acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
Size

184KB
MD5

2d235dd3aa00ba35311b6481f2b7dc12
SHA1

ed7504fb7fa395ca8fb80b0482e6b52cafac9505
SHA256

acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b
SHA512

f521921eb94e28a5db7f84745cff588ba8ff10f7caf6cc42b24860edef1a935022c8f88ecc4bbab7a8a3fed126350fea21100503f7d3bbd109385af6ad50cc96
SSDEEP

1536:z7eH6BEAu37xo1x1H0GGgwMyLIyicclRmdftWLR2VzetHhl5hj5VizpvA:Pha37xo7B0SdyELTmWLRKsHhlnniFo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-38745.exeUnicorn-61537.exeUnicorn-24458.exeUnicorn-34597.exeUnicorn-19522.exeUnicorn-14923.exeUnicorn-7887.exeUnicorn-3289.exeUnicorn-37872.exeUnicorn-23347.exeUnicorn-33657.exeUnicorn-25758.exeUnicorn-50750.exeUnicorn-31076.exeUnicorn-63749.exeUnicorn-18078.exeUnicorn-44590.exeUnicorn-64455.exeUnicorn-42389.exeUnicorn-62255.exeUnicorn-51731.exeUnicorn-35909.exeUnicorn-36101.exeUnicorn-49100.exeUnicorn-932.exeUnicorn-31528.exeUnicorn-4523.exeUnicorn-1124.exeUnicorn-18722.exeUnicorn-64393.exeUnicorn-9801.exeUnicorn-55795.exeUnicorn-55665.exeUnicorn-10761.exeUnicorn-43626.exeUnicorn-4601.exeUnicorn-54259.exeUnicorn-54451.exeUnicorn-34585.exeUnicorn-39952.exeUnicorn-52951.exeUnicorn-58867.exeUnicorn-57305.exeUnicorn-37439.exeUnicorn-44368.exeUnicorn-44368.exeUnicorn-4959.exeUnicorn-44560.exeUnicorn-39961.exeUnicorn-44065.exeUnicorn-24391.exeUnicorn-63992.exeUnicorn-57640.exeUnicorn-41953.exeUnicorn-10432.exeUnicorn-56296.exeUnicorn-31294.exeUnicorn-46561.exeUnicorn-11620.exeUnicorn-64350.exeUnicorn-14464.exeUnicorn-58766.exeUnicorn-62622.exeUnicorn-23597.exe

pid	process
2568	Unicorn-38745.exe
2532	Unicorn-61537.exe
2536	Unicorn-24458.exe
2736	Unicorn-34597.exe
2416	Unicorn-19522.exe
2412	Unicorn-14923.exe
2616	Unicorn-7887.exe
2596	Unicorn-3289.exe
1780	Unicorn-37872.exe
1324	Unicorn-23347.exe
1260	Unicorn-33657.exe
2016	Unicorn-25758.exe
2752	Unicorn-50750.exe
2000	Unicorn-31076.exe
2904	Unicorn-63749.exe
268	Unicorn-18078.exe
684	Unicorn-44590.exe
740	Unicorn-64455.exe
1048	Unicorn-42389.exe
452	Unicorn-62255.exe
1548	Unicorn-51731.exe
952	Unicorn-35909.exe
112	Unicorn-36101.exe
1624	Unicorn-49100.exe
1944	Unicorn-932.exe
1616	Unicorn-31528.exe
1900	Unicorn-4523.exe
1984	Unicorn-1124.exe
2176	Unicorn-18722.exe
892	Unicorn-64393.exe
3040	Unicorn-9801.exe
2832	Unicorn-55795.exe
2496	Unicorn-55665.exe
2524	Unicorn-10761.exe
2296	Unicorn-43626.exe
2668	Unicorn-4601.exe
2848	Unicorn-54259.exe
2560	Unicorn-54451.exe
2716	Unicorn-34585.exe
1776	Unicorn-39952.exe
2120	Unicorn-52951.exe
292	Unicorn-58867.exe
2080	Unicorn-57305.exe
2124	Unicorn-37439.exe
1196	Unicorn-44368.exe
2024	Unicorn-44368.exe
2768	Unicorn-4959.exe
2740	Unicorn-44560.exe
2900	Unicorn-39961.exe
2712	Unicorn-44065.exe
2084	Unicorn-24391.exe
1468	Unicorn-63992.exe
1480	Unicorn-57640.exe
2912	Unicorn-41953.exe
1696	Unicorn-10432.exe
1484	Unicorn-56296.exe
1652	Unicorn-31294.exe
2920	Unicorn-46561.exe
1604	Unicorn-11620.exe
2952	Unicorn-64350.exe
2460	Unicorn-14464.exe
2932	Unicorn-58766.exe
2856	Unicorn-62622.exe
2692	Unicorn-23597.exe

