acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
Size

184KB
MD5

1b36cb38baceacbd4f887aa886730a9c
SHA1

72d32bb402ccb261390a1c8b47a1d1a5bd6211bd
SHA256

acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5
SHA512

0101124db7106b35721a80e069ee66c29705c8734d271e3890cb56330ac16db63647ebd404a210e9163334ea9f34b390fda5a2d4de0fc4669ad8a03ed07502a0
SSDEEP

3072:QtcHbEolNaDAdwJYem7HpxtEIK4xIPFrEVrCO5ElHk1ilnrOfl:Qtfo68wJwHPtEIKoISilnrOf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-36985.exeUnicorn-40256.exeUnicorn-60122.exeUnicorn-48680.exeUnicorn-64331.exeUnicorn-44466.exeUnicorn-1397.exeUnicorn-14780.exeUnicorn-1973.exeUnicorn-47645.exeUnicorn-18221.exeUnicorn-42061.exeUnicorn-61927.exeUnicorn-59851.exeUnicorn-61927.exeUnicorn-43645.exeUnicorn-516.exeUnicorn-64683.exeUnicorn-16578.exeUnicorn-62571.exeUnicorn-60303.exeUnicorn-16770.exeUnicorn-14631.exeUnicorn-10417.exeUnicorn-10417.exeUnicorn-51671.exeUnicorn-6767.exeUnicorn-33279.exeUnicorn-50841.exeUnicorn-48573.exeUnicorn-5423.exeUnicorn-19740.exeUnicorn-53311.exeUnicorn-22777.exeUnicorn-7701.exeUnicorn-40374.exeUnicorn-21215.exeUnicorn-1349.exeUnicorn-1349.exeUnicorn-27038.exeUnicorn-24926.exeUnicorn-5060.exeUnicorn-38631.exeUnicorn-38500.exeUnicorn-6342.exeUnicorn-62206.exeUnicorn-40202.exeUnicorn-43047.exeUnicorn-10950.exeUnicorn-56814.exeUnicorn-55901.exeUnicorn-6570.exeUnicorn-59300.exeUnicorn-39626.exeUnicorn-41018.exeUnicorn-17988.exeUnicorn-27779.exeUnicorn-47645.exeUnicorn-47645.exeUnicorn-45377.exeUnicorn-60787.exeUnicorn-15115.exeUnicorn-60450.exeUnicorn-44425.exe

pid	process
3040	Unicorn-36985.exe
2352	Unicorn-40256.exe
2716	Unicorn-60122.exe
2868	Unicorn-48680.exe
2876	Unicorn-64331.exe
2988	Unicorn-44466.exe
1884	Unicorn-1397.exe
1072	Unicorn-14780.exe
2232	Unicorn-1973.exe
2720	Unicorn-47645.exe
2412	Unicorn-18221.exe
2448	Unicorn-42061.exe
928	Unicorn-61927.exe
2368	Unicorn-59851.exe
1036	Unicorn-61927.exe
1672	Unicorn-43645.exe
1120	Unicorn-516.exe
852	Unicorn-64683.exe
1836	Unicorn-16578.exe
2132	Unicorn-62571.exe
2336	Unicorn-60303.exe
2348	Unicorn-16770.exe
2916	Unicorn-14631.exe
1640	Unicorn-10417.exe
1364	Unicorn-10417.exe
1456	Unicorn-51671.exe
2124	Unicorn-6767.exe
2996	Unicorn-33279.exe
1588	Unicorn-50841.exe
1808	Unicorn-48573.exe
544	Unicorn-5423.exe
3020	Unicorn-19740.exe
2804	Unicorn-53311.exe
2808	Unicorn-22777.exe
2896	Unicorn-7701.exe
2556	Unicorn-40374.exe
2520	Unicorn-21215.exe
2572	Unicorn-1349.exe
2564	Unicorn-1349.exe
1684	Unicorn-27038.exe
1944	Unicorn-24926.exe
2016	Unicorn-5060.exe
1928	Unicorn-38631.exe
1676	Unicorn-38500.exe
536	Unicorn-6342.exe
1528	Unicorn-62206.exe
2560	Unicorn-40202.exe
1316	Unicorn-43047.exe
1308	Unicorn-10950.exe
1872	Unicorn-56814.exe
1792	Unicorn-55901.exe
2392	Unicorn-6570.exe
1388	Unicorn-59300.exe
1536	Unicorn-39626.exe
1608	Unicorn-41018.exe
1628	Unicorn-17988.exe
1980	Unicorn-27779.exe
1768	Unicorn-47645.exe
2912	Unicorn-47645.exe
1724	Unicorn-45377.exe
3044	Unicorn-60787.exe
2664	Unicorn-15115.exe
2592	Unicorn-60450.exe
2596	Unicorn-44425.exe

