a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
Size

184KB
MD5

2c81342da895d885871c80e0b2015815
SHA1

6defdcb03d09dc87e210733e620222f7375c3a76
SHA256

a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864
SHA512

897f5d831f7c296a441fa3e7bb88fa948f3009622ee36f3adf341c154b265a63f929f1c9ec548626dbac3d3def846a4ae2f7671e19e6dbaf49628e5892fddbc3
SSDEEP

1536:W7S/6jZlu3LxotxptJOAlawMG2IyvZcl6md8S7LR2zzetYhl5hj5nizpvh:Ada3LxoTXJOTdGtWer7LR0sYhlnViFZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-31592.exeUnicorn-10624.exeUnicorn-56296.exeUnicorn-18015.exeUnicorn-22160.exeUnicorn-42026.exeUnicorn-31557.exeUnicorn-44136.exeUnicorn-11499.exeUnicorn-11463.exeUnicorn-57135.exeUnicorn-7229.exeUnicorn-21380.exeUnicorn-15008.exeUnicorn-65278.exeUnicorn-65086.exeUnicorn-45221.exeUnicorn-62393.exeUnicorn-57987.exeUnicorn-19135.exeUnicorn-33887.exeUnicorn-4059.exeUnicorn-4635.exeUnicorn-50307.exeUnicorn-52575.exeUnicorn-694.exeUnicorn-46942.exeUnicorn-57378.exeUnicorn-31141.exeUnicorn-61545.exeUnicorn-64389.exeUnicorn-31909.exeUnicorn-62313.exeUnicorn-9739.exeUnicorn-45256.exeUnicorn-30181.exeUnicorn-12583.exeUnicorn-58255.exeUnicorn-61504.exeUnicorn-26371.exeUnicorn-20192.exeUnicorn-50212.exeUnicorn-53248.exeUnicorn-36227.exeUnicorn-1094.exeUnicorn-31654.exeUnicorn-51520.exeUnicorn-2402.exeUnicorn-2402.exeUnicorn-61857.exeUnicorn-26532.exeUnicorn-29569.exeUnicorn-39687.exeUnicorn-44286.exeUnicorn-27265.exeUnicorn-57285.exeUnicorn-60321.exeUnicorn-45054.exeUnicorn-24996.exeUnicorn-58840.exeUnicorn-28860.exeUnicorn-26744.exeUnicorn-29628.exeUnicorn-59608.exe

pid	process
2876	Unicorn-31592.exe
3040	Unicorn-10624.exe
2160	Unicorn-56296.exe
2644	Unicorn-18015.exe
2552	Unicorn-22160.exe
2672	Unicorn-42026.exe
1792	Unicorn-31557.exe
2824	Unicorn-44136.exe
2572	Unicorn-11499.exe
1820	Unicorn-11463.exe
2256	Unicorn-57135.exe
468	Unicorn-7229.exe
344	Unicorn-21380.exe
2340	Unicorn-15008.exe
2068	Unicorn-65278.exe
2084	Unicorn-65086.exe
2304	Unicorn-45221.exe
1876	Unicorn-62393.exe
2152	Unicorn-57987.exe
1916	Unicorn-19135.exe
1776	Unicorn-33887.exe
1380	Unicorn-4059.exe
1904	Unicorn-4635.exe
3012	Unicorn-50307.exe
920	Unicorn-52575.exe
864	Unicorn-694.exe
2380	Unicorn-46942.exe
1700	Unicorn-57378.exe
1880	Unicorn-31141.exe
2596	Unicorn-61545.exe
1036	Unicorn-64389.exe
2616	Unicorn-31909.exe
2356	Unicorn-62313.exe
2548	Unicorn-9739.exe
2720	Unicorn-45256.exe
2704	Unicorn-30181.exe
2532	Unicorn-12583.exe
2712	Unicorn-58255.exe
2804	Unicorn-61504.exe
2736	Unicorn-26371.exe
2232	Unicorn-20192.exe
1204	Unicorn-50212.exe
1568	Unicorn-53248.exe
352	Unicorn-36227.exe
2608	Unicorn-1094.exe
1980	Unicorn-31654.exe
2096	Unicorn-51520.exe
332	Unicorn-2402.exe
2908	Unicorn-2402.exe
1136	Unicorn-61857.exe
1760	Unicorn-26532.exe
1724	Unicorn-29569.exe
740	Unicorn-39687.exe
2476	Unicorn-44286.exe
556	Unicorn-27265.exe
1348	Unicorn-57285.exe
2200	Unicorn-60321.exe
1616	Unicorn-45054.exe
880	Unicorn-24996.exe
2744	Unicorn-58840.exe
2536	Unicorn-28860.exe
2236	Unicorn-26744.exe
2840	Unicorn-29628.exe
2168	Unicorn-59608.exe