Loads dropped DLL 64 IoCs

Processes:

acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exeUnicorn-38745.exeUnicorn-24458.exeUnicorn-61537.exeWerFault.exeUnicorn-19522.exeUnicorn-14923.exeUnicorn-34597.exeWerFault.exeWerFault.exeUnicorn-3289.exeUnicorn-37872.exeUnicorn-7887.exeUnicorn-33657.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
2568	Unicorn-38745.exe
2568	Unicorn-38745.exe
2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
2536	Unicorn-24458.exe
2536	Unicorn-24458.exe
2532	Unicorn-61537.exe
2532	Unicorn-61537.exe
2568	Unicorn-38745.exe
2568	Unicorn-38745.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
2416	Unicorn-19522.exe
2416	Unicorn-19522.exe
2532	Unicorn-61537.exe
2532	Unicorn-61537.exe
2412	Unicorn-14923.exe
2412	Unicorn-14923.exe
2736	Unicorn-34597.exe
2736	Unicorn-34597.exe
2536	Unicorn-24458.exe
2536	Unicorn-24458.exe
1208	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
1208	WerFault.exe
2112	WerFault.exe
2596	Unicorn-3289.exe
2596	Unicorn-3289.exe
1780	Unicorn-37872.exe
1780	Unicorn-37872.exe
2736	Unicorn-34597.exe
2736	Unicorn-34597.exe
2416	Unicorn-19522.exe
2416	Unicorn-19522.exe
2616	Unicorn-7887.exe
2412	Unicorn-14923.exe
1260	Unicorn-33657.exe
1260	Unicorn-33657.exe
2616	Unicorn-7887.exe
2412	Unicorn-14923.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2676	2432	WerFault.exe	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
752	2568	WerFault.exe	Unicorn-38745.exe
1208	2536	WerFault.exe	Unicorn-24458.exe
2112	2532	WerFault.exe	Unicorn-61537.exe
2320	2416	WerFault.exe	Unicorn-19522.exe
692	2412	WerFault.exe	Unicorn-14923.exe
3052	2736	WerFault.exe	Unicorn-34597.exe
1636	2596	WerFault.exe	Unicorn-3289.exe
2956	1780	WerFault.exe	Unicorn-37872.exe
2644	2616	WerFault.exe	Unicorn-7887.exe
2548	1324	WerFault.exe	Unicorn-23347.exe
2964	1260	WerFault.exe	Unicorn-33657.exe
2332	2016	WerFault.exe	Unicorn-25758.exe
1408	2000	WerFault.exe	Unicorn-31076.exe
1680	2752	WerFault.exe	Unicorn-50750.exe
932	740	WerFault.exe	Unicorn-64455.exe
912	2904	WerFault.exe	Unicorn-63749.exe
600	268	WerFault.exe	Unicorn-18078.exe
2208	684	WerFault.exe	Unicorn-44590.exe
2632	2952	WerFault.exe	Unicorn-64350.exe
2492	1048	WerFault.exe	Unicorn-42389.exe
3024	452	WerFault.exe	Unicorn-62255.exe
2196	1548	WerFault.exe	Unicorn-51731.exe
2652	952	WerFault.exe	Unicorn-35909.exe
2928	112	WerFault.exe	Unicorn-36101.exe
2428	1624	WerFault.exe	Unicorn-49100.exe
2252	1944	WerFault.exe	Unicorn-932.exe
2704	1900	WerFault.exe	Unicorn-4523.exe
1520	1616	WerFault.exe	Unicorn-31528.exe
1464	2176	WerFault.exe	Unicorn-18722.exe
1116	892	WerFault.exe	Unicorn-64393.exe
1728	1984	WerFault.exe	Unicorn-1124.exe
3240	3040	WerFault.exe	Unicorn-9801.exe
3264	2832	WerFault.exe	Unicorn-55795.exe
3292	2496	WerFault.exe	Unicorn-55665.exe
3316	2296	WerFault.exe	Unicorn-43626.exe
3324	2668	WerFault.exe	Unicorn-4601.exe
3472	2848	WerFault.exe	Unicorn-54259.exe
3488	2524	WerFault.exe	Unicorn-10761.exe
3504	2120	WerFault.exe	Unicorn-52951.exe
3528	2740	WerFault.exe	Unicorn-44560.exe
3580	2900	WerFault.exe	Unicorn-39961.exe
3624	2124	WerFault.exe	Unicorn-37439.exe
3616	1776	WerFault.exe	Unicorn-39952.exe
3672	2080	WerFault.exe	Unicorn-57305.exe
3924	2716	WerFault.exe	Unicorn-34585.exe
3932	1196	WerFault.exe	Unicorn-44368.exe
4004	292	WerFault.exe	Unicorn-58867.exe
3332	2024	WerFault.exe	Unicorn-44368.exe
3360	2768	WerFault.exe	Unicorn-4959.exe
3300	2712	WerFault.exe	Unicorn-44065.exe
3480	1480	WerFault.exe	Unicorn-57640.exe
3764	1468	WerFault.exe	Unicorn-63992.exe
3420	2084	WerFault.exe	Unicorn-24391.exe
4076	1552	WerFault.exe	Unicorn-63582.exe
4080	2920	WerFault.exe	Unicorn-46561.exe
3432	2460	WerFault.exe	Unicorn-14464.exe
4052	2692	WerFault.exe	Unicorn-23597.exe
3848	1028	WerFault.exe	Unicorn-57230.exe
4132	2256	WerFault.exe	Unicorn-20324.exe
4140	3048	WerFault.exe	Unicorn-2534.exe
4156	2856	WerFault.exe	Unicorn-62622.exe
4200	2560	WerFault.exe	Unicorn-54451.exe
4764	1604	WerFault.exe	Unicorn-11620.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exeUnicorn-38745.exeUnicorn-61537.exeUnicorn-24458.exeUnicorn-19522.exeUnicorn-34597.exeUnicorn-14923.exeUnicorn-3289.exeUnicorn-37872.exeUnicorn-33657.exeUnicorn-23347.exeUnicorn-7887.exeUnicorn-25758.exeUnicorn-31076.exeUnicorn-50750.exeUnicorn-64455.exeUnicorn-18078.exeUnicorn-63749.exeUnicorn-44590.exeUnicorn-42389.exeUnicorn-62255.exeUnicorn-51731.exeUnicorn-35909.exeUnicorn-36101.exeUnicorn-49100.exeUnicorn-932.exeUnicorn-31528.exeUnicorn-4523.exeUnicorn-1124.exeUnicorn-18722.exeUnicorn-64393.exeUnicorn-9801.exeUnicorn-55795.exeUnicorn-55665.exeUnicorn-10761.exeUnicorn-43626.exeUnicorn-4601.exeUnicorn-54259.exeUnicorn-54451.exeUnicorn-34585.exeUnicorn-39952.exeUnicorn-52951.exeUnicorn-58867.exeUnicorn-37439.exeUnicorn-57305.exeUnicorn-44368.exeUnicorn-44368.exeUnicorn-4959.exeUnicorn-44560.exeUnicorn-39961.exeUnicorn-44065.exeUnicorn-63992.exeUnicorn-24391.exeUnicorn-57640.exeUnicorn-41953.exeUnicorn-10432.exeUnicorn-56296.exeUnicorn-31294.exeUnicorn-46561.exeUnicorn-11620.exeUnicorn-64350.exeUnicorn-14464.exeUnicorn-58766.exeUnicorn-62622.exe