Loads dropped DLL 64 IoCs

Processes:

acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exeUnicorn-36985.exeUnicorn-60122.exeUnicorn-40256.exeWerFault.exeUnicorn-64331.exeUnicorn-48680.exeWerFault.exeWerFault.exeUnicorn-44466.exeUnicorn-14780.exeUnicorn-1397.exeUnicorn-1973.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-18221.exe

pid	process
1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
3040	Unicorn-36985.exe
1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
3040	Unicorn-36985.exe
2716	Unicorn-60122.exe
2716	Unicorn-60122.exe
2352	Unicorn-40256.exe
3040	Unicorn-36985.exe
3040	Unicorn-36985.exe
2352	Unicorn-40256.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2876	Unicorn-64331.exe
2876	Unicorn-64331.exe
2352	Unicorn-40256.exe
2352	Unicorn-40256.exe
2716	Unicorn-60122.exe
2868	Unicorn-48680.exe
2716	Unicorn-60122.exe
2868	Unicorn-48680.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
316	WerFault.exe
1996	WerFault.exe
2988	Unicorn-44466.exe
2988	Unicorn-44466.exe
1072	Unicorn-14780.exe
1884	Unicorn-1397.exe
2876	Unicorn-64331.exe
2876	Unicorn-64331.exe
1884	Unicorn-1397.exe
1072	Unicorn-14780.exe
2232	Unicorn-1973.exe
2232	Unicorn-1973.exe
2868	Unicorn-48680.exe
2868	Unicorn-48680.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
3028	WerFault.exe
1320	WerFault.exe
2412	Unicorn-18221.exe
2412	Unicorn-18221.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2908	1712	WerFault.exe	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
2976	3040	WerFault.exe	Unicorn-36985.exe
316	2716	WerFault.exe	Unicorn-60122.exe
1996	2352	WerFault.exe	Unicorn-40256.exe
2740	2876	WerFault.exe	Unicorn-64331.exe
1320	2988	WerFault.exe	Unicorn-44466.exe
3028	2868	WerFault.exe	Unicorn-48680.exe
972	1884	WerFault.exe	Unicorn-1397.exe
1104	1072	WerFault.exe	Unicorn-14780.exe
1932	2232	WerFault.exe	Unicorn-1973.exe
2080	1120	WerFault.exe	Unicorn-516.exe
2784	2412	WerFault.exe	Unicorn-18221.exe
356	2448	WerFault.exe	Unicorn-42061.exe
1636	2368	WerFault.exe	Unicorn-59851.exe
2704	928	WerFault.exe	Unicorn-61927.exe
2220	1672	WerFault.exe	Unicorn-43645.exe
824	1036	WerFault.exe	Unicorn-61927.exe
3004	852	WerFault.exe	Unicorn-64683.exe
2836	1836	WerFault.exe	Unicorn-16578.exe
2852	2132	WerFault.exe	Unicorn-62571.exe
1804	2336	WerFault.exe	Unicorn-60303.exe
2580	1640	WerFault.exe	Unicorn-10417.exe
2764	2348	WerFault.exe	Unicorn-16770.exe
2416	2916	WerFault.exe	Unicorn-14631.exe
2452	1364	WerFault.exe	Unicorn-10417.exe
908	1456	WerFault.exe	Unicorn-51671.exe
1464	2124	WerFault.exe	Unicorn-6767.exe
2552	1588	WerFault.exe	Unicorn-50841.exe
1976	1808	WerFault.exe	Unicorn-48573.exe
596	544	WerFault.exe	Unicorn-5423.exe
1372	2804	WerFault.exe	Unicorn-53311.exe
2112	2556	WerFault.exe	Unicorn-40374.exe
1248	2896	WerFault.exe	Unicorn-7701.exe
1720	2564	WerFault.exe	Unicorn-1349.exe
2680	2808	WerFault.exe	Unicorn-22777.exe
1328	2520	WerFault.exe	Unicorn-21215.exe
1780	1292	WerFault.exe	Unicorn-336.exe
2008	3020	WerFault.exe	Unicorn-19740.exe
1924	2572	WerFault.exe	Unicorn-1349.exe
3492	1684	WerFault.exe	Unicorn-27038.exe
3616	1944	WerFault.exe	Unicorn-24926.exe
3088	536	WerFault.exe	Unicorn-6342.exe
3108	2560	WerFault.exe	Unicorn-40202.exe
3280	1308	WerFault.exe	Unicorn-10950.exe
3304	1528	WerFault.exe	Unicorn-62206.exe
3348	1768	WerFault.exe	Unicorn-47645.exe
3320	1388	WerFault.exe	Unicorn-59300.exe
3412	2912	WerFault.exe	Unicorn-47645.exe
3432	1628	WerFault.exe	Unicorn-17988.exe
3468	1792	WerFault.exe	Unicorn-55901.exe
3676	2392	WerFault.exe	Unicorn-6570.exe
3884	1608	WerFault.exe	Unicorn-41018.exe
3992	1724	WerFault.exe	Unicorn-45377.exe
4052	1536	WerFault.exe	Unicorn-39626.exe
3128	1316	WerFault.exe	Unicorn-43047.exe
3164	2016	WerFault.exe	Unicorn-5060.exe
3428	1676	WerFault.exe	Unicorn-38500.exe
3480	1872	WerFault.exe	Unicorn-56814.exe
3656	1816	WerFault.exe	Unicorn-372.exe
3852	2332	WerFault.exe	Unicorn-45038.exe
3848	1568	WerFault.exe	Unicorn-14871.exe
3944	2732	WerFault.exe	Unicorn-45038.exe
3968	1796	WerFault.exe	Unicorn-6397.exe
3544	2168	WerFault.exe	Unicorn-53294.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exeUnicorn-36985.exeUnicorn-60122.exeUnicorn-40256.exeUnicorn-64331.exeUnicorn-48680.exeUnicorn-44466.exeUnicorn-1397.exeUnicorn-14780.exeUnicorn-1973.exeUnicorn-47645.exeUnicorn-18221.exeUnicorn-42061.exeUnicorn-61927.exeUnicorn-59851.exeUnicorn-43645.exeUnicorn-61927.exeUnicorn-516.exeUnicorn-64683.exeUnicorn-16578.exeUnicorn-62571.exeUnicorn-60303.exeUnicorn-16770.exeUnicorn-14631.exeUnicorn-10417.exeUnicorn-10417.exeUnicorn-51671.exeUnicorn-6767.exeUnicorn-33279.exeUnicorn-50841.exeUnicorn-48573.exeUnicorn-5423.exeUnicorn-19740.exeUnicorn-53311.exeUnicorn-22777.exeUnicorn-7701.exeUnicorn-1349.exeUnicorn-40374.exeUnicorn-21215.exeUnicorn-1349.exeUnicorn-27038.exeUnicorn-24926.exeUnicorn-5060.exeUnicorn-38631.exeUnicorn-38500.exeUnicorn-6342.exeUnicorn-40202.exeUnicorn-62206.exeUnicorn-43047.exeUnicorn-10950.exeUnicorn-56814.exeUnicorn-55901.exeUnicorn-6570.exeUnicorn-59300.exeUnicorn-39626.exeUnicorn-41018.exeUnicorn-27779.exeUnicorn-47645.exeUnicorn-17988.exeUnicorn-47645.exeUnicorn-45377.exeUnicorn-15115.exeUnicorn-60787.exeUnicorn-60450.exe