Loads dropped DLL 64 IoCs

Processes:

a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exeUnicorn-31592.exeUnicorn-10624.exeUnicorn-56296.exeWerFault.exeUnicorn-42026.exeUnicorn-22160.exeUnicorn-18015.exeWerFault.exeWerFault.exeUnicorn-31557.exeUnicorn-11463.exeUnicorn-11499.exeUnicorn-57135.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
2876	Unicorn-31592.exe
2876	Unicorn-31592.exe
836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
3040	Unicorn-10624.exe
3040	Unicorn-10624.exe
2160	Unicorn-56296.exe
2160	Unicorn-56296.exe
2876	Unicorn-31592.exe
2876	Unicorn-31592.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2672	Unicorn-42026.exe
2672	Unicorn-42026.exe
2160	Unicorn-56296.exe
2160	Unicorn-56296.exe
2552	Unicorn-22160.exe
2552	Unicorn-22160.exe
3040	Unicorn-10624.exe
3040	Unicorn-10624.exe
2644	Unicorn-18015.exe
2644	Unicorn-18015.exe
1132	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1132	WerFault.exe
1792	Unicorn-31557.exe
1792	Unicorn-31557.exe
2672	Unicorn-42026.exe
2672	Unicorn-42026.exe
1820	Unicorn-11463.exe
1820	Unicorn-11463.exe
2572	Unicorn-11499.exe
2572	Unicorn-11499.exe
2644	Unicorn-18015.exe
2256	Unicorn-57135.exe
2644	Unicorn-18015.exe
2256	Unicorn-57135.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2768	836	WerFault.exe	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
2588	2876	WerFault.exe	Unicorn-31592.exe
1132	3040	WerFault.exe	Unicorn-10624.exe
1052	2160	WerFault.exe	Unicorn-56296.exe
576	2672	WerFault.exe	Unicorn-42026.exe
1824	2552	WerFault.exe	Unicorn-22160.exe
1928	2644	WerFault.exe	Unicorn-18015.exe
1740	1792	WerFault.exe	Unicorn-31557.exe
1716	1820	WerFault.exe	Unicorn-11463.exe
1320	2824	WerFault.exe	Unicorn-44136.exe
1588	2256	WerFault.exe	Unicorn-57135.exe
2500	468	WerFault.exe	Unicorn-7229.exe
1872	344	WerFault.exe	Unicorn-21380.exe
1428	2340	WerFault.exe	Unicorn-15008.exe
2440	2084	WerFault.exe	Unicorn-65086.exe
1860	2304	WerFault.exe	Unicorn-45221.exe
2116	2572	WerFault.exe	Unicorn-11499.exe
2396	1876	WerFault.exe	Unicorn-62393.exe
2016	2152	WerFault.exe	Unicorn-57987.exe
2780	1916	WerFault.exe	Unicorn-19135.exe
2432	1776	WerFault.exe	Unicorn-33887.exe
1988	1380	WerFault.exe	Unicorn-4059.exe
1240	1904	WerFault.exe	Unicorn-4635.exe
808	920	WerFault.exe	Unicorn-52575.exe
2984	3012	WerFault.exe	Unicorn-50307.exe
2788	864	WerFault.exe	Unicorn-694.exe
2776	1700	WerFault.exe	Unicorn-57378.exe
2684	2380	WerFault.exe	Unicorn-46942.exe
2020	1880	WerFault.exe	Unicorn-31141.exe
1356	1036	WerFault.exe	Unicorn-64389.exe
2932	2616	WerFault.exe	Unicorn-31909.exe
2696	2356	WerFault.exe	Unicorn-62313.exe
1628	2596	WerFault.exe	Unicorn-61545.exe
1900	2712	WerFault.exe	Unicorn-58255.exe
2800	2704	WerFault.exe	Unicorn-30181.exe
876	2548	WerFault.exe	Unicorn-9739.exe
1544	2720	WerFault.exe	Unicorn-45256.exe
3176	2532	WerFault.exe	Unicorn-12583.exe
3552	2428	WerFault.exe	Unicorn-44.exe
3696	2968	WerFault.exe	Unicorn-44.exe
3752	2100	WerFault.exe	Unicorn-65389.exe
3200	1936	WerFault.exe	Unicorn-64523.exe
3340	2096	WerFault.exe	Unicorn-51520.exe
3404	2908	WerFault.exe	Unicorn-2402.exe
3184	2200	WerFault.exe	Unicorn-60321.exe
3460	880	WerFault.exe	Unicorn-24996.exe
3500	1760	WerFault.exe	Unicorn-26532.exe
3560	1348	WerFault.exe	Unicorn-57285.exe
3504	556	WerFault.exe	Unicorn-27265.exe
3608	332	WerFault.exe	Unicorn-2402.exe
3680	1724	WerFault.exe	Unicorn-29569.exe
3944	1908	WerFault.exe	Unicorn-14481.exe
3320	2840	WerFault.exe	Unicorn-29628.exe
3356	2236	WerFault.exe	Unicorn-26744.exe
3368	1616	WerFault.exe	Unicorn-45054.exe
3476	2168	WerFault.exe	Unicorn-59608.exe
3548	1048	WerFault.exe	Unicorn-64523.exe
3704	352	WerFault.exe	Unicorn-36227.exe
3636	2264	WerFault.exe	Unicorn-41404.exe
4016	3124	WerFault.exe	Unicorn-65291.exe
3208	1520	WerFault.exe	Unicorn-10547.exe
3296	1532	WerFault.exe	Unicorn-30413.exe
3900	1980	WerFault.exe	Unicorn-31654.exe
3892	2744	WerFault.exe	Unicorn-58840.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exeUnicorn-31592.exeUnicorn-10624.exeUnicorn-56296.exeUnicorn-18015.exeUnicorn-22160.exeUnicorn-42026.exeUnicorn-31557.exeUnicorn-44136.exeUnicorn-11463.exeUnicorn-11499.exeUnicorn-57135.exeUnicorn-7229.exeUnicorn-21380.exeUnicorn-65278.exeUnicorn-15008.exeUnicorn-65086.exeUnicorn-45221.exeUnicorn-62393.exeUnicorn-57987.exeUnicorn-19135.exeUnicorn-33887.exeUnicorn-4059.exeUnicorn-4635.exeUnicorn-50307.exeUnicorn-52575.exeUnicorn-694.exeUnicorn-57378.exeUnicorn-46942.exeUnicorn-31141.exeUnicorn-64389.exeUnicorn-61545.exeUnicorn-31909.exeUnicorn-62313.exeUnicorn-9739.exeUnicorn-30181.exeUnicorn-58255.exeUnicorn-45256.exeUnicorn-12583.exeUnicorn-61504.exeUnicorn-26371.exeUnicorn-50212.exeUnicorn-20192.exeUnicorn-53248.exeUnicorn-36227.exeUnicorn-1094.exeUnicorn-2402.exeUnicorn-31654.exeUnicorn-51520.exeUnicorn-2402.exeUnicorn-61857.exeUnicorn-26532.exeUnicorn-29569.exeUnicorn-44286.exeUnicorn-39687.exeUnicorn-27265.exeUnicorn-24996.exeUnicorn-60321.exeUnicorn-57285.exeUnicorn-45054.exeUnicorn-58840.exeUnicorn-28860.exeUnicorn-26744.exeUnicorn-29628.exe