pid	process
2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
2568	Unicorn-38745.exe
2532	Unicorn-61537.exe
2536	Unicorn-24458.exe
2416	Unicorn-19522.exe
2736	Unicorn-34597.exe
2412	Unicorn-14923.exe
2596	Unicorn-3289.exe
1780	Unicorn-37872.exe
1260	Unicorn-33657.exe
1324	Unicorn-23347.exe
2616	Unicorn-7887.exe
2016	Unicorn-25758.exe
2000	Unicorn-31076.exe
2752	Unicorn-50750.exe
740	Unicorn-64455.exe
268	Unicorn-18078.exe
2904	Unicorn-63749.exe
684	Unicorn-44590.exe
1048	Unicorn-42389.exe
452	Unicorn-62255.exe
1548	Unicorn-51731.exe
952	Unicorn-35909.exe
112	Unicorn-36101.exe
1624	Unicorn-49100.exe
1944	Unicorn-932.exe
1616	Unicorn-31528.exe
1900	Unicorn-4523.exe
1984	Unicorn-1124.exe
2176	Unicorn-18722.exe
892	Unicorn-64393.exe
3040	Unicorn-9801.exe
2832	Unicorn-55795.exe
2496	Unicorn-55665.exe
2524	Unicorn-10761.exe
2296	Unicorn-43626.exe
2668	Unicorn-4601.exe
2848	Unicorn-54259.exe
2560	Unicorn-54451.exe
2716	Unicorn-34585.exe
1776	Unicorn-39952.exe
2120	Unicorn-52951.exe
292	Unicorn-58867.exe
2124	Unicorn-37439.exe
2080	Unicorn-57305.exe
2024	Unicorn-44368.exe
1196	Unicorn-44368.exe
2768	Unicorn-4959.exe
2740	Unicorn-44560.exe
2900	Unicorn-39961.exe
2712	Unicorn-44065.exe
1468	Unicorn-63992.exe
2084	Unicorn-24391.exe
1480	Unicorn-57640.exe
2912	Unicorn-41953.exe
1696	Unicorn-10432.exe
1484	Unicorn-56296.exe
1652	Unicorn-31294.exe
2920	Unicorn-46561.exe
1604	Unicorn-11620.exe
2952	Unicorn-64350.exe
2460	Unicorn-14464.exe
2932	Unicorn-58766.exe
2856	Unicorn-62622.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exeUnicorn-38745.exeUnicorn-24458.exeUnicorn-61537.exeUnicorn-19522.exeUnicorn-14923.exeUnicorn-34597.exeUnicorn-3289.exe