pid	process
1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
3040	Unicorn-36985.exe
2716	Unicorn-60122.exe
2352	Unicorn-40256.exe
2876	Unicorn-64331.exe
2868	Unicorn-48680.exe
2988	Unicorn-44466.exe
1884	Unicorn-1397.exe
1072	Unicorn-14780.exe
2232	Unicorn-1973.exe
2720	Unicorn-47645.exe
2412	Unicorn-18221.exe
2448	Unicorn-42061.exe
1036	Unicorn-61927.exe
2368	Unicorn-59851.exe
1672	Unicorn-43645.exe
928	Unicorn-61927.exe
1120	Unicorn-516.exe
852	Unicorn-64683.exe
1836	Unicorn-16578.exe
2132	Unicorn-62571.exe
2336	Unicorn-60303.exe
2348	Unicorn-16770.exe
2916	Unicorn-14631.exe
1640	Unicorn-10417.exe
1364	Unicorn-10417.exe
1456	Unicorn-51671.exe
2124	Unicorn-6767.exe
2996	Unicorn-33279.exe
1588	Unicorn-50841.exe
1808	Unicorn-48573.exe
544	Unicorn-5423.exe
3020	Unicorn-19740.exe
2804	Unicorn-53311.exe
2808	Unicorn-22777.exe
2896	Unicorn-7701.exe
2572	Unicorn-1349.exe
2556	Unicorn-40374.exe
2520	Unicorn-21215.exe
2564	Unicorn-1349.exe
1684	Unicorn-27038.exe
1944	Unicorn-24926.exe
2016	Unicorn-5060.exe
1928	Unicorn-38631.exe
1676	Unicorn-38500.exe
536	Unicorn-6342.exe
2560	Unicorn-40202.exe
1528	Unicorn-62206.exe
1316	Unicorn-43047.exe
1308	Unicorn-10950.exe
1872	Unicorn-56814.exe
1792	Unicorn-55901.exe
2392	Unicorn-6570.exe
1388	Unicorn-59300.exe
1536	Unicorn-39626.exe
1608	Unicorn-41018.exe
1980	Unicorn-27779.exe
1768	Unicorn-47645.exe
1628	Unicorn-17988.exe
2912	Unicorn-47645.exe
1724	Unicorn-45377.exe
2664	Unicorn-15115.exe
3044	Unicorn-60787.exe
2592	Unicorn-60450.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exeUnicorn-36985.exeUnicorn-60122.exeUnicorn-40256.exeUnicorn-64331.exeUnicorn-48680.exeUnicorn-44466.exeUnicorn-1397.exe