pid	process
836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
2876	Unicorn-31592.exe
3040	Unicorn-10624.exe
2160	Unicorn-56296.exe
2644	Unicorn-18015.exe
2552	Unicorn-22160.exe
2672	Unicorn-42026.exe
1792	Unicorn-31557.exe
2824	Unicorn-44136.exe
1820	Unicorn-11463.exe
2572	Unicorn-11499.exe
2256	Unicorn-57135.exe
468	Unicorn-7229.exe
344	Unicorn-21380.exe
2068	Unicorn-65278.exe
2340	Unicorn-15008.exe
2084	Unicorn-65086.exe
2304	Unicorn-45221.exe
1876	Unicorn-62393.exe
2152	Unicorn-57987.exe
1916	Unicorn-19135.exe
1776	Unicorn-33887.exe
1380	Unicorn-4059.exe
1904	Unicorn-4635.exe
3012	Unicorn-50307.exe
920	Unicorn-52575.exe
864	Unicorn-694.exe
1700	Unicorn-57378.exe
2380	Unicorn-46942.exe
1880	Unicorn-31141.exe
1036	Unicorn-64389.exe
2596	Unicorn-61545.exe
2616	Unicorn-31909.exe
2356	Unicorn-62313.exe
2548	Unicorn-9739.exe
2704	Unicorn-30181.exe
2712	Unicorn-58255.exe
2720	Unicorn-45256.exe
2532	Unicorn-12583.exe
2804	Unicorn-61504.exe
2736	Unicorn-26371.exe
1204	Unicorn-50212.exe
2232	Unicorn-20192.exe
1568	Unicorn-53248.exe
352	Unicorn-36227.exe
2608	Unicorn-1094.exe
332	Unicorn-2402.exe
1980	Unicorn-31654.exe
2096	Unicorn-51520.exe
2908	Unicorn-2402.exe
1136	Unicorn-61857.exe
1760	Unicorn-26532.exe
1724	Unicorn-29569.exe
2476	Unicorn-44286.exe
740	Unicorn-39687.exe
556	Unicorn-27265.exe
880	Unicorn-24996.exe
2200	Unicorn-60321.exe
1348	Unicorn-57285.exe
1616	Unicorn-45054.exe
2744	Unicorn-58840.exe
2536	Unicorn-28860.exe
2236	Unicorn-26744.exe
2840	Unicorn-29628.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exeUnicorn-31592.exeUnicorn-10624.exeUnicorn-56296.exeUnicorn-42026.exeUnicorn-22160.exeUnicorn-18015.exeUnicorn-31557.exe