description	pid	process	target process
PID 2432 wrote to memory of 2568	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-38745.exe
PID 2432 wrote to memory of 2568	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-38745.exe
PID 2432 wrote to memory of 2568	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-38745.exe
PID 2432 wrote to memory of 2568	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-38745.exe
PID 2568 wrote to memory of 2532	2568	Unicorn-38745.exe	Unicorn-61537.exe
PID 2568 wrote to memory of 2532	2568	Unicorn-38745.exe	Unicorn-61537.exe
PID 2568 wrote to memory of 2532	2568	Unicorn-38745.exe	Unicorn-61537.exe
PID 2568 wrote to memory of 2532	2568	Unicorn-38745.exe	Unicorn-61537.exe
PID 2432 wrote to memory of 2536	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-24458.exe
PID 2432 wrote to memory of 2536	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-24458.exe
PID 2432 wrote to memory of 2536	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-24458.exe
PID 2432 wrote to memory of 2536	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	Unicorn-24458.exe
PID 2432 wrote to memory of 2676	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	WerFault.exe
PID 2432 wrote to memory of 2676	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	WerFault.exe
PID 2432 wrote to memory of 2676	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	WerFault.exe
PID 2432 wrote to memory of 2676	2432	acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe	WerFault.exe
PID 2536 wrote to memory of 2736	2536	Unicorn-24458.exe	Unicorn-34597.exe
PID 2536 wrote to memory of 2736	2536	Unicorn-24458.exe	Unicorn-34597.exe
PID 2536 wrote to memory of 2736	2536	Unicorn-24458.exe	Unicorn-34597.exe
PID 2536 wrote to memory of 2736	2536	Unicorn-24458.exe	Unicorn-34597.exe
PID 2532 wrote to memory of 2416	2532	Unicorn-61537.exe	Unicorn-19522.exe
PID 2532 wrote to memory of 2416	2532	Unicorn-61537.exe	Unicorn-19522.exe
PID 2532 wrote to memory of 2416	2532	Unicorn-61537.exe	Unicorn-19522.exe
PID 2532 wrote to memory of 2416	2532	Unicorn-61537.exe	Unicorn-19522.exe
PID 2568 wrote to memory of 2412	2568	Unicorn-38745.exe	Unicorn-14923.exe
PID 2568 wrote to memory of 2412	2568	Unicorn-38745.exe	Unicorn-14923.exe
PID 2568 wrote to memory of 2412	2568	Unicorn-38745.exe	Unicorn-14923.exe
PID 2568 wrote to memory of 2412	2568	Unicorn-38745.exe	Unicorn-14923.exe
PID 2568 wrote to memory of 752	2568	Unicorn-38745.exe	WerFault.exe
PID 2568 wrote to memory of 752	2568	Unicorn-38745.exe	WerFault.exe
PID 2568 wrote to memory of 752	2568	Unicorn-38745.exe	WerFault.exe
PID 2568 wrote to memory of 752	2568	Unicorn-38745.exe	WerFault.exe
PID 2416 wrote to memory of 2616	2416	Unicorn-19522.exe	Unicorn-7887.exe
PID 2416 wrote to memory of 2616	2416	Unicorn-19522.exe	Unicorn-7887.exe
PID 2416 wrote to memory of 2616	2416	Unicorn-19522.exe	Unicorn-7887.exe
PID 2416 wrote to memory of 2616	2416	Unicorn-19522.exe	Unicorn-7887.exe
PID 2532 wrote to memory of 2596	2532	Unicorn-61537.exe	Unicorn-3289.exe
PID 2532 wrote to memory of 2596	2532	Unicorn-61537.exe	Unicorn-3289.exe
PID 2532 wrote to memory of 2596	2532	Unicorn-61537.exe	Unicorn-3289.exe
PID 2532 wrote to memory of 2596	2532	Unicorn-61537.exe	Unicorn-3289.exe
PID 2412 wrote to memory of 1324	2412	Unicorn-14923.exe	Unicorn-23347.exe
PID 2412 wrote to memory of 1324	2412	Unicorn-14923.exe	Unicorn-23347.exe
PID 2412 wrote to memory of 1324	2412	Unicorn-14923.exe	Unicorn-23347.exe
PID 2412 wrote to memory of 1324	2412	Unicorn-14923.exe	Unicorn-23347.exe
PID 2736 wrote to memory of 1780	2736	Unicorn-34597.exe	Unicorn-37872.exe
PID 2736 wrote to memory of 1780	2736	Unicorn-34597.exe	Unicorn-37872.exe
PID 2736 wrote to memory of 1780	2736	Unicorn-34597.exe	Unicorn-37872.exe
PID 2736 wrote to memory of 1780	2736	Unicorn-34597.exe	Unicorn-37872.exe
PID 2536 wrote to memory of 1260	2536	Unicorn-24458.exe	Unicorn-33657.exe
PID 2536 wrote to memory of 1260	2536	Unicorn-24458.exe	Unicorn-33657.exe
PID 2536 wrote to memory of 1260	2536	Unicorn-24458.exe	Unicorn-33657.exe
PID 2536 wrote to memory of 1260	2536	Unicorn-24458.exe	Unicorn-33657.exe
PID 2536 wrote to memory of 1208	2536	Unicorn-24458.exe	WerFault.exe
PID 2536 wrote to memory of 1208	2536	Unicorn-24458.exe	WerFault.exe
PID 2536 wrote to memory of 1208	2536	Unicorn-24458.exe	WerFault.exe
PID 2536 wrote to memory of 1208	2536	Unicorn-24458.exe	WerFault.exe
PID 2532 wrote to memory of 2112	2532	Unicorn-61537.exe	WerFault.exe
PID 2532 wrote to memory of 2112	2532	Unicorn-61537.exe	WerFault.exe
PID 2532 wrote to memory of 2112	2532	Unicorn-61537.exe	WerFault.exe
PID 2532 wrote to memory of 2112	2532	Unicorn-61537.exe	WerFault.exe
PID 2596 wrote to memory of 2016	2596	Unicorn-3289.exe	Unicorn-25758.exe
PID 2596 wrote to memory of 2016	2596	Unicorn-3289.exe	Unicorn-25758.exe
PID 2596 wrote to memory of 2016	2596	Unicorn-3289.exe	Unicorn-25758.exe
PID 2596 wrote to memory of 2016	2596	Unicorn-3289.exe	Unicorn-25758.exe