description	pid	process	target process
PID 1712 wrote to memory of 3040	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-36985.exe
PID 1712 wrote to memory of 3040	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-36985.exe
PID 1712 wrote to memory of 3040	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-36985.exe
PID 1712 wrote to memory of 3040	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-36985.exe
PID 1712 wrote to memory of 2352	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-40256.exe
PID 1712 wrote to memory of 2352	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-40256.exe
PID 1712 wrote to memory of 2352	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-40256.exe
PID 1712 wrote to memory of 2352	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	Unicorn-40256.exe
PID 3040 wrote to memory of 2716	3040	Unicorn-36985.exe	Unicorn-60122.exe
PID 3040 wrote to memory of 2716	3040	Unicorn-36985.exe	Unicorn-60122.exe
PID 3040 wrote to memory of 2716	3040	Unicorn-36985.exe	Unicorn-60122.exe
PID 3040 wrote to memory of 2716	3040	Unicorn-36985.exe	Unicorn-60122.exe
PID 1712 wrote to memory of 2908	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	WerFault.exe
PID 1712 wrote to memory of 2908	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	WerFault.exe
PID 1712 wrote to memory of 2908	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	WerFault.exe
PID 1712 wrote to memory of 2908	1712	acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe	WerFault.exe
PID 2716 wrote to memory of 2868	2716	Unicorn-60122.exe	Unicorn-48680.exe
PID 2716 wrote to memory of 2868	2716	Unicorn-60122.exe	Unicorn-48680.exe
PID 2716 wrote to memory of 2868	2716	Unicorn-60122.exe	Unicorn-48680.exe
PID 2716 wrote to memory of 2868	2716	Unicorn-60122.exe	Unicorn-48680.exe
PID 3040 wrote to memory of 2988	3040	Unicorn-36985.exe	Unicorn-44466.exe
PID 3040 wrote to memory of 2988	3040	Unicorn-36985.exe	Unicorn-44466.exe
PID 3040 wrote to memory of 2988	3040	Unicorn-36985.exe	Unicorn-44466.exe
PID 3040 wrote to memory of 2988	3040	Unicorn-36985.exe	Unicorn-44466.exe
PID 2352 wrote to memory of 2876	2352	Unicorn-40256.exe	Unicorn-64331.exe
PID 2352 wrote to memory of 2876	2352	Unicorn-40256.exe	Unicorn-64331.exe
PID 2352 wrote to memory of 2876	2352	Unicorn-40256.exe	Unicorn-64331.exe
PID 2352 wrote to memory of 2876	2352	Unicorn-40256.exe	Unicorn-64331.exe
PID 3040 wrote to memory of 2976	3040	Unicorn-36985.exe	WerFault.exe
PID 3040 wrote to memory of 2976	3040	Unicorn-36985.exe	WerFault.exe
PID 3040 wrote to memory of 2976	3040	Unicorn-36985.exe	WerFault.exe
PID 3040 wrote to memory of 2976	3040	Unicorn-36985.exe	WerFault.exe
PID 2876 wrote to memory of 1884	2876	Unicorn-64331.exe	Unicorn-1397.exe
PID 2876 wrote to memory of 1884	2876	Unicorn-64331.exe	Unicorn-1397.exe
PID 2876 wrote to memory of 1884	2876	Unicorn-64331.exe	Unicorn-1397.exe
PID 2876 wrote to memory of 1884	2876	Unicorn-64331.exe	Unicorn-1397.exe
PID 2352 wrote to memory of 1072	2352	Unicorn-40256.exe	Unicorn-14780.exe
PID 2352 wrote to memory of 1072	2352	Unicorn-40256.exe	Unicorn-14780.exe
PID 2352 wrote to memory of 1072	2352	Unicorn-40256.exe	Unicorn-14780.exe
PID 2352 wrote to memory of 1072	2352	Unicorn-40256.exe	Unicorn-14780.exe
PID 2716 wrote to memory of 2720	2716	Unicorn-60122.exe	Unicorn-47645.exe
PID 2716 wrote to memory of 2720	2716	Unicorn-60122.exe	Unicorn-47645.exe
PID 2716 wrote to memory of 2720	2716	Unicorn-60122.exe	Unicorn-47645.exe
PID 2716 wrote to memory of 2720	2716	Unicorn-60122.exe	Unicorn-47645.exe
PID 2868 wrote to memory of 2232	2868	Unicorn-48680.exe	Unicorn-1973.exe
PID 2868 wrote to memory of 2232	2868	Unicorn-48680.exe	Unicorn-1973.exe
PID 2868 wrote to memory of 2232	2868	Unicorn-48680.exe	Unicorn-1973.exe
PID 2868 wrote to memory of 2232	2868	Unicorn-48680.exe	Unicorn-1973.exe
PID 2716 wrote to memory of 316	2716	Unicorn-60122.exe	WerFault.exe
PID 2716 wrote to memory of 316	2716	Unicorn-60122.exe	WerFault.exe
PID 2716 wrote to memory of 316	2716	Unicorn-60122.exe	WerFault.exe
PID 2716 wrote to memory of 316	2716	Unicorn-60122.exe	WerFault.exe
PID 2352 wrote to memory of 1996	2352	Unicorn-40256.exe	WerFault.exe
PID 2352 wrote to memory of 1996	2352	Unicorn-40256.exe	WerFault.exe
PID 2352 wrote to memory of 1996	2352	Unicorn-40256.exe	WerFault.exe
PID 2352 wrote to memory of 1996	2352	Unicorn-40256.exe	WerFault.exe
PID 2988 wrote to memory of 2412	2988	Unicorn-44466.exe	Unicorn-18221.exe
PID 2988 wrote to memory of 2412	2988	Unicorn-44466.exe	Unicorn-18221.exe
PID 2988 wrote to memory of 2412	2988	Unicorn-44466.exe	Unicorn-18221.exe
PID 2988 wrote to memory of 2412	2988	Unicorn-44466.exe	Unicorn-18221.exe
PID 2876 wrote to memory of 2448	2876	Unicorn-64331.exe	Unicorn-42061.exe
PID 1884 wrote to memory of 1036	1884	Unicorn-1397.exe	Unicorn-61927.exe
PID 2876 wrote to memory of 2448	2876	Unicorn-64331.exe	Unicorn-42061.exe
PID 2876 wrote to memory of 2448	2876	Unicorn-64331.exe	Unicorn-42061.exe