description	pid	process	target process
PID 836 wrote to memory of 2876	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-31592.exe
PID 836 wrote to memory of 2876	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-31592.exe
PID 836 wrote to memory of 2876	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-31592.exe
PID 836 wrote to memory of 2876	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-31592.exe
PID 2876 wrote to memory of 3040	2876	Unicorn-31592.exe	Unicorn-10624.exe
PID 2876 wrote to memory of 3040	2876	Unicorn-31592.exe	Unicorn-10624.exe
PID 2876 wrote to memory of 3040	2876	Unicorn-31592.exe	Unicorn-10624.exe
PID 2876 wrote to memory of 3040	2876	Unicorn-31592.exe	Unicorn-10624.exe
PID 836 wrote to memory of 2160	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-56296.exe
PID 836 wrote to memory of 2160	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-56296.exe
PID 836 wrote to memory of 2160	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-56296.exe
PID 836 wrote to memory of 2160	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	Unicorn-56296.exe
PID 836 wrote to memory of 2768	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	WerFault.exe
PID 836 wrote to memory of 2768	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	WerFault.exe
PID 836 wrote to memory of 2768	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	WerFault.exe
PID 836 wrote to memory of 2768	836	a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe	WerFault.exe
PID 3040 wrote to memory of 2644	3040	Unicorn-10624.exe	Unicorn-18015.exe
PID 3040 wrote to memory of 2644	3040	Unicorn-10624.exe	Unicorn-18015.exe
PID 3040 wrote to memory of 2644	3040	Unicorn-10624.exe	Unicorn-18015.exe
PID 3040 wrote to memory of 2644	3040	Unicorn-10624.exe	Unicorn-18015.exe
PID 2160 wrote to memory of 2672	2160	Unicorn-56296.exe	Unicorn-42026.exe
PID 2160 wrote to memory of 2672	2160	Unicorn-56296.exe	Unicorn-42026.exe
PID 2160 wrote to memory of 2672	2160	Unicorn-56296.exe	Unicorn-42026.exe
PID 2160 wrote to memory of 2672	2160	Unicorn-56296.exe	Unicorn-42026.exe
PID 2876 wrote to memory of 2552	2876	Unicorn-31592.exe	Unicorn-22160.exe
PID 2876 wrote to memory of 2552	2876	Unicorn-31592.exe	Unicorn-22160.exe
PID 2876 wrote to memory of 2552	2876	Unicorn-31592.exe	Unicorn-22160.exe
PID 2876 wrote to memory of 2552	2876	Unicorn-31592.exe	Unicorn-22160.exe
PID 2876 wrote to memory of 2588	2876	Unicorn-31592.exe	WerFault.exe
PID 2876 wrote to memory of 2588	2876	Unicorn-31592.exe	WerFault.exe
PID 2876 wrote to memory of 2588	2876	Unicorn-31592.exe	WerFault.exe
PID 2876 wrote to memory of 2588	2876	Unicorn-31592.exe	WerFault.exe
PID 2672 wrote to memory of 1792	2672	Unicorn-42026.exe	Unicorn-31557.exe
PID 2672 wrote to memory of 1792	2672	Unicorn-42026.exe	Unicorn-31557.exe
PID 2672 wrote to memory of 1792	2672	Unicorn-42026.exe	Unicorn-31557.exe
PID 2672 wrote to memory of 1792	2672	Unicorn-42026.exe	Unicorn-31557.exe
PID 2160 wrote to memory of 2572	2160	Unicorn-56296.exe	Unicorn-11499.exe
PID 2160 wrote to memory of 2572	2160	Unicorn-56296.exe	Unicorn-11499.exe
PID 2160 wrote to memory of 2572	2160	Unicorn-56296.exe	Unicorn-11499.exe
PID 2160 wrote to memory of 2572	2160	Unicorn-56296.exe	Unicorn-11499.exe
PID 2552 wrote to memory of 2824	2552	Unicorn-22160.exe	Unicorn-44136.exe
PID 2552 wrote to memory of 2824	2552	Unicorn-22160.exe	Unicorn-44136.exe
PID 2552 wrote to memory of 2824	2552	Unicorn-22160.exe	Unicorn-44136.exe
PID 2552 wrote to memory of 2824	2552	Unicorn-22160.exe	Unicorn-44136.exe
PID 3040 wrote to memory of 2256	3040	Unicorn-10624.exe	Unicorn-57135.exe
PID 3040 wrote to memory of 2256	3040	Unicorn-10624.exe	Unicorn-57135.exe
PID 3040 wrote to memory of 2256	3040	Unicorn-10624.exe	Unicorn-57135.exe
PID 3040 wrote to memory of 2256	3040	Unicorn-10624.exe	Unicorn-57135.exe
PID 2644 wrote to memory of 1820	2644	Unicorn-18015.exe	Unicorn-11463.exe
PID 2644 wrote to memory of 1820	2644	Unicorn-18015.exe	Unicorn-11463.exe
PID 2644 wrote to memory of 1820	2644	Unicorn-18015.exe	Unicorn-11463.exe
PID 2644 wrote to memory of 1820	2644	Unicorn-18015.exe	Unicorn-11463.exe
PID 3040 wrote to memory of 1132	3040	Unicorn-10624.exe	WerFault.exe
PID 3040 wrote to memory of 1132	3040	Unicorn-10624.exe	WerFault.exe
PID 3040 wrote to memory of 1132	3040	Unicorn-10624.exe	WerFault.exe
PID 3040 wrote to memory of 1132	3040	Unicorn-10624.exe	WerFault.exe
PID 2160 wrote to memory of 1052	2160	Unicorn-56296.exe	WerFault.exe
PID 2160 wrote to memory of 1052	2160	Unicorn-56296.exe	WerFault.exe
PID 2160 wrote to memory of 1052	2160	Unicorn-56296.exe	WerFault.exe
PID 2160 wrote to memory of 1052	2160	Unicorn-56296.exe	WerFault.exe
PID 1792 wrote to memory of 468	1792	Unicorn-31557.exe	Unicorn-7229.exe
PID 1792 wrote to memory of 468	1792	Unicorn-31557.exe	Unicorn-7229.exe
PID 1792 wrote to memory of 468	1792	Unicorn-31557.exe	Unicorn-7229.exe
PID 1792 wrote to memory of 468	1792	Unicorn-31557.exe	Unicorn-7229.exe