C:\Users\Admin\AppData\Local\Temp\acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe
"C:\Users\Admin\AppData\Local\Temp\acb5edbba56882a048e89e5c8463ec93be6f213a33dd9d6ecde010a58224f98b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
9⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
10⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
11⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
12⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
13⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
14⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
14⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 220
13⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
12⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
11⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
11⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
12⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
13⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 236
13⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
12⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 220
11⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
10⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
9⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
11⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
12⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
13⤵
PID:11992

C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
14⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
13⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
12⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
11⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
10⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
9⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
8⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
9⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
10⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
11⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
12⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
13⤵
PID:11616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
14⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
10⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
11⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
12⤵
PID:11812

C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
13⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 220
12⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
11⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
8⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
8⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
9⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
10⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
11⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
13⤵
PID:12144

C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
14⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 220
13⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
12⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
10⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
9⤵
- Program crash
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
8⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-11095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11095.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
11⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11512 -s 220
13⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
9⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 220
8⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
7⤵
- Program crash
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
8⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
9⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
11⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
12⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
13⤵
PID:11596

C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
14⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
12⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
11⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
10⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
11⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
12⤵
PID:11504

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
13⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 236
11⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
10⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
8⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
12⤵
PID:11768

C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
13⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
9⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
8⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
7⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-11671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11671.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-28121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28121.exe
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
11⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
12⤵
PID:12180

C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
13⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 220
12⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
11⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
8⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
10⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11632 -s 212
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
11⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
10⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
9⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
8⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
7⤵
- Program crash
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
6⤵
- Program crash
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
8⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
9⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
11⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
12⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
13⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
14⤵
PID:14236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
14⤵
PID:14048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
13⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
12⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
11⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
12⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
13⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
13⤵
PID:14168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 236
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
11⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
9⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
8⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
11⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
12⤵
PID:11404

C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
13⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11404 -s 216
13⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
12⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
9⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
7⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-65029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65029.exe
11⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
12⤵
PID:12084

C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
13⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 220
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
9⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
8⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
7⤵
- Program crash
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
7⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
8⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
9⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
11⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
12⤵
PID:11960

C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
13⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 220
12⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 220
11⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
10⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
8⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
10⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
11⤵
PID:11664

C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
12⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
11⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
7⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
10⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
11⤵
PID:11844

C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
12⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11844 -s 216
12⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
10⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
8⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
7⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
6⤵
- Program crash
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
9⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
10⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
11⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
12⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
13⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
14⤵
PID:13804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
14⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
13⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
12⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
11⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-61202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61202.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
13⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
10⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
9⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
9⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
12⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
13⤵
PID:14144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
13⤵
PID:13864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
9⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
8⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
8⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
10⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
11⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
12⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
13⤵
PID:13848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
12⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 236
12⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
11⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 220
10⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
9⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
11⤵
PID:11392

C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
12⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11392 -s 236
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
8⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
7⤵
- Program crash
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
8⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
10⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
11⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
12⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
13⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 236
11⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
11⤵
PID:12252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
12⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
10⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
8⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
7⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
10⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
11⤵
PID:11764

C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
11⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
10⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
8⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 220
7⤵
- Program crash
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
6⤵
- Program crash
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
11⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
12⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
13⤵
PID:11528

C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
14⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 236
12⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
11⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
10⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
11⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
12⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
12⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
11⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 220
10⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
10⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
11⤵
PID:11364

C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11364 -s 216
12⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
11⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
10⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
8⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
7⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
10⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
11⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
12⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
12⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
11⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
10⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 220
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 220
10⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
9⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
7⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
7⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
11⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
12⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
11⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
8⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
9⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
10⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
11⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 220
11⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
10⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
9⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
7⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
9⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
10⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
11⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
11⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
10⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
9⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
8⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
7⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
6⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
5⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
8⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
11⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
12⤵
PID:11648

C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
13⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
10⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
8⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
9⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
10⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
11⤵
PID:12112

C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
12⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
11⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
10⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
8⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
7⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
10⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
11⤵
PID:12236

C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
11⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
10⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
8⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
7⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
10⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
11⤵
PID:12100

C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
12⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
11⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
8⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
7⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
8⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
9⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
10⤵
PID:11468

C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
10⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
9⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
8⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
7⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
6⤵
- Program crash
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
5⤵
- Program crash
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
7⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
8⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
11⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
12⤵
PID:11608

C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
13⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 220
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 220
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
10⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
8⤵
- Program crash
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
7⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
10⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
11⤵
PID:11936

C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 220
11⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 220
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
7⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
6⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
7⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
10⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 220
11⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
9⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
8⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
7⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 220
8⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
7⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
6⤵
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
6⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
7⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
10⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
11⤵
PID:11864

C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
12⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
11⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55282.exe
8⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
9⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
10⤵
PID:11400

C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
11⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
10⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 220
9⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
8⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
6⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
7⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
8⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
9⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-57068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57068.exe
10⤵
PID:11828

C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
11⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
10⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 220
9⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
8⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
7⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
6⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
5⤵
- Program crash
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
12⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
13⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
13⤵
PID:13352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
12⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
11⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
9⤵
- Program crash
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
8⤵
- Program crash
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
7⤵
- Executes dropped EXE
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
8⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
11⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
12⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
7⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
8⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
12⤵
PID:11964

