⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
9⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
11⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
12⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
10⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
7⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
6⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
9⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-41303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41303.exe
10⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 236
11⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
10⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
8⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
7⤵
- Program crash
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
6⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
5⤵
- Program crash
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
6⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
7⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
8⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
9⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
10⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
11⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
10⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 236
9⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
8⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
7⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
6⤵
- Program crash
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
5⤵
- Program crash
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
4⤵
- Program crash
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
2⤵
- Program crash
PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe

Filesize
184KB

MD5
fae493ae919b7e55828d372018b7b3ee

SHA1
abd359ec9552dcaa8a21e5fd9df214925b400aac

SHA256
ac9528a517b4775330606371f08e44c4d60365e0b9c5322fd2e24adbdfc35d33

SHA512
0d143be1955a9aa7592ed52e41a73f6d955ac7931f0a363af78d0281d520d00c7865a49ebf5455128ce09260d854a22c41a46b08478a0dd4d17d87036c829d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe

Filesize
184KB

MD5
0cc4bcd9cea95261ae6e31a0c3ed0c53

SHA1
fc1c7d63a0c90345523b478b64447d3c523a3ed6

SHA256
557585c54a1d32b7e8b863ea829911d437ff82aee89235767c241c8f402426c0

SHA512
d3cb1bdb3febb7010af3d2c12b039fec53e0083e0293d859f38283c2a1ba8602100459207a835a940e365b04f5c931db2d0072900d886291194bc3d47d98a0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe

Filesize
184KB

MD5
3cb9ccb6ee170a1cbccb7084a86735cc

SHA1
ba560619b3adff5d6b93791bb4912ecea0d33b43

SHA256
b2685cab523ac80c090f2a10121ab3583cd6eec23569c5a40fd70465588a21fb

SHA512
478f60666355554eff1932ddf32c67c459b16fe4a80f70a52fa4006be85547c209a636ec0b1500a5525d5a88bf385d6e17e279cb83f63397be7553030545ba52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe

Filesize
184KB

MD5
893bd70af98a49d9a5c4d100cb89bc80

SHA1
02862e121c32d8fab411f33362b1f16343b07e56

SHA256
514838a858168ca347f69fa152049636763eb07e2c6a01210173a494e5c6768d

SHA512
742982f4f8cc184d3313e093bc6d2e6a8bf7e5bfb5a0e979cff7da6aaabfccaec7158aa2e59f9deb0b19ec846f5d6292691b4bcb85cf49527a9ccb594afcc28c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe

Filesize
184KB

MD5
f5101d881922ecaeb56791b90dbb9f73

SHA1
c997aaff9cf6ac1e1d56f98ac12f481f03c8d225

SHA256
ee0c8ccc07f5b84573c8224efb5d2a25e2b2054b63fe332006a48b8372c3737d

SHA512
cdadd820de6b346475a1505bce238d96dca3d1d9f42ea1de1331289c0908e160b42b05e7afbc4a240b94cd892255b06e4a589a758b85adc2061b34ea33639f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40363.exe

Filesize
184KB

MD5
e3d95131fd86962851cef32ed17b3b57

SHA1
2efe23451a5ae8024d25f047f19e0eb9f29c191a

SHA256
984750a81d187225b50fed6c9422ba40a520a68123cfa5d64eb2ac52238de577

SHA512
a973962a50fd52b0a95b1062f6ff739d91821f5e1ef56e3d7c38017769b63dc16a78d07806ac2dcfe36c29043faca614d5577133d535505134fd204a00b9bb97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe

Filesize
184KB

MD5
b76b5dbfc3046597d52d42cacd7168bf

SHA1
a9e93674181c4b4f31347032c81b38784bf165be

SHA256
bdbcb41b70df186f3333bb47654a8a235d674f7c5dfa47eb0f2f07ee38d9cd37

SHA512
6f37da94b666ab840bafdeac347d2e818cddc06957f7a749f4f7316f3440234a50420fe41e26593b0be6f42ffb472140189623b9a9058657c0ddeae10efb71b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe

Filesize
184KB

MD5
5dcf815584aad7f3eaf1179038f2258f

SHA1
f6077e26e8a62c55058a2e77b1157147b3b4a444

SHA256
2dff0cac10c6e68170ac35466c06383d4cf2aaccedc8f951dbaaf4da25ac834a

SHA512
4d87a029f73826cb7f35897b3c9283116b70e1c08d814e465c00ca91634a9862c06f073a86ea7e2cb867ed7e659af8106506e8aae334ee19474b1ab4f8e476ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe

Filesize
184KB

MD5
79852af75e7458f0b1ff7e916a5a28e6

SHA1
72001910c5093325f9863459149b329c2262ee15

SHA256
9da9ec3f19b9e37ed843aa719274c4586a7b6ac4c6f03565168773a337cdde74

SHA512
7c95f601303b8be49523d77338fe1fba3d895eae82e648db5f15b3106e4b8c1e65add53f487de096c282273608b1650a4f7cf147149fb058c8af72a82ceacafe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe

Filesize
184KB

MD5
03c5a6ba5bdba184d6ff4bfe85779a6b

SHA1
112f48d733506bf8c2b22b358ac9ecd5663b6f0e

SHA256
33f998ee7b6f4f1551b25db965bd3d975599d1cc4eabb3e7a953b90c10e204ed

SHA512
e3b7cb0eaec6c1e1c1d67355053288a30ba75862df0d97763c6cdfd2c4db76fc7ba9cf04dfbeae514cf348721a13ef9b5514390766f2010f8947daf89ca84fe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe

Filesize
184KB

MD5
61dd5c8a7e7be8f858f1f646438788a3

SHA1
beba7ab3ff28d632d23d2b3a6fce584c544cc0d0

SHA256
5f258532703fee80709ace301b5db858ac5a05e07948d901f8d206658489c708

SHA512
5b67c65469b907702329a2680153dadb1448aceaa1e64c867db721fd1af2b8d0c10db3e9c8d7fcf45e6f2c83fa7c3e7607c414285689e1dfd0bfff014b1174c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe

Filesize
184KB

MD5
449cfec6317061ae70cbcfc45d0f6fb6

SHA1
b243758f41a750224273477ae37733fa3ab61e7d

SHA256
1ce17fef229d6792d6ace41c9a199f793e82b69fbfafd897382ef37be3870343

SHA512
5f75882aa240e978ae7d8ecbb961fdf43dce31acb153d55d6cbc7c3ad83f8fbccb83b700f768783a13c8e7f8d76549fb493fc87dbf2f5738672b2dfb333e9845

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe

Filesize
184KB

MD5
bb284862e3cd711588df20929b3b9186

SHA1
81834b7bba7f6cd6194c94faa9b3204ff62de602

SHA256
56d9be8191f72e902718d74e2e6ffeec416f9dc88c18cf6dd95e6fcbd75b8538

SHA512
5b8441ca00db8d329988beaa01cfa3abd4b02c25dd60ac91f9eab92eee04e60112b6fcfa9445a3326869783631e9f0b56f70a18e8c21e0f1492225f376345f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe

Filesize
184KB

MD5
9ec2a8ed6a3f1d1581e549d610e1d5b3

SHA1
a897385fd3c66f50bcf7321e6a9ef07f5007ac5e

SHA256
b722a72ac4fa99fd77406591e7c8bd744ab80eb44e9ca5e7e42f112b254cb3ab

SHA512
2dfac2dcc5f4106753142b3ff43fae9393f6ce72f1b639ea14b5f0040b6fce75c62509bc681880f77d45a76963aec40ebd37a622ee9691ae5f744179eb7a5810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe

Filesize
184KB

MD5
74dd62daec680a57732bd108a32497be

SHA1
e2e774ccabae0ec64393f1cfa563092a3272a572

SHA256
9c36553508f4531284fed14b410f98f46f12728cd307cead9ea13c13b6be9aad

SHA512
fde42b5539a1163d3bc6d6eec6ead556ec4688a450fa1233de5c975e94cc7696e8663d5189b1d8c8194cadb95919b1e472167a77ed4268bbe3a2e9c886c5786b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe

Filesize
184KB

MD5
d24ef97ee15b75b9da98262aa7c86a2a

SHA1
20b3a1c5891f0b2698b70aac99e7df9a99a36ff3

SHA256
36c7dc9006dd28a459c39cf2f9281fb62b40014c9ea4347bc701592595e7b917

SHA512
4bbb0006abd4ee578634a5001a0d8a13911e98b3bb0eedddd8fe069d5c91eff7175832be6e81f81fe46317edbc8e1ace9f6ffcaa8c4531621fa82a285d2513ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe

Filesize
184KB

MD5
4d21af5d529f9b51cc0bf0c0c4d94917

SHA1
04da05318abfa098af2eb6177a9184c6c26dee6a

SHA256
9277c9892a6677fd0480bde92fb8969fb33f475f22833a291ad07819a5554015

SHA512
a3cc0e744c0c2a4efc790019f3225ba84048d6a4d5aff231f831052bcf5f63a380977de9e54aba0f0d30d8a91d1f698f7eb8b40b0284f22fe2ddbdad938f4bba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe

Filesize
184KB

MD5
18c7b4246c896337b173f1e08bacf553

SHA1
d7dda88a78f1aefe48426027de4a2d127bdba3e8

SHA256
89b818c881656be89058e9c0cc82d1725b186a57526741fcd8e7d98e7ac6773c

SHA512
74aebf90ed0a5c20f84ae3f4ed27610364e7954817ea61150906e89fa6e9c6b19bf737b0feca82b02957b72cb95ceb0268bea2a602de1e59d2860d9a874a86b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe

Filesize
184KB

MD5
52199d93e8756061ce56ccb9f3ae2289

SHA1
bb52df987f0d39133c71af58737dfa065e2913d5

SHA256
36ad002442da6603f0bbf1c64cf0b1d00caabf2f56e4a390d5bc1e8e27a75367

SHA512
cb62e06f98733be07480249b5a804bd17fe39a0f32ed5ef02b5f331ef621d9f73b81797684ecbb96d4abc53e59e796a2cb12dfb26c60f9bb0b63ffce00ba6576

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe

Filesize
184KB

MD5
80f1d23b75cb6a8a55b7314d5d57b630

SHA1
f5ec15798bcbd242ab99aed835ee35c0f57889bd

SHA256
356836f1ad4ea12127f73abf2689b660cfa747fc267dda9e5abcb93633f39507

SHA512
fe7dddb90b6d13481167fefda59024118c97833fdf5c34f9c924854b29597c5cf4b1334d8c8a8795f78f48f0812a20b5c273021673c4a044c36ca8d43bfabefc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe

Filesize
184KB

MD5
796750df5b8cab1a7b2eaf938b7037ac

SHA1
89776b7d8d77fde412f6a510792be242450f4fce

SHA256
fbe5ebd2b89ffeb7400f4cfcb2e264ae3b591071a2ea431831005d99f4f5a455

SHA512
db8febdbe955cd6d13336e551b1cc8b5fa39055314332307e2289e2ad8d73f3bea83452a43f84ff88b1a1aae1add97404ab12fbf23ba8bf9bc467b732f41d180

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe

Filesize
184KB

MD5
89f234ae7be34280308d7e63e7157e69

SHA1
d464dd6af472f99c150192c1f90922cc87da5740

SHA256
c5ce71cd8c215cc3a70d95d62ac903f3e13bf88c2899f79393493d06ba453ce5

SHA512
80042dcb96b23cd2e8a4f318608a32d105246c7b269c2ee272213143fe21025c4fae674c24ff1690e99df5b2aac43e1eeb031b532d3cd4a4eb2105172ffac404

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe

Filesize
184KB

MD5
ce860ff207d878a26aa515e6d5769823

SHA1
0a118f2c4bd7dcdcca6d264a464d9b8efcf5ac14

SHA256
79f6199cc35626396e4d699f0c24c237ada125220242b9c6f27e200e5ce64401

SHA512
e5d9dd9b9a94653950ce60693833d910a648a09585b8aa955fb074813947a54fc32cb5b491b438a2be0021e1d54b2509ab4921d80de20ce1f460f065ce985245

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe

Filesize
184KB

MD5
9e68ae47888b6bf6db0a93670ffe675d

SHA1
9f76ab5d9b726d8ca210c3988d44e798547a522e

SHA256
bcc68c940a968f2853d88624db4ee5f3155bd87743da71419c5a5f5f14c53bcd

SHA512
4a03f343ecb2deed25e108921576a877534e6b495c495ec02b158d44b8b5b7236c09b979505abc39a85bc8f2e675611bb4794a93fc46032b0a9e06c4c8d4e39b

Download Submit