C:\Users\Admin\AppData\Local\Temp\a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe
"C:\Users\Admin\AppData\Local\Temp\a6fab332e1552b08ebf2a7d263e10005872c8164993abe68c02f9829b6f4d864.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-63277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63277.exe
10⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
11⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 200
12⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
11⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
10⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
11⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
12⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
12⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
13⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
14⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
14⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
13⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 220
12⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
11⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
10⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
9⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
10⤵
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 220
11⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
10⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
9⤵
- Program crash
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
9⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
10⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
9⤵
- Program crash
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
8⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
9⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe
10⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
11⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
12⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
13⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-34049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34049.exe
14⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
14⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
13⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
12⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
11⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
10⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
8⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
11⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
12⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
13⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22639.exe
14⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 236
13⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
11⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
9⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
8⤵
- Program crash
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
7⤵
- Program crash
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
6⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-49738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49738.exe
9⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
11⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
12⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
13⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
14⤵
PID:11680

C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
15⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11680 -s 216
15⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
14⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
13⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
12⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
11⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
10⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
12⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 236
13⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
12⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
11⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 220
10⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
10⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
11⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
12⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
13⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
13⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
12⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 220
9⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
8⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
11⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
12⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
13⤵
PID:11824

C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
14⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11824 -s 236
14⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
12⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
10⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
11⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 236
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
9⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
8⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
8⤵
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
11⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
12⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
13⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
12⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 236
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
10⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 236
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
8⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
7⤵
- Program crash
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
8⤵
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
9⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
10⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
11⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
10⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 220
8⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
7⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
11⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
12⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 236
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
9⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
10⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
11⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
12⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 236
11⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
10⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
8⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
6⤵
- Program crash
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
9⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
10⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
11⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
12⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
13⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
14⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
15⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
14⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
13⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
12⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
11⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
12⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
13⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
11⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
11⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
12⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
13⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
14⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
13⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
12⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
11⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
9⤵
- Program crash
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
8⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 236
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
11⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
9⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
8⤵
- Program crash
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
10⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
11⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
12⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
13⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
14⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
14⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 236
13⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
12⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
12⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
9⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
10⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
11⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
12⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
13⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
11⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
9⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
8⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
7⤵
- Program crash
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
8⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
11⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
12⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
13⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
12⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
11⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
11⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
11⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
11⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
12⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
13⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
8⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
7⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
10⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
11⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
12⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
7⤵
- Program crash
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
6⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
10⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
11⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
13⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 236
13⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 236
12⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
10⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
11⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
12⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
13⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 236
13⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
12⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
8⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
7⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
9⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
11⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
12⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 236
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
8⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
7⤵
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
8⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
7⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
6⤵
- Program crash
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
5⤵
- Program crash
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
9⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
11⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
12⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
13⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 236
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
12⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
10⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
9⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
8⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
9⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
8⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
7⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
8⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 200
9⤵
- Program crash
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 216
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
7⤵
- Program crash
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-30413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30413.exe
7⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
10⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
9⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
8⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
8⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
9⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
10⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 236
11⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
10⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
9⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
8⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
7⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
5⤵
- Program crash
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
10⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
11⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
12⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
13⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
14⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
14⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
13⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
12⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
11⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
10⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15773.exe
9⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
11⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
12⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
13⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
13⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
12⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
10⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
9⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
11⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
12⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
13⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
14⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 236
14⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
13⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
12⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
11⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
10⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
13⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 236
12⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
10⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
8⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
9⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
10⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
11⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
12⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
13⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
14⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 236
14⤵
PID:784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 236
13⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
12⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
11⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
10⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
9⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
10⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
11⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
12⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
12⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 236
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
10⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
7⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-46942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46942.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
8⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
9⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
11⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
12⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
13⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
14⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
13⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
12⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
11⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
11⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
12⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
13⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
13⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 236
12⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
10⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
8⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
10⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
11⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 236
12⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
11⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
10⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
9⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
7⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
8⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
10⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
11⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
12⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 236
13⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 236
12⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
10⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-18973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18973.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
10⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
11⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
12⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
8⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
7⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
6⤵
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
8⤵
- Executes dropped EXE
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
9⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
10⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
11⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
12⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
13⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
14⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
14⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
13⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
12⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
11⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
10⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
9⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
10⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
11⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
12⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
11⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
9⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
8⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
9⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
10⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
11⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
12⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
13⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
13⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
12⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
9⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
8⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
7⤵
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
7⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
9⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
10⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
11⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
10⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
9⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 216
7⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
6⤵
- Program crash
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
5⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
8⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
12⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
13⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
14⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
14⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 236
13⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
12⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
11⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
12⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 220
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
11⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
10⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
8⤵
- Program crash
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
7⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
12⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
11⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
9⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
9⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
10⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 236
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
10⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
9⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
8⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
7⤵
- Program crash
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
7⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-63509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63509.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
11⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
12⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
13⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
11⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
11⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 236
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
10⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 240
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
11⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
12⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
8⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
9⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
10⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
10⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
9⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 220
7⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
6⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
7⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
11⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
12⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
13⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 236
13⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 236
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
10⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
11⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
11⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
9⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
8⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
8⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
9⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
10⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
11⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
9⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
8⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
7⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
6⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
7⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
8⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
9⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
10⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
10⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
9⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
8⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
7⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
6⤵
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
5⤵
- Program crash
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
4⤵
- Program crash
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
2⤵
- Program crash
PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe

Filesize
184KB

MD5
888c36f7d31545c72d235ef2e5053d61

SHA1
cc940966498beba0c00294597f89989e9d388aab

SHA256
1a2624c7da697a946301635089ce93bdf953d615341f12b2db9cce61d871560a

SHA512
8e08045760cda8f3fbe2fab944df2036bcea1b280d395efc9c71b2f2151026bb7353af18d03e05c81e92b01c3611078456746eff3679761618319637e6e34f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe

Filesize
184KB

MD5
e6e2f042ceabc53df6fbafa4a531f7f8

SHA1
ea3fa235ea819a2a9efad6e6ac530bfc71bb2343

SHA256
6061330ea1f1dec09d7cfc8659c0aca7b9f705bfc41869776d84e239cda483a7

SHA512
211cb62c3157a500397e3a3df80e79aaeaa0bd0a60cb484e24330342eae5e4e1effc9b11675cac3949dde928a943347de2ee9e6578feb1c18ebc5e5886f26122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe

Filesize
184KB

MD5
d3d61dc1922b0213a6badf114a23c789

SHA1
8edd325aa062bf44f5b6cf11e26e89aefc637e87

SHA256
31a6731911b4b565b1c47a6e549c902485d2a0f7fedd725984b0947e393b7b83

SHA512
6cc4cdb9822c624f2cbc5950a5b967c5a76df1823fc6e3326d742263a082606f573c1b89e57145df0e0d24e82f80ccb758f43673d3c96be2e96fb096f415c578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe

Filesize
184KB

MD5
fe9d7f304fde087a3b8286d78808ed99

SHA1
cbd87dff29b46e4f1a65239451711cb5964869d5

SHA256
d1dcfcd661dbda1bb75e0994e11fec61d0b121e429364b1163a3d0fea326825f

SHA512
de1c5aeb81fe0e722c01fbee4f26e2f231ea6b217ed4235f3a62fdf85b6d2f801070a038b2c993874c65b70e5f720992f33a0d60ba3ce73ee5ac60f5da28da30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe

Filesize
184KB

MD5
1b9bc5823e7fc1632672d79373b88b62

SHA1
84f854387e57a42fcda017434cc57c894813bbb2

SHA256
dafa883348e307efda329a48c13817a6f91a8efc8bcf056f2c3ea23388af2d41

SHA512
e296944a201a6fad44f2ed623db4e6836dba87f7a7e2d72de920e238d9e89349cd61f2df9a0dcb76ced81bfee35d3cb67687b37f04c61aae186eb4931c63f786

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe

Filesize
184KB

MD5
f5659797383c5317700fddc92b585b60

SHA1
db0ab0372060d87b68cc152dcee4d413caf9f4e5

SHA256
2652614cd13d7e67176f5781915be8e526ff6024d42cc4aca9936144bb7b18cf

SHA512
5d7c203364e5c1cc64f8541b22421eb4eb5354b7ca631b0cd3f071a45aa598a696e2c617c91bb85229b53bc258f2407fc796858a3f6b4e81570dbe55358bca52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe

Filesize
184KB

MD5
65cd2334cdbfcd1de20207213901e4f2

SHA1
b4d74fc273eaa0d268d322dc12ec4c2bca753aac

SHA256
853abf90c9149978aed6384e20095613e9bfb180698e9f8d25e5a08d23497f7d

SHA512
51d0ba6e0755f12e1b48aa8f55616a94b3ee73d5f7133c50b5f9a45f540c10455778c2203c5a49d05662f235e6264d0dbf96ba86a9e93e61bcb9f13fd9c53cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe

Filesize
184KB

MD5
5c07e4dd82fe44764eebd7fe5eea8b0c

SHA1
21dd280fca3c61abb56b8df0790dc3ae08b1e3aa

SHA256
5b3ff75d118aa5828c2251ab9d8615cc7f58d0d7492a18a9683501ce99ddff08

SHA512
a896755b43fdc482b442f72592ca4b52c12cd5fbb268e0b5ff6ea88444a0f3364c478c8a37c6eee5ab86e4e24677dd1af48930b9be9f2b44c458931c9812bb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe

Filesize
184KB

MD5
e033690a9d217733dc4e07d44e442d9b

SHA1
09a10f88e690fc300f000f4f3792462ab0fbd8b8

SHA256
d4859151475328455f48bd512383f96cbe8650fbbcbed66bd3da48b68ade1139

SHA512
b39fbb3dfec8389197cfa1b159ec3879529e36be7c050449edff97b08920fcf189500cac9f9924a3c0e792318f644929a0207be5da807f2596431dd8c66d3266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe

Filesize
184KB

MD5
5f3cbac31245de3fb3452aecbde8e075

SHA1
7c5d6819c67d5bf7535b28c08779b3ba742d9b66

SHA256
12c58245096cbc759320e81432761d207c7a1cdc787a6a346921bb0c72d31ca1

SHA512
3a4702a13aa3d289e209e78b4030d0538702581a82fb625ee5cd256af2067da2c10e5544a8bdfe3049bc610c90cf8a75239681385d51df4e09684f7b8fc077aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe

Filesize
184KB

MD5
6bae9a88454c74016c03a78cf3e40db3

SHA1
8c8cbd3f59889ee74f92b6268573fd641648e67c

SHA256
b24deeaddf558732f01c32216de0431426c101d1359e73b6f41ba240876800a7

SHA512
9fc84c11edefb109aa13b5f0774ba39e0bd404549fa2584022bd21b42617080b6ea93cd4e62091e637e90e3c7174319d63f0d1d009dbac16451a198d173058d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe

Filesize
184KB

MD5
f40030b089f5bc87e3b4bc9fab97b519

SHA1
f654a7f9ed22e79f4b94c5b67c65bfedb4b53049

SHA256
af43134c5fad7023771e4ba246c4d3941a3888124a081ec9893fb6a7dece2def

SHA512
aab4dd34bb730386954d741b3d089ab8ecabf04377d2dde5a71cc9f7e8d0889c22057b4d0ac9d3c57345b9733a5264b159eb91ad607ad353486447134fea639f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe

Filesize
184KB

MD5
cf42486677a7a64f24b9d5ab325cf43e

SHA1
9bbebd6b0d169904a22571c8b8199bfdfdc12738

SHA256
50b843ff3f29324f4b3db2a03b41a9ddb37ecc94a6e8b543cab5037394e2b03f

SHA512
5ffd9ee15d98d567b79064f81881e1a85cc7709a3a576eb5011f6793a126ac21726b963ae1679e109d7f68743443b9fde5ca6032b2346f984a990bf185f086e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe

Filesize
184KB

MD5
e9400dc2e90638b705c5c0c882800124

SHA1
449e676ecad3e8cbb6cd0742d217e3be13607fd1

SHA256
ee46b26586d6dc77e8f26fa506f0b5ddc1b8fc8ca6ebf3a9388c27a300c13a50

SHA512
1eb19752b9c5667be7d37e718fa08b50755c8a1ef8f7428da7ce299f9aa814126a60128d8d8a1a6d28878b866f14f2dbbda5050751afd2491e31bef7b6378f15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe

Filesize
184KB

MD5
a501fc4ff95dfaf945a6e315c3921faf

SHA1
e775ea2e9b52ba868985e623509d127de81d335f

SHA256
8d845ba899340a1a4352c99cdd8c6dd6ce61fc868e0c9c18a7b4cfcb96a02e55

SHA512
c95f094acceb120054714ace57c9bce95b37db6375432de5753e208977e3ddd8cbcf75478fc1a7d503cb4f5b5d02b2b25420708b8c9c17e00860fa0ea1914989

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe

Filesize
184KB

MD5
2bccb906e9dad699360c6227e2b84263

SHA1
bdcb1b81356833f41c0c3e14740e5433ec4d94f0

SHA256
8895722fdab4203bce945f7356f327763680467702af62ae2f6ca5d54b5dbe6e

SHA512
a6f2106c18fdef3381a60c811741f34d1820287771c99a87aedf2f8d773489f581389335bc8b92b0510982ebc1520dd1d8009159d35e8a65b0e136f7bb56d180

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe

Filesize
184KB

MD5
8ef29a5a7ba0e37b096f21ab524bee47

SHA1
94117a92af580d382e027296cb6761e16878feab

SHA256
b97ebfae75ec2955a4baaf87bd27b0225b5ba592f2e359bcf5e8b046afe999b8

SHA512
7dce89fecf61e6dcc194abde2fb087ee2d198435d8e6f41e530fa016943468c791c227f30bce25234f1cb64256a2b5435bcc3faa8fe0e9378ad23f49bdbba2d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe

Filesize
184KB

MD5
7f493544fb570e2848e8b5ad60518604

SHA1
51048593d956cd3a24c42e385b3547d34d80dcc7

SHA256
0f87a1fbc067d2d7417aba01a92c992796cad35f05e46f0a233c583f5933050c

SHA512
0abf5079ca45c58dc84267efa41b820fa443a2470a3ac4153ac21fcd42a26d20bb92610b7c8b5d1a54b214143cf3a00398b0015362336eb093c9a6ee06bc642c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe

Filesize
184KB

MD5
dffe7c4ee4ada33204e7591b60ad1d74

SHA1
2074459a97462ab04aa03c4847f37aa312f5e366

SHA256
cc46e69d514c48631a09db4a15f414de018b090edd425ed9a7e8110965b07542

SHA512
e24e5075441860f9afc275710f6a2d23e36477a5cf953501845ea66d922ded749f8a8fcb82732a46166626448f31e74157face27ea7c2c0d5e7ca64df1c0dde9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe

Filesize
184KB

MD5
c819af1a8b2bcc6a64cd8c2255dae0d5

SHA1
ece42e7e718121daa429f50f47952e8e9145a7dd

SHA256
4465dcd7c7d3206992d139fe623e40dabdf6186f15fc1118582ef8e4c590619d

SHA512
f6f4377661abe9233b206c72941eccedd1624da637c52d1cada8e23fb1faff1bb98707709acf058eb640853044614f052d73c68e70f2b18778be6533e1e9ce54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe

Filesize
184KB

MD5
41c6defe5c65648aff04b8d634a228aa

SHA1
a32f454027024197c5d1df0646beb38173ba89c6

SHA256
7c9caa147b95c8083c55e0bc7d4bff4154e49b56e4f0996ec320ca5038b8b6ce

SHA512
9b685a602cb4face0a23fd4ca8a744a80eac24f770bc71409688ef0cb75632ee5b8c4dbfa6dfd43e56bdffad83830158a6c6f8d7f971c7cec2308cddf2b163f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe

Filesize
184KB

MD5
54c3a773922d3a88b8f1a0a7023d4eda

SHA1
40b04da21de0c06eb3acc00bb3bb9d111af9b13d

SHA256
3b64d13a6159adc52c36378ae84088c57034aa5a2ff53a9c8b98af47fc5ade4f

SHA512
a1e3cc22a56eebf8b2ad71f802a7a11161df91ca2721002f16a8c811b60d204e56e54e8f4e987c4a13936c57aefdf96b720556f576bc1c2c0106f14ba997ad0d

Download Submit