C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
13⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
9⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
8⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
7⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
10⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 220
11⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
10⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
8⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
7⤵
- Program crash
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
6⤵
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 188
8⤵
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
7⤵
- Program crash
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
7⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-436.exe
8⤵
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 220
9⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 236
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
7⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
8⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
9⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
10⤵
PID:12024

C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
10⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
9⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
8⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 220
7⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
5⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
11⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
12⤵
PID:11548

C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
13⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 236
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
8⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 220
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
8⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
7⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
9⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
10⤵
PID:11456

C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
10⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
9⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
8⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
7⤵
- Program crash
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
6⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
7⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 220
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
10⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
9⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
10⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
11⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 236
11⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 236
10⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
9⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
8⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
7⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
9⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
10⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
11⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 236
11⤵
PID:14060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
10⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
9⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
8⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
6⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
8⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
9⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
10⤵
PID:11280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
11⤵
PID:14188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
10⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
9⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
8⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
7⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
6⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
5⤵
- Program crash
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
7⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
10⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
11⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 236
12⤵
PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
11⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
9⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
9⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
10⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
11⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
11⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
10⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
8⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
7⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
6⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
7⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
9⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
10⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
11⤵
PID:11800

C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
12⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 220
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
10⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
8⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
7⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
8⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
9⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
10⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12264 -s 212
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
10⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
9⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
8⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
7⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
6⤵
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
6⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
10⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
11⤵
PID:12068

C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
12⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 220
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 220
10⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
8⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
7⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
8⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
9⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
10⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
10⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
9⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 216
8⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 220
7⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
6⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
7⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
8⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
9⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
10⤵
PID:11880

C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
11⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
10⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
9⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
8⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
7⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
6⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
5⤵
- Program crash
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
6⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
7⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
10⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
11⤵
PID:12188

C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
12⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 220
11⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
10⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
8⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
9⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
10⤵
PID:12072

C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
10⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
9⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
8⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
7⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
6⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
8⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
9⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
10⤵
PID:11852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
10⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 236
9⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
7⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
6⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
5⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
6⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
8⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
9⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
10⤵
PID:12280

C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
11⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12280 -s 216
11⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
10⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
9⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
8⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 216
7⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
6⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
7⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
8⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
9⤵
PID:11900

C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
9⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
8⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
7⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
6⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
5⤵
- Program crash
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
4⤵
- Program crash
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
2⤵
- Program crash
PID:2676

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
Filesize
184KB

MD5
268851e3f8a578b35aa2a914c86010f3

SHA1
2e104f8b8e172d8e5e91de4c31b09b81b95fd4b2

SHA256
4a054f77a4e8f289bb44bf9f2a12aced65a922f3809d2914bbaff3d77e03f374

SHA512
5369565eb03c47f9f44b9b51fa9001493dee80f3c36767a86de745b0a4faf97bf7142a8d64fa3dbde8b4156463e17d7d57184eb7adb634cca2095b3656fbc2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
Filesize
184KB

MD5
e1ab02310153fd1816a2872d0b9f716e

SHA1
4ed6473ccb8eafc65f4f3a018730bdb7f42b3427

SHA256
aa2bb91f018478270bd5f6b13e19d692e80d6617b828afe3ef9de1903fb09db3

SHA512
b56537d2e3f875bcd89f67e415496b6df2cbcacbf3f3da1ad3fc42d637a8387fcaa2683743e62806a7bdc007769294a52dff666caf9f6187ddaa014cbcd7d185

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
Filesize
184KB

MD5
3caafde390f205e58e9e330de65f0bd0

SHA1
553808cdc5834dbe1e02b0e2352c8cd279d46217

SHA256
5e14a50a074c5ab888183d28d4e40035a36ce67d52ca8f191ab3734e04c94a17

SHA512
f3bba2a95900f3ce0de550a5132744a9ceda019d42fae4e5a0816e4c7eb70f943197134c5997c821b2bacc454ae8d1b11435631c4b3b2352f5f3c38b69413cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
Filesize
184KB

MD5
3b43d4397f353c0572777a8342e94e2a

SHA1
a339a87f7c15a17a2f1e8caed7cd3bff17fa6982

SHA256
86471fd2e13bada8e7a8e929cb65da9546f4e0b5ab4f702591c0e5b36e6c83a2

SHA512
fbf24eb05d8afb67a850d4688e1031cd11c7423d5ec0cd041b20caaa5219303eba834d5c1755ab66504ef6170985bad25f93c80fe72135983632b2f9380b73c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
Filesize
184KB

MD5
5fd3aaa192794d6f0f7aca7ddf7f0760

SHA1
8e64933bccfba4c0e1a8499b82ae0e38f0825b9d

SHA256
a09b673854d23a4f3f52e5780615649ca3f4a6a43bfd51ed405ec0637ba2d8ea

SHA512
f0ab9ffdd9353d2f08da9b05bb0b2324644deb98bd52ffc0df2e2646c3b61b30feaf9b4b7f2170bb563b85fa246263b30f6c96ec5a05be4d844c8504e136fdb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
Filesize
184KB