C:\Users\Admin\AppData\Local\Temp\acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe
"C:\Users\Admin\AppData\Local\Temp\acb805d1bc34956026d5f0014943cfd655e85776cffa5578527df3ac22ae50c5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
10⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-18083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18083.exe
11⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
12⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
13⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
14⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
15⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
15⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
14⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
12⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
11⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 216
10⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
9⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
10⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
11⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
12⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
13⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
14⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
14⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 220
13⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
12⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
11⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
10⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
9⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
10⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
11⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
12⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
13⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
14⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
14⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
13⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
12⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
11⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
10⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
11⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
12⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
13⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
13⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 220
9⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
8⤵
- Program crash
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-41018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41018.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
9⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
11⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
12⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
13⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
14⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 236
14⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 236
13⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
12⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
11⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
11⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
12⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
13⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 236
13⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
12⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 236
11⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
9⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
10⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
11⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
12⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
13⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
13⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
12⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
11⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
9⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
8⤵
- Program crash
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
9⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
10⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
11⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
12⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
13⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
14⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 236
14⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
13⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
11⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
10⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
9⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
8⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-9190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9190.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
11⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
12⤵
PID:8904

C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
13⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
12⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
9⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
8⤵
- Program crash
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
8⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
9⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
10⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
11⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
12⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
13⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
13⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
12⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
11⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
11⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 236
12⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
11⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
10⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
8⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
7⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
6⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
9⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
10⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
11⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
12⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
13⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
14⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 220
14⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 236
13⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
12⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
11⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 216
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
12⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
13⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 240
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
10⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
8⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-58794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58794.exe
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
12⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
13⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 216
13⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 220
12⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
11⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
10⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
9⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
8⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
11⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
13⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
12⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
11⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
10⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
11⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
12⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 220
12⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
8⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
7⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
8⤵
PID:1292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
9⤵
- Program crash
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
8⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
12⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
13⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
8⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
7⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
9⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
11⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
12⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
10⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
11⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
12⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 220
11⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
8⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 220
5⤵
- Loads dropped DLL
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
6⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
8⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
11⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
12⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 216
13⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
12⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
9⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 220
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
8⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
7⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
10⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
11⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
12⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
11⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
8⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
7⤵
- Program crash
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
7⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
11⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
12⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
11⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
9⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
8⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
10⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
11⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
11⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
9⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
8⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
7⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
6⤵
- Program crash
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
5⤵
- Program crash
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
9⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
10⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
11⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
12⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
13⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
14⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
13⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
12⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
10⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
9⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-34067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34067.exe
10⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
11⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
12⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
13⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
13⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
12⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
11⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
9⤵
- Program crash
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
8⤵
- Program crash
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
8⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
11⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
12⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
13⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 220
13⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
12⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
11⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
11⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
10⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
8⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
7⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
8⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
11⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
12⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
13⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
10⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
9⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
8⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
11⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 220
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
9⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
8⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
7⤵
- Program crash
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
6⤵
- Program crash
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
8⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-25738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25738.exe
10⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
11⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
12⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
13⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
13⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
12⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
10⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
9⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
11⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
12⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
12⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 236
11⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 220
8⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
7⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
10⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 236
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
11⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
8⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
7⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
7⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
11⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
12⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
12⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
11⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
8⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
10⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 188
12⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
11⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
10⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
8⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
7⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
6⤵
- Program crash
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
5⤵
- Program crash
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-6767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6767.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-60450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60450.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
9⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
10⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
11⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
12⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
13⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
14⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
14⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
13⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
12⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
10⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
10⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
11⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
12⤵
PID:9284

C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
13⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 216
13⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
12⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
11⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
10⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
11⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
12⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
9⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
8⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
7⤵
- Executes dropped EXE
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
8⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
11⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
12⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
13⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
12⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
11⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
12⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
12⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
7⤵
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
7⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
11⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
12⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 220
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
9⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
10⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
11⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
10⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
9⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
8⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
7⤵
- Program crash
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
6⤵
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
5⤵
- Program crash
PID:356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
11⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
12⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
13⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 236
13⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
12⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
11⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
10⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
9⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
8⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
7⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
11⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
12⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 216
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
10⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
8⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
7⤵
- Program crash
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-55816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55816.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
8⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
10⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
11⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
12⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
13⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
12⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-51798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51798.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
11⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
12⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
11⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
7⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
10⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
11⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
12⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
12⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
11⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
8⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
6⤵
- Program crash
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
10⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
11⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 236
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
8⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
10⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
11⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
10⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
9⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
8⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
7⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
6⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\UniÉorn-54947.exe
C:\Users\Admin\AppData\Local\Temp\UniÉorn-54947.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\UniÉorn-39989.exe
C:\Users\Admin\AppData\Local\Temp\UniÉorn-39989.exe
9⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\UniÉorn-9870.exe
C:\Users\Admin\AppData\Local\Temp\UniÉorn-9870.exe
10⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\UniÉorn-43336.exe
C:\Users\Admin\AppData\Local\Temp\UniÉorn-43336.exe
11⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
11⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
10⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
9⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
8⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
7⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
6⤵
- Program crash
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
5⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
7⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
11⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
8⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
7⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
6⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
7⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
9⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
10⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 220
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
9⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
7⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
6⤵
- Program crash
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
6⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
8⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
9⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
10⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 236
11⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
10⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
9⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
8⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
7⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
6⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
7⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
8⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
9⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
10⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 236
10⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
9⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
8⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
7⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
6⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
5⤵
- Program crash
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 220
4⤵
- Program crash
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
2⤵
- Program crash
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe

Filesize
184KB

MD5
27e3122ef5493dafe261582470123695

SHA1
608eaec67b89500fb83d8abec971182773186f11

SHA256
034754ef31b716941c9ab83dd326de655d56a64a97f646c0ee769a02e202d95d

SHA512
67744b14f0cee33ccaed77548992c3785384456d32747307c1b1a5f38ec0600067d978af51f49d4a5739ad5373972ccd5fb1aa60a2edb617e66a43db44866422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe

Filesize
184KB

MD5
1810ed5380d9cc2949284538ba62a738

SHA1
1682d8c7b622624360fb5f21dc0c9691f4b4e883

SHA256
e49b5cad8684d36a2232f5b52bc8a78e5245b09dfaa58ed915272ddd5f16d152

SHA512
a3d28f4f872ac958f1e00dd5b7ce4ff29a28b3601e07c704195670de2a7803685437e555605efca6acab91c6acf690dab8b4c09aa522f8012e8129a1740ecd3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe

Filesize
184KB

MD5
e095cd7d36f5f9ffc6374e2a3ef308ad

SHA1
cf2d94c897eea768a287d0b268cc1cfc161e5f99

SHA256
ddd62f796cda8b57fa47c5c13c5e1c2aa05cb1cf873b646478177b10975cacca

SHA512
9ecf28485234a4f31cea52fa2fd59dd2d93d98634c66d2c256a4a998b8ee717803958cf7ad034afadc97d22edb4dc6e8f4cabd3639a529fef3daf972d313da5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe

Filesize
184KB

MD5
67e7e390c28ba4e5a7d85bf076c3c66f

SHA1
968a34239c2a385a5735a72d8c979f0bc3ded9bf

SHA256
7dc0a845b6cf809776e9d0280747adcb7487ef036791b948b38d00ccb7799e71

SHA512
5344c517820e03d69096c615d6058c2bc3441ee43e265745a4c5147b907d6ef8e7ae505abf0b9937060c61e867cb0c39588287aec3ec0f7477ac04cfe9c39bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe

Filesize
184KB

MD5
399f4cf236d2b16297b45e908df6d164

SHA1
a931f9b9289ca1a41da34d5eba4ce8190182fe70

SHA256
451b3e3dbeca80b707160cb02b6127d3ce3d02f0b12810dca771f6f72dd17c57

SHA512
0f497c60a81c278e1d5edda095a1002033d5b9d4a5b175ac6e5c5ee0af415f19a4fd191841060d18490648ea6fe7d64a43b172d21337b2e5fb5ca25d5c8b0616

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe

Filesize
184KB

MD5
dcd27b665f4e93b42a675abf46691d8b

SHA1
36d5aefc43abfdbcac98d9cd3dece73ba7fca307

SHA256
091f3c6fb7dc604ef4b9b521da6d33fb7210b9530d85e93d0078662d2b22a869

SHA512
19d4940e36403832c7001a8a886e9dde0db9eb303e50cd4bf5c6cbf3d3cf649ef198ba1c7392a9c007ee04c60cac326d76f76f5cd78a3a723f51ec1412aac33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe

Filesize
184KB

MD5
b26f2cd95f811ddfc5f2a58dd6b04d00

SHA1
4a063a8ce67cca0dd8075a1fd04a95539d3fd192

SHA256
84edc6184c762fb34f0a0958c85aaeae33d755cf57456bda47facbeb61d0a6b1

SHA512
d3e5242ba332611f9709b5b62c7d298804b9e0f5f2c2383258cd2b292752ffc8c9c8f7eb7c71f09d99aeec90a0daf0803db7dd6b37f86f2f8bc6161e3fed6f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe

Filesize
184KB

MD5
98a2b2c10313131348c42719511f15dc

SHA1
54f3c00b109f9fad8d321bca1c690fa346f2b514

SHA256
a1b455d056fd2a811ee0606aadd0a41ed7cb32e817c89aa69e13a9fd93769065

SHA512
257c551611180c05bf15268a0aee10d7448fd268da2bf917c171ead594c89ecf11b476b99c5e84dc00b716677d6321e557502d20b27d2a670742f767a02ff494

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe

Filesize
184KB

MD5
f672f6c6e6a594d9a45f99578ec5f705

SHA1
5ed0ecc98ec859112f9a2d56750d78df58d3eb95

SHA256
660875b8250945262729739d35d1f41e124b58eede3dc61e4b730de809097ec2

SHA512
07c80a74b1709ba42ae57477b1d62bee943d08af338b19ca7631ef20cfb4655bac24a9e1d901dcd1e71892d25dff8b45f109cdf0166d37523e7e9a972f522a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe

Filesize
184KB

MD5
118a99019519356191714fedabff97cc

SHA1
8434a5878d26087acadf6fd5528ba150b9f1e777

SHA256
a56fdb0c6dd8f4b669cebbc110ea1e6b6c438b939b31e9dca061f4db05f42cb5

SHA512
215f0e1b69fb91c58e75eea24d47738a9bf3654830cb9bc16936604dea1afacf1de5cfd72e1485056499e66392c9422f3b9411cb8deac97f315b04d8b8f004c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe

Filesize
184KB

MD5
e6fc348ccaf3637bfdd0acb5e339f7a3

SHA1
ca56a1f73d32d6f2cbadfa23e36ed1b1ecb61eeb

SHA256
f0fa04963f2b23a7e3839502b5b5574f819ca3436ee31c34a7e66bd7a0d27586

SHA512
a0ca4ebebb063802b35e17cbca5261d6c0676cf21f292e20e4ba10c3628995e4d2b33c4aa1b88c20d5ba7e5dfe3e12d08a4f04d64a62349264ec719d94f28aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe

Filesize
184KB

MD5
0a5ba4de9169367c8b6a33c6fa475b80

SHA1
c44acef720e5ed62d78bd9f11650b65c388c340d

SHA256
db511332b9c4e4976d3393448d7da37597ebd7cb3197c744654353d030613bcf

SHA512
5dc2ec96667836de3b46613e6dfbb33f81968fe1af5e010ebcda6b1d9e1a8da06585a3181de42e89eed0f2bc8aba293db2136596c100150925cb321a610325cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe

Filesize
184KB

MD5
8f8df5aeeba0baacea0c52fa2bb3ed8e

SHA1
f5ebb36a37e6a1f5dba03270f67ba26787ade980

SHA256
534da78e7cfdb2c31fc5a98dbfe7f07ca8d9a850d71ba041f4905b75d7d58016

SHA512
3bc1cac0bf090265f1f445b5c5ef7c1fd7d19cfeb61336bd35ec48a196b474e0cbe9d698214fd5f6143e1dce0f711f2e8395ded12ace2bea5c7c44f73ef6662f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6767.exe

Filesize
184KB

MD5
8dab6c2af94ca1922812d83dc94eb0cd

SHA1
c2acd62641d9c1d803bc08461d83083231401522

SHA256
1c4a3d91df19a7e3951d5fbbda7f5789da2a993743cdaee42809fbdfced43e2e

SHA512
158458b787a0a4770d1034b360ae974cebcb963627c9246b7b109b031abca07f7738d015707554416ab315f14fc37d1af6194f26f2a8d2c126da808333683814

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe

Filesize
184KB

MD5
880515ca4644b727250d0cd6d1d24d5d

SHA1
8435f5ae653ff48241376bba925725e4aeeecb61

SHA256
09be4c855c152908d7fe5160cb5484cfeadf54050cd81de2cd2224a2776f46d5

SHA512
9b6aa505447f0d5463aa55bc52d5ffbcfd54d3fa7a9e5006aca28c674ffe0ff28913dc099ce015ce814aae6513676bc35e472b5feb4130aa5ecd715f99a2cdb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe

Filesize
184KB

MD5
eb14b94e1f657f0fc7f8396938165f45

SHA1
b6cf1122e1e7d9fbb0e38076c1c3132d5e0fa90c

SHA256
05dd126bed56ba5e446d5b76e2d1a40d88006899071a4f2aed1e762482d321d4

SHA512
8a0a80b8c99b183e58bd587dfcd9133c57f739923f039220380bf7b974648c0909baf34d69c2437f31530b0ab28a25ec0a00912936d76f5f9eb97d917001c4d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe

Filesize
184KB

MD5
79f43fa340ad5ea507b0d0649a81b406

SHA1
ef9d96001cd01206b7f98fc599e7c6525c90876b

SHA256
8c0f82819af4c856ebc0550016aa25148478e7352e4d48f2c0691b210f602003

SHA512
c3762f6ca7c1e909c8b175f8da4f4f461789a99a5692f302861f092fc3ec67e4f80fe41f99bcdf5645cc29d1e33067188bb572ac6104e89872478a8a34c18d0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe

Filesize
184KB

MD5
03459847aeb3622a13532974469ebe44

SHA1
40c9e0d65a38b605364b5dd8a4cb998f9cde8d43

SHA256
1392b70d96e9517e12424db69e17f88c15c87d8621051531af57a8e9cb059e73

SHA512
e837cea38b429625351c1e658d3a74cb73be4968230d6df456a92927b3cc7e1e161542cb7545059325d6cb2f22f5fa3f19a092ff57db773faa6d9eaeccf6935e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe

Filesize
184KB

MD5
961627b55858a17dd5d005ffcb56a28e

SHA1
e07790589248f1402dd83aa4cd32b7437511bfc4

SHA256
dbe34d8da7df5cb042a65cf49fd8777bcf9046b28f94d59ccfd1441ac49bbc18

SHA512
8be4512bb2f4599f56441bd981ac013c68546b495f33757b1caedde08de6a3165624aa162bb4f85b0861ef18efe9b0c499f6b00d118389a74b48fbc70871f63f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe

Filesize
184KB

MD5
7011198a4f114f3d56070c9e34542ee4

SHA1
b5df90ce1caed64fd144ecfb3f4de504b91d5c5b

SHA256
e484108564f8de25024ae0ffb9bcd2b5c4ce0467eb1f9184d78cffaddaffe330

SHA512
6a3b76ab1a90db0f0e12bf155d798acaf1dc4c9a2064d6fa6c1dfb7a80d1e02c7124225871470de3c259041875ddc9399b2cce8e162b4935b671ec717ffede1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe

Filesize
184KB

MD5
3c7da8ac52e90cd229af08dbcafa2e8d

SHA1
a45eb1b31afbdf4b83507ccc9ac5f439348e32ba

SHA256
e0f5f93a85a2ce215aa2da08d5a855a4457f32a95dbe80e9dbea5a885557dbd5

SHA512
3b5123caf7838c0a492f14ef6fac0d03a50fcd8edb11fc44cf2f31222f2facb73e9b6e02cee981c9b30641fca2b2232f6ab25711afc8912710af24b1d448df49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe

Filesize
184KB

MD5
bc300cb76231d6ae1f81186671e796fa

SHA1
c490351afdfa557eac16f523d4c47b66b6bc4e60

SHA256
87f147970602c86b8d1367acf39341639d224765e91b55a2af3b6b8c31482b93

SHA512
1bdba88b18b590e0bbddeef0610f74befa36d8cc8c02e418662e7739a96a3a99d8899940b7ea091f2c46cc775af12037f79a1109da3a464f38d4f7f25a604790

Download Submit