MD5
aff6944f17a547a014425146e35f4575

SHA1
f4c70750f4acd7ddc282f24fcab3a0535fffd721

SHA256
6af78bfd601f70adada7ebb4e7462fe7fcb946026801cebe7e0e26cd1407d923

SHA512
6f324e7295a791185a2cc34d4053dcc9c20532685fc1f2d3b368886b929f26de93451bb4cb29baf75f1fee1b50562469c51dcb72ab6359214e6e7e88f5ac1366

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
Filesize
184KB

MD5
cf985069b42e89c08d6d45532ba02afd

SHA1
5d91e33d781725e80ce4bb81c54010c85a3e71f6

SHA256
480b0bf79d52b22602f914b3a7e8a46cb56c4a6735b4d6f65d9d9d2827104af1

SHA512
5de838f910984c154cd2dbf04ef05821fb84eb3914200ed2639f90dc50d4e4a581d6ff7e0ccc84068ffa8db390140bcaefdb692f7ed3cee0c86d7b2a9ae3d9c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
Filesize
184KB

MD5
909d4418bffdc63b2b39b409744ed06d

SHA1
97d98a8c2982059d91ff1281fe4baa8d990340fb

SHA256
9b146e16a8d58acebb0e03dda336a9311dd2cba0afafb83476ba28cda638dc94

SHA512
bc5d2dc5591b7b228c72b29ed9616472d9e319e35cca8644b0a9566a2032613657341cce83a8ceca09d4c54567a4e9d728092c15aa1a89e9c8f5f66090299447

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
Filesize
184KB

MD5
7ae6a31bd33e2ef494f4caad866648cd

SHA1
29d950c5715dc29a7ad7b432e51e82b6ae1ce006

SHA256
a0c74084570b30de79a913d2cee7e12fbc1779ca57f0d60b893059a05050bf6e

SHA512
4f0051b36cb73e8ef6b995730756a2b8517d016b11f68d4a9044a7650d134aa2bf9b227a16d5976ee03129efbc7e97719874e73e017e7fb487f8c7d103d968cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
Filesize
184KB

MD5
f870c0f46a3799ee2228c1902da7f598

SHA1
aaf3fb410f5cac6bbab51f34a4489174ce717bf2

SHA256
9bd47d3a6f337bfcf2f9e82f766d41070e7f983e95d309bc44342e382e450a11

SHA512
9c714cc6cd564247f34dc15acb7dcfe48525220e67a3512a3db308ad11beecaa92c7e42432fbbf79cb1d73819fca17b100ac82bd89c05d65dc04879ebb267238

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
Filesize
184KB

MD5
a1bb75f59254230b92377a266e33ecdd

SHA1
b5dc9c32c92963fd592def50d597d351f65f69e5

SHA256
fed87a3be8a67c47a5c5145a853965989c6047dc164a7596034eae6eb093ec6c

SHA512
7b40f1ae394048acc23d7d673f78939e3cb57bf38a9ed23c90a4760ebbaf1ca6aaeada7243221b988425158f49b26950377457bb57e99bc88971a9e433944526

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
Filesize
184KB

MD5
01baafed24fb81eccff0713beaba117a

SHA1
b0ac5cfb075938bac42b740b8bcaeb429c60d404

SHA256
6a57081bad6d1f67ba4bc204cf9a2ca72360e4541c21051107dae16a2f5c830c

SHA512
35aa22291c09a2bef6925fe2bb1d1b8b5448a8e995f23bd6ae74f1e9e90f6ae7ae665111cb816f8d67e598531bf2a3c76b632f02b4eba8c0cf869b5ac8747217

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
Filesize
184KB

MD5
0b5ba43d2181df417c5fc4d54730f439

SHA1
37bd7d9f38aa235cf36fa851dc83940d7c53b7a6

SHA256
678b691c2c67c3f7c2744c4849346572a73862eec3531a2074255d4129177c46

SHA512
9b108f3eb7bea8dd551be90a63bb3e3c01a2e2617402258db99da9b8eaa3f86d3be3213ccae616c1f6a7ceff8fbc056be3cdab7caa7621a770914893031fe968

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
Filesize
184KB

MD5
f873718d13a88bbfe986609fa6ebfb96

SHA1
78d202fe7d01bcb6c55f8346e35010d46e2714cf

SHA256
f946d392d288df2b56eafde7d7c3ab75c729f38d29cf1fd21a321898fa6db18c

SHA512
4fad733cd3b7acaa0177ed5721c5aa8bf6327bd8e93dce0cd2f4c7438065fd41f878a9c7079d7864e227f5c530b24bda9ea8576de53f7017c8edea7a7f3c0a12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
Filesize
184KB

MD5
618dd814cba689d050d670a47f9f4839

SHA1
f77f332ef61cfc923e48d231d83b90c479ed43d0

SHA256
cde880f084361b16b276c555405d3b672ab824b3f03927bf2907832172a1115f

SHA512
e5689c05f7219120f7b169baeb8ff934dfe83a4269ddaabe40738aff1a7058ee895a5917ca338e317eb9426baa4950c421acc98b41d59ff73465886cddfb2049

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
Filesize
184KB

MD5
fd595935f1a9de5d0f44b12aa7e8b889

SHA1
bd19b1dd110b472f5540b5e22aa60941a08a92fc

SHA256
0f25c992c7a1f12f77a9a8703de642b16f3b0f113847db06c017a8f1ec451b24

SHA512
97e39929d40879763c6304c82e0fc7ec901ff1684f65a1d14c70a71755ce4b4fdec3b15e8092d2f81e79d4f72a1a0c059a35bb912ae47b6a2efb6e4930c354e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
Filesize
184KB

MD5
0885699e97823f610a534ae98faf83ac

SHA1
fd45e43a81a23bbde5b61f5cfd715c6ed14e2abb

SHA256
00f2ab13c2757612f6777f6df81c3611556f065b67be072b1482c11958ab126a

SHA512
028133b49f7a5d6fc567cde2eb350bbfd6802286f70ae0941902ee3a740771c60d9a6eebdfcbe93870e12a78c32d74db2dac431c1853d4bbf81b466daca0e76f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
Filesize
184KB

MD5
69bfda37bb1d6ae47c0c85acc49dc92a

SHA1
cbb30fb9f9138a17778e0852284a312446cea698

SHA256
278bdd9f0f912e3aee90e7c5f3fc7b801147a74da800f1b3c6e9b85a251535ac

SHA512
61c8f251f564f35f2ccab41f87081387a02661e9012057ea1df9097396d7bbe0fc95d07e52967ae0d7d68d6374b2cb6081fc24f896dc04c2af85e6295953388d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
Filesize
184KB

MD5
f33c8f35e4b7bd0118fcb0485062f79d

SHA1
40bb615c30a39bbbf460532efc870ca4901110f2

SHA256
652e76724c4e2d9db16a8f6e5c2d207ec8ddf30fe8ebdf466a95ef87a5153e42

SHA512
075886da74ad68b6eb7e574d4d9e837f6cf51616ce6c00b0277f59ee4db94f03d02e563ccd757b42c9388d5df5edbee3d995a04451365115ac0de966e2998a68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
Filesize
184KB

MD5
3d1698bbf9f59ce2f020f742490fbc7e

SHA1
b17c20653ec9966322be1fafdd59dc99aef34c0c

SHA256
ef1c36ebc934e9476f29b2b8aeb0f42ded6f743a79dc43cc7c5fff7f5b2e64d4

SHA512
5429341e02a6eb7fd3001b987f6830de1b3922bb8ee082bdedfa1ed96e3069a7f1512cda4c22b7304f58f58ddefa1180037e855a456f19464dee9a393444d832

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
Filesize
184KB

MD5
04b739dc01ef3f0edaf0d62afdc8adce

SHA1
134f38edc806055e99e809e47b4df96174c415cc

SHA256
f474dfaa08a1b62c5bec845b5a3a60d9e818e9ba025c19d455a672455b4953b5

SHA512
26cc6f519aa8ffcf95f868c1e4aca7ce7522e7ba855e5a4216d9d321cda76c884904c43a3fb36575fb50bf66a55aedad84ec7c7657364d382aada9af471cf921

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
Filesize
184KB

MD5
fa25e03500a9accfa30cf92104de0239

SHA1
0e245d4fe8705af269406a0456a0e117cf686abb

SHA256
f4837be81b11a05902114f434209f95965dc4f341e1807549d7e987a7b8e108e

SHA512
6fe268ad954eaed6cf566524288aaf86728c8edc9fbb15d0c39af8d7ff9a7a7b06fd3434745de61026560510c980b6e3286694aff3c849e6294f5be059c6eec9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
Filesize
184KB

MD5
828639e7697d24fcda9e6f7ebf15e0df

SHA1
6ae8db7b28d5eb0f396705f5f59584ec5c1716eb

SHA256
f69e2ab82806eae796806b38411e6561d700833b0032d5e668e6b2b742d05d62

SHA512
5cbea31ddcf46064ab061a95f6a980458cd551bd15c6a4dcfac3d3b095c88bff66445432b2e5dfdd148eb957b9413330343c0fa505bcd4908ca094fa59c1be7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
Filesize
184KB

MD5
fb5eb31b60c273a0472b7854df270a07

SHA1
c163070cf5a722126de02bba85d15a60176deefa

SHA256
75ca6bfdf6a3639b19c6d690d54aee121ef2e34e0e998d9099d55335c5de3337

SHA512
25140f1b9e90093b15c30386aed92e301cf3e1eb2a7e11089b4a31699fbf7a8dc2795f035d2feb73bbab7791085e40a10f67235566b8c8b5725a05de08a89c30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
Filesize
184KB

MD5
8dd0e4e57436f9f40d8144ccf3aae00e

SHA1
7b24dc3519e7823207c22e9e9cab227973d5c222

SHA256
35deb8fb0a15e87d1a542da71fcae19d4821f16565e0a14eb2c905ee25ad76bc

SHA512
ffa9797ded2a6f580eaca05e435e733282868c848a8dc8296e556e1ed340b9677faaab6a32673d6392926b53e921a50671b0e3b2bd38e3821435ea374e3d30c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
Filesize
184KB

MD5
98cdbbb8faff8327dd447c9940456bfd

SHA1
dbe41cd91c1bd5600d4dd13f5e4c5754f102e913

SHA256
dd50feb8f4a9aea6a8ccff3f905e9364146e5c9d910ee3e16ca7421c5a375664

SHA512
2b4f275e8c19d8a14935a85d19d5bb73ea93f4aaff06ea2c6356c8e7863741d264cc2a05afbd4aa533c0bf5edf14f16d1ef8eab8da2dbe92f4084b7ed4b0f672

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads