a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
Size

184KB
MD5

f30ff2bd43324f89686ce08c2ddf2b08
SHA1

6d823c23c2a2a41e5ccc7b06042cbb9500d0e4a0
SHA256

a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157
SHA512

56a5fc3b2e438cee67ededcee5c169681f9af54bd65c342824f00ed07f6a6f5697a1e3fad8af5a63bb2edb945898387c61d1e65e8de6c8494d67eb6f6f4807e6
SSDEEP

1536:rBZAOjZ5u3G8otx1tGooDHwMYG9yvZc8fmd2vwLV2VQ9twhv5hj5nizpvK:Nle3G8oT7GogdYoWeowLVtjwhvnViFi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-40342.exeUnicorn-43456.exeUnicorn-23590.exeUnicorn-3521.exeUnicorn-29972.exeUnicorn-16712.exeUnicorn-57040.exeUnicorn-19027.exeUnicorn-22064.exeUnicorn-21872.exeUnicorn-34870.exeUnicorn-50214.exeUnicorn-40161.exeUnicorn-42534.exeUnicorn-52347.exeUnicorn-32481.exeUnicorn-5839.exeUnicorn-25705.exeUnicorn-5907.exeUnicorn-56561.exeUnicorn-4023.exeUnicorn-26301.exeUnicorn-46743.exeUnicorn-57054.exeUnicorn-61652.exeUnicorn-11190.exeUnicorn-11190.exeUnicorn-41594.exeUnicorn-48201.exeUnicorn-61460.exeUnicorn-26666.exeUnicorn-3230.exeUnicorn-48902.exeUnicorn-40048.exeUnicorn-59914.exeUnicorn-42317.exeUnicorn-58378.exeUnicorn-60464.exeUnicorn-40406.exeUnicorn-12716.exeUnicorn-28176.exeUnicorn-56250.exeUnicorn-56250.exeUnicorn-61232.exeUnicorn-45965.exeUnicorn-41174.exeUnicorn-28368.exeUnicorn-21273.exeUnicorn-49912.exeUnicorn-23270.exeUnicorn-12449.exeUnicorn-3212.exeUnicorn-23078.exeUnicorn-62911.exeUnicorn-17240.exeUnicorn-56134.exeUnicorn-36844.exeUnicorn-56902.exeUnicorn-2636.exeUnicorn-22310.exeUnicorn-51152.exeUnicorn-62569.exeUnicorn-12107.exeUnicorn-27628.exe

pid	process
2120	Unicorn-40342.exe
2620	Unicorn-43456.exe
2708	Unicorn-23590.exe
2728	Unicorn-3521.exe
2624	Unicorn-29972.exe
2544	Unicorn-16712.exe
2828	Unicorn-57040.exe
2992	Unicorn-19027.exe
3012	Unicorn-22064.exe
1908	Unicorn-21872.exe
1816	Unicorn-34870.exe
1624	Unicorn-50214.exe
1512	Unicorn-40161.exe
1952	Unicorn-42534.exe
2192	Unicorn-52347.exe
852	Unicorn-32481.exe
264	Unicorn-5839.exe
756	Unicorn-25705.exe
2480	Unicorn-5907.exe
1296	Unicorn-56561.exe
1356	Unicorn-4023.exe
1876	Unicorn-26301.exe
1872	Unicorn-46743.exe
1640	Unicorn-57054.exe
972	Unicorn-61652.exe
2200	Unicorn-11190.exe
1584	Unicorn-11190.exe
1732	Unicorn-41594.exe
2196	Unicorn-48201.exe
2248	Unicorn-61460.exe
1320	Unicorn-26666.exe
2732	Unicorn-3230.exe
2136	Unicorn-48902.exe
2640	Unicorn-40048.exe
2656	Unicorn-59914.exe
2780	Unicorn-42317.exe
2684	Unicorn-58378.exe
2044	Unicorn-60464.exe
2804	Unicorn-40406.exe
2956	Unicorn-12716.exe
2988	Unicorn-28176.exe
868	Unicorn-56250.exe
540	Unicorn-56250.exe
372	Unicorn-61232.exe
872	Unicorn-45965.exe
1924	Unicorn-41174.exe
1744	Unicorn-28368.exe
892	Unicorn-21273.exe
1488	Unicorn-49912.exe
708	Unicorn-23270.exe
1768	Unicorn-12449.exe
1660	Unicorn-3212.exe
2388	Unicorn-23078.exe
3048	Unicorn-62911.exe
884	Unicorn-17240.exe
592	Unicorn-56134.exe
2128	Unicorn-36844.exe
908	Unicorn-56902.exe
2420	Unicorn-2636.exe
1916	Unicorn-22310.exe
2616	Unicorn-51152.exe
804	Unicorn-62569.exe
2560	Unicorn-12107.exe
2632	Unicorn-27628.exe

Loads dropped DLL 64 IoCs

Processes:

a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exeUnicorn-40342.exeUnicorn-23590.exeUnicorn-43456.exeWerFault.exeUnicorn-3521.exeUnicorn-16712.exeUnicorn-29972.exeWerFault.exeWerFault.exeUnicorn-57040.exeUnicorn-21872.exeUnicorn-34870.exeUnicorn-19027.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
2120	Unicorn-40342.exe
2120	Unicorn-40342.exe
1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
2708	Unicorn-23590.exe
2708	Unicorn-23590.exe
2620	Unicorn-43456.exe
2620	Unicorn-43456.exe
2120	Unicorn-40342.exe
2120	Unicorn-40342.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2728	Unicorn-3521.exe
2728	Unicorn-3521.exe
2708	Unicorn-23590.exe
2708	Unicorn-23590.exe
2544	Unicorn-16712.exe
2544	Unicorn-16712.exe
2624	Unicorn-29972.exe
2624	Unicorn-29972.exe
2620	Unicorn-43456.exe
2620	Unicorn-43456.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2488	WerFault.exe
2776	WerFault.exe
2828	Unicorn-57040.exe
2828	Unicorn-57040.exe
2728	Unicorn-3521.exe
2728	Unicorn-3521.exe
1908	Unicorn-21872.exe
1816	Unicorn-34870.exe
1908	Unicorn-21872.exe
1816	Unicorn-34870.exe
2624	Unicorn-29972.exe
2624	Unicorn-29972.exe
2544	Unicorn-16712.exe
2544	Unicorn-16712.exe
2992	Unicorn-19027.exe
2992	Unicorn-19027.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
928	WerFault.exe
928	WerFault.exe
928	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2520	1736	WerFault.exe	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
2392	2120	WerFault.exe	Unicorn-40342.exe
2488	2708	WerFault.exe	Unicorn-23590.exe
2776	2620	WerFault.exe	Unicorn-43456.exe
564	2728	WerFault.exe	Unicorn-3521.exe
1864	2544	WerFault.exe	Unicorn-16712.exe
928	2624	WerFault.exe	Unicorn-29972.exe
2416	2828	WerFault.exe	Unicorn-57040.exe
1576	1908	WerFault.exe	Unicorn-21872.exe
1568	3012	WerFault.exe	Unicorn-22064.exe
1812	1816	WerFault.exe	Unicorn-34870.exe
2604	2992	WerFault.exe	Unicorn-19027.exe
2300	1512	WerFault.exe	Unicorn-40161.exe
1280	1624	WerFault.exe	Unicorn-50214.exe
1248	1952	WerFault.exe	Unicorn-42534.exe
2032	2192	WerFault.exe	Unicorn-52347.exe
2900	852	WerFault.exe	Unicorn-32481.exe
600	756	WerFault.exe	Unicorn-25705.exe
1268	264	WerFault.exe	Unicorn-5839.exe
1292	1296	WerFault.exe	Unicorn-56561.exe
2464	2480	WerFault.exe	Unicorn-5907.exe
1388	1356	WerFault.exe	Unicorn-4023.exe
1536	1876	WerFault.exe	Unicorn-26301.exe
1604	1640	WerFault.exe	Unicorn-57054.exe
2920	1872	WerFault.exe	Unicorn-46743.exe
2116	972	WerFault.exe	Unicorn-61652.exe
2092	1584	WerFault.exe	Unicorn-11190.exe
1824	2196	WerFault.exe	Unicorn-48201.exe
1764	1732	WerFault.exe	Unicorn-41594.exe
3036	2248	WerFault.exe	Unicorn-61460.exe
3064	2200	WerFault.exe	Unicorn-11190.exe
1344	2656	WerFault.exe	Unicorn-59914.exe
2984	2732	WerFault.exe	Unicorn-3230.exe
1836	1320	WerFault.exe	Unicorn-26666.exe
2028	2136	WerFault.exe	Unicorn-48902.exe
2808	2780	WerFault.exe	Unicorn-42317.exe
3096	2684	WerFault.exe	Unicorn-58378.exe
3112	2640	WerFault.exe	Unicorn-40048.exe
3144	872	WerFault.exe	Unicorn-45965.exe
3136	2988	WerFault.exe	Unicorn-28176.exe
3204	2044	WerFault.exe	Unicorn-60464.exe
3212	540	WerFault.exe	Unicorn-56250.exe
3224	892	WerFault.exe	Unicorn-21273.exe
3272	372	WerFault.exe	Unicorn-61232.exe
3580	1744	WerFault.exe	Unicorn-28368.exe
3676	868	WerFault.exe	Unicorn-56250.exe
3692	2956	WerFault.exe	Unicorn-12716.exe
3700	1924	WerFault.exe	Unicorn-41174.exe
3712	2804	WerFault.exe	Unicorn-40406.exe
4028	532	WerFault.exe	Unicorn-16203.exe
3896	884	WerFault.exe	Unicorn-17240.exe
3944	2632	WerFault.exe	Unicorn-27628.exe
3972	2572	WerFault.exe	Unicorn-23186.exe
3968	1488	WerFault.exe	Unicorn-49912.exe
4040	2068	WerFault.exe	Unicorn-25682.exe
4076	1768	WerFault.exe	Unicorn-12449.exe
3884	708	WerFault.exe	Unicorn-23270.exe
3820	2664	WerFault.exe	Unicorn-9523.exe
3408	1692	WerFault.exe	Unicorn-39927.exe
3632	2588	WerFault.exe	Unicorn-22906.exe
3860	2748	WerFault.exe	Unicorn-58039.exe
4104	2952	WerFault.exe	Unicorn-25943.exe
4172	2564	WerFault.exe	Unicorn-25682.exe
4188	1252	WerFault.exe	Unicorn-54313.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exeUnicorn-40342.exeUnicorn-43456.exeUnicorn-23590.exeUnicorn-3521.exeUnicorn-29972.exeUnicorn-16712.exeUnicorn-57040.exeUnicorn-22064.exeUnicorn-21872.exeUnicorn-34870.exeUnicorn-19027.exeUnicorn-50214.exeUnicorn-40161.exeUnicorn-42534.exeUnicorn-5839.exeUnicorn-52347.exeUnicorn-32481.exeUnicorn-25705.exeUnicorn-5907.exeUnicorn-56561.exeUnicorn-4023.exeUnicorn-26301.exeUnicorn-46743.exeUnicorn-57054.exeUnicorn-61652.exeUnicorn-11190.exeUnicorn-11190.exeUnicorn-41594.exeUnicorn-48201.exeUnicorn-61460.exeUnicorn-26666.exeUnicorn-3230.exeUnicorn-48902.exeUnicorn-40048.exeUnicorn-59914.exeUnicorn-42317.exeUnicorn-58378.exeUnicorn-60464.exeUnicorn-40406.exeUnicorn-12716.exeUnicorn-28176.exeUnicorn-56250.exeUnicorn-56250.exeUnicorn-61232.exeUnicorn-45965.exeUnicorn-41174.exeUnicorn-28368.exeUnicorn-21273.exeUnicorn-49912.exeUnicorn-23270.exeUnicorn-12449.exeUnicorn-3212.exeUnicorn-23078.exeUnicorn-62911.exeUnicorn-56134.exeUnicorn-17240.exeUnicorn-36844.exeUnicorn-56902.exeUnicorn-2636.exeUnicorn-22310.exeUnicorn-51152.exeUnicorn-62569.exeUnicorn-12107.exe

pid	process
1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
2120	Unicorn-40342.exe
2620	Unicorn-43456.exe
2708	Unicorn-23590.exe
2728	Unicorn-3521.exe
2624	Unicorn-29972.exe
2544	Unicorn-16712.exe
2828	Unicorn-57040.exe
3012	Unicorn-22064.exe
1908	Unicorn-21872.exe
1816	Unicorn-34870.exe
2992	Unicorn-19027.exe
1624	Unicorn-50214.exe
1512	Unicorn-40161.exe
1952	Unicorn-42534.exe
264	Unicorn-5839.exe
2192	Unicorn-52347.exe
852	Unicorn-32481.exe
756	Unicorn-25705.exe
2480	Unicorn-5907.exe
1296	Unicorn-56561.exe
1356	Unicorn-4023.exe
1876	Unicorn-26301.exe
1872	Unicorn-46743.exe
1640	Unicorn-57054.exe
972	Unicorn-61652.exe
2200	Unicorn-11190.exe
1584	Unicorn-11190.exe
1732	Unicorn-41594.exe
2196	Unicorn-48201.exe
2248	Unicorn-61460.exe
1320	Unicorn-26666.exe
2732	Unicorn-3230.exe
2136	Unicorn-48902.exe
2640	Unicorn-40048.exe
2656	Unicorn-59914.exe
2780	Unicorn-42317.exe
2684	Unicorn-58378.exe
2044	Unicorn-60464.exe
2804	Unicorn-40406.exe
2956	Unicorn-12716.exe
2988	Unicorn-28176.exe
540	Unicorn-56250.exe
868	Unicorn-56250.exe
372	Unicorn-61232.exe
872	Unicorn-45965.exe
1924	Unicorn-41174.exe
1744	Unicorn-28368.exe
892	Unicorn-21273.exe
1488	Unicorn-49912.exe
708	Unicorn-23270.exe
1768	Unicorn-12449.exe
1660	Unicorn-3212.exe
2388	Unicorn-23078.exe
3048	Unicorn-62911.exe
592	Unicorn-56134.exe
884	Unicorn-17240.exe
2128	Unicorn-36844.exe
908	Unicorn-56902.exe
2420	Unicorn-2636.exe
1916	Unicorn-22310.exe
2616	Unicorn-51152.exe
804	Unicorn-62569.exe
2560	Unicorn-12107.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exeUnicorn-40342.exeUnicorn-23590.exeUnicorn-43456.exeUnicorn-3521.exeUnicorn-16712.exeUnicorn-29972.exeUnicorn-57040.exe

description	pid	process	target process
PID 1736 wrote to memory of 2120	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-40342.exe
PID 1736 wrote to memory of 2120	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-40342.exe
PID 1736 wrote to memory of 2120	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-40342.exe
PID 1736 wrote to memory of 2120	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-40342.exe
PID 2120 wrote to memory of 2620	2120	Unicorn-40342.exe	Unicorn-43456.exe
PID 2120 wrote to memory of 2620	2120	Unicorn-40342.exe	Unicorn-43456.exe
PID 2120 wrote to memory of 2620	2120	Unicorn-40342.exe	Unicorn-43456.exe
PID 2120 wrote to memory of 2620	2120	Unicorn-40342.exe	Unicorn-43456.exe
PID 1736 wrote to memory of 2708	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-23590.exe
PID 1736 wrote to memory of 2708	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-23590.exe
PID 1736 wrote to memory of 2708	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-23590.exe
PID 1736 wrote to memory of 2708	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	Unicorn-23590.exe
PID 1736 wrote to memory of 2520	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	WerFault.exe
PID 1736 wrote to memory of 2520	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	WerFault.exe
PID 1736 wrote to memory of 2520	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	WerFault.exe
PID 1736 wrote to memory of 2520	1736	a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe	WerFault.exe
PID 2708 wrote to memory of 2728	2708	Unicorn-23590.exe	Unicorn-3521.exe
PID 2708 wrote to memory of 2728	2708	Unicorn-23590.exe	Unicorn-3521.exe
PID 2708 wrote to memory of 2728	2708	Unicorn-23590.exe	Unicorn-3521.exe
PID 2708 wrote to memory of 2728	2708	Unicorn-23590.exe	Unicorn-3521.exe
PID 2620 wrote to memory of 2624	2620	Unicorn-43456.exe	Unicorn-29972.exe
PID 2620 wrote to memory of 2624	2620	Unicorn-43456.exe	Unicorn-29972.exe
PID 2620 wrote to memory of 2624	2620	Unicorn-43456.exe	Unicorn-29972.exe
PID 2620 wrote to memory of 2624	2620	Unicorn-43456.exe	Unicorn-29972.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-40342.exe	Unicorn-16712.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-40342.exe	Unicorn-16712.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-40342.exe	Unicorn-16712.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-40342.exe	Unicorn-16712.exe
PID 2120 wrote to memory of 2392	2120	Unicorn-40342.exe	WerFault.exe
PID 2120 wrote to memory of 2392	2120	Unicorn-40342.exe	WerFault.exe
PID 2120 wrote to memory of 2392	2120	Unicorn-40342.exe	WerFault.exe
PID 2120 wrote to memory of 2392	2120	Unicorn-40342.exe	WerFault.exe
PID 2728 wrote to memory of 2828	2728	Unicorn-3521.exe	Unicorn-57040.exe
PID 2728 wrote to memory of 2828	2728	Unicorn-3521.exe	Unicorn-57040.exe
PID 2728 wrote to memory of 2828	2728	Unicorn-3521.exe	Unicorn-57040.exe
PID 2728 wrote to memory of 2828	2728	Unicorn-3521.exe	Unicorn-57040.exe
PID 2708 wrote to memory of 2992	2708	Unicorn-23590.exe	Unicorn-19027.exe
PID 2708 wrote to memory of 2992	2708	Unicorn-23590.exe	Unicorn-19027.exe
PID 2708 wrote to memory of 2992	2708	Unicorn-23590.exe	Unicorn-19027.exe
PID 2708 wrote to memory of 2992	2708	Unicorn-23590.exe	Unicorn-19027.exe
PID 2544 wrote to memory of 3012	2544	Unicorn-16712.exe	Unicorn-22064.exe
PID 2544 wrote to memory of 3012	2544	Unicorn-16712.exe	Unicorn-22064.exe
PID 2544 wrote to memory of 3012	2544	Unicorn-16712.exe	Unicorn-22064.exe
PID 2544 wrote to memory of 3012	2544	Unicorn-16712.exe	Unicorn-22064.exe
PID 2624 wrote to memory of 1908	2624	Unicorn-29972.exe	Unicorn-21872.exe
PID 2624 wrote to memory of 1908	2624	Unicorn-29972.exe	Unicorn-21872.exe
PID 2624 wrote to memory of 1908	2624	Unicorn-29972.exe	Unicorn-21872.exe
PID 2624 wrote to memory of 1908	2624	Unicorn-29972.exe	Unicorn-21872.exe
PID 2620 wrote to memory of 1816	2620	Unicorn-43456.exe	Unicorn-34870.exe
PID 2620 wrote to memory of 1816	2620	Unicorn-43456.exe	Unicorn-34870.exe
PID 2620 wrote to memory of 1816	2620	Unicorn-43456.exe	Unicorn-34870.exe
PID 2620 wrote to memory of 1816	2620	Unicorn-43456.exe	Unicorn-34870.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-23590.exe	WerFault.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-23590.exe	WerFault.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-23590.exe	WerFault.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-23590.exe	WerFault.exe
PID 2620 wrote to memory of 2776	2620	Unicorn-43456.exe	WerFault.exe
PID 2620 wrote to memory of 2776	2620	Unicorn-43456.exe	WerFault.exe
PID 2620 wrote to memory of 2776	2620	Unicorn-43456.exe	WerFault.exe
PID 2620 wrote to memory of 2776	2620	Unicorn-43456.exe	WerFault.exe
PID 2828 wrote to memory of 1624	2828	Unicorn-57040.exe	Unicorn-50214.exe
PID 2828 wrote to memory of 1624	2828	Unicorn-57040.exe	Unicorn-50214.exe
PID 2828 wrote to memory of 1624	2828	Unicorn-57040.exe	Unicorn-50214.exe
PID 2828 wrote to memory of 1624	2828	Unicorn-57040.exe	Unicorn-50214.exe

C:\Users\Admin\AppData\Local\Temp\a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe
"C:\Users\Admin\AppData\Local\Temp\a821ff19ba1ff227ce02119ccb3898287597ecfc7dab2d8d9028ee2abd80d157.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
9⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
11⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
12⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
13⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
13⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
12⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
11⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
10⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
9⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
8⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
9⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
10⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
11⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
12⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
13⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
13⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
12⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
11⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
11⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
8⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
9⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
10⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
11⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
12⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
13⤵
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
12⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 220
11⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
11⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
11⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 220
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
10⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
12⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
13⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 220
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
9⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 220
8⤵
- Program crash
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
- Program crash
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
9⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
11⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
12⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 236
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
12⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
11⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
11⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
12⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
8⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
10⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
11⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
11⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
9⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
8⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
11⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
12⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
9⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
11⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
9⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
7⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
6⤵
- Program crash
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
10⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
11⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
11⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
10⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
11⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
10⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
7⤵
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
7⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
8⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
7⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
10⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
8⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
7⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 220
6⤵
- Program crash
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
9⤵
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
10⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
11⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
12⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
8⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
11⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
10⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
9⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
8⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
7⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
8⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
10⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
11⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
12⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
13⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
12⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
10⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
10⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
11⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
11⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
10⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
7⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
7⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
8⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
11⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
12⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 236
12⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
10⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
10⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
11⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
11⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
7⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
10⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
11⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
8⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 220
7⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
6⤵
- Program crash
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
7⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
8⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
11⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
12⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 216
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
11⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
10⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
9⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
8⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
7⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
10⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
11⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
12⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
11⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
8⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
7⤵
- Program crash
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
6⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
7⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-33388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33388.exe
10⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
11⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 204
11⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
10⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
8⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
7⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
6⤵
- Program crash
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
5⤵
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
12⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
13⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
11⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
10⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
10⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
11⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
11⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
12⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
7⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
10⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
11⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
10⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 216
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
7⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
8⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
9⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
10⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
11⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 220
10⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
9⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
7⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
6⤵
- Program crash
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
5⤵
- Program crash
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
7⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
9⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
10⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 236
10⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
8⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
6⤵
- Executes dropped EXE
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
7⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
8⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 224
9⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
8⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
7⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
6⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
6⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
7⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
9⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
12⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
11⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
7⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
9⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
10⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
10⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
9⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
8⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
7⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
6⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
7⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
8⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-50767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50767.exe
9⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
10⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
10⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
9⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
8⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
7⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
6⤵
- Program crash
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 240
5⤵
- Program crash
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
9⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
10⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
11⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
12⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
13⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
14⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
13⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
12⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
10⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
11⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
10⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-40363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40363.exe
8⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60346.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
11⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
12⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
11⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
9⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
8⤵
- Program crash
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
8⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
11⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
12⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
12⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
10⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-9388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9388.exe
11⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
12⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
11⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
8⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
7⤵
- Program crash
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-40930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40930.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
11⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
12⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 220
10⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
9⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
8⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
7⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-28871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28871.exe
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
10⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
11⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
11⤵
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
10⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
8⤵
- Program crash
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 220
7⤵
- Program crash
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-11318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11318.exe
11⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
12⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-23372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23372.exe
13⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
12⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
11⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
9⤵
- Program crash
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-31095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31095.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
10⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
11⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
11⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
8⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
7⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
10⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
11⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 236
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
8⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
7⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
7⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
10⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
11⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
11⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
8⤵
- Program crash
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
7⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
9⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 220
10⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 236
9⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
8⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
6⤵
- Program crash
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
5⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
10⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
11⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
12⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
13⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
13⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 236
12⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
11⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
9⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
10⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
11⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
12⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 236
11⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
8⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
7⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
12⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 236
11⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
10⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
8⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
7⤵
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
7⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
11⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 204
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
7⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
9⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
10⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
11⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
10⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
9⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
8⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
7⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
6⤵
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
7⤵
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
11⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
12⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
9⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
9⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
10⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 236
10⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
8⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
7⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
6⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-31472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31472.exe
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 188
9⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
8⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
7⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
6⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
5⤵
- Program crash
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
7⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
8⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
10⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
11⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
12⤵
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
11⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
9⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32715.exe
10⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
11⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
12⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 220
11⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
9⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
8⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 224
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
8⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
7⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
6⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
7⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
11⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
9⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
8⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
7⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
8⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
9⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
10⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 220
10⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 220
9⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
8⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 220
7⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
6⤵
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 220
6⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
5⤵
- Program crash
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 220
6⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
5⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
6⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
7⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
8⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
9⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
10⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
10⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 220
9⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
8⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
7⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
6⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
5⤵
- Program crash
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
4⤵
- Program crash
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
2⤵
- Program crash
PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe

Filesize
184KB

MD5
2a70ba4060f1e7cc7363960ef384c66a

SHA1
162fcd1cbb2075da9b6f179dcc8e97d415106143

SHA256
780e7dc6753059b987c9cdc1125e5dc97a896c0786e13a6a103823f0a30d672c

SHA512
f85a8eea02c6a7af0976df5c90047b86ccf3b610c238ac4083c29f4a0fbd759fc36038dd2cb6f99c4448679b64c810e3afc72f3e4f005b7e951a4fec688020ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe

Filesize
184KB

MD5
46bc6e68c7ed60d915cb5cf48cc7c0c4

SHA1
b294081e8aab235d00b31883e20b294c49dc8fb6

SHA256
0f6de4ea79d4432698cb6787507c46f257cc1b2d3c6692ef7014ed2790dedccd

SHA512
c1e3b36f21ef4c5fbb533d3e5c6ee9063071122cbc29feff846b3fc05abb413ab1d36387adf4d4e223612b3295a19d7d84dc1a7b12cd6c4f29d7722604caa520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe

Filesize
184KB

MD5
cd76e7a1e07a83f0fe198b40f1fdeaf5

SHA1
68e526ab1a2187729f6b7124c3ba86031b1e68d9

SHA256
25aa8d1297ae2950ae374dfa81708de900c1761e2d313a27dc51b4fe8abea57c

SHA512
4305b25a329c25b5976bbeb82001cf837ead9bb6d850b06c312b652aca2abba4b22f7ceec134a032728996ce07ee114f70ea9bb97f366cdea4395c41125fa6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe

Filesize
184KB

MD5
57ada9d7c2768665ac003ab7bfc03fa2

SHA1
8b5e500b71022517edb3fdd759f11c7047f32703

SHA256
0f756728cc4214484656e229fffe473f7e47bf023e55841de3d0b27149d9808a

SHA512
525b3da84480d608d11cc6cbf33b21fdac451471ee3e4d30704a8f326433ac27b669461bbe3f8cc18839d949d296d8ba02b8a5bd814e1d49d50e31289360ebeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe

Filesize
184KB

MD5
e795de37b8a736316b3f1f0d42409207

SHA1
69907d19cec34a086e4096b5770c004c508f5570

SHA256
e2229d9b95c13d70f6b7c1d3a64e61677c3981e17dc24add5bc6c4bc598fefb6

SHA512
8c2360d204c3a7a12244b4b6f4ae5357c466da2a079f6f3fe4d1268c174f017c5a19fb848cd557c20c084988ffad1b0490d4f4f049da70ed9362c278459fe8ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe

Filesize
184KB

MD5
19211d4b86cb159aa6c19898527d5701

SHA1
b1c9a20404645fa9b0639ccfb26c3bce0276f587

SHA256
e00fe5848f02b9be3b8b91bbf78bdb23b715f7577186f752c5f5e4cfd1d85db6

SHA512
bc2ea28f50237d31ea4e0ff35ec9738d7e5418eddbf03fe21bb772021a205905389d87484f83b1d4468b968c980dffae06cf72c9fa341585137c0e0e8e377861

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe

Filesize
184KB

MD5
e5b1d9c3c5a5349d201ab8542ffe92d7

SHA1
396f9bf4b16beeffce6f3557c32dcf4c4e317c2f

SHA256
b5937e253e7942dce2738c70fb3c936155fef346707ea8214f7d16810553ab09

SHA512
11dc8b12b534a0ff6e5abd8c549d2564ea281dfc0a75fa3c37bc3aef83334047968a311e5e1d90e26e8c36a54b343f551a8cedd62edbee8d61c1115c13f0be46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe

Filesize
184KB

MD5
ff18a53880475a9f1aaa1dd3f4a46d44

SHA1
89b8bdaaf098c810a9c3e150d6abd5ce400cdeb8

SHA256
944bb14e8781559ff0dcd5dc64ac10596d99ff5a7ddf06a3fe4d59a3959b8b67

SHA512
345b7de6df2ad160aca48c15ab722b344affe0ac7736bfc9a1836b44e67c20501f2222163443168c1939b306bcdfd62f54d64dc3f79b61570b01a7562bc8866b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe

Filesize
184KB

MD5
5d9ed5e8af552e8e1f85e28f863677f3

SHA1
2248fa5914cc65c4932b0e7d50c68fd22776018d

SHA256
b309b8727066191970b3dc62f26510f626e845de69a48f4099b54996c6ce6cbe

SHA512
757c803c2c44d6a90f5e182d271710a285d5269ebf8d8dc02083df23b5cbfb65d1502c5e6836766632098849404475b056659bcab1e218fc8d407108825ad558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe

Filesize
184KB

MD5
4e8b9b33860e8e726fb45990906673a5

SHA1
fc1a5f6932f274c9e7f50e7f74a73e5d84fb8824

SHA256
6512284479924c0d7ed458b26b0a674bdd54b052b5e5453eee783d62f9766b71

SHA512
c8c0546824eef12ee82850d73bcf5bcb214e32b02d72d5b824267815a0c9aea91a41984b9ffd25d601ec56d93797020c92bb2e99e3348d280e4604e1e1616616

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe

Filesize
184KB

MD5
b84fbd595ab4a458d18d00c5c4fe637b

SHA1
45b5e93280173a2c552c569fb3462fd745e700f1

SHA256
e68dbbb46c36ab99bbd2bfd46453fcae8398822f088408fe231ca7e9cf3a4d50

SHA512
7efc731c7ec6a688edf5ec92f1b37f48d1ef17bfeedeb38594f4bd2aeb9aed849238f9f94283af4760b3e30ef0be79293bcb54299d340b3002d7bf33ab09335f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe

Filesize
184KB

MD5
576ab2f04067a668e9037c7764621578

SHA1
b8db90f47667794b74ecc1f95109efcf360169eb

SHA256
c12df454a30b2a5fa7461fc7af6d0ef78af7bb00f762a503ddb076562403e3d4

SHA512
58a961ea0399f58f587cbff7178a0d58a23cf7d5e982f0fd25e74a06b3b84458f51d8d2903c75935659750977f8f1bf104ce3526621956157d2e886a2d1f0a74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe

Filesize
184KB

MD5
d6c60e6dcff43f5f875f3a50e9c62758

SHA1
73053dc6cf4f3e940c02f2c0c8948488c9d9a6d1

SHA256
ef7f04233582df74e4b2a0f3209fb2efd1e7b71678ac4b5b0f1ba17a139891e2

SHA512
18fb4ec0efc7341cd872e80c9ffd35c1a1223b82d26517b39c8940520de930aa071f46ce53e15873eda826a35a3153d9495a217805d586ae311e82038ec6c909

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe

Filesize
184KB

MD5
309900a93ad0f218b57b724ff48db40b

SHA1
c72320d0616528e75dd0c998612d89c96a1ca800

SHA256
303a59e36febef18b57198aa8adde20d0812354b0eaf60b126dd6dadb9d67b3a

SHA512
f7e13125557f4976c59eafb0d885d76566f5c690023d934c4daf58a6cf7000c80611bc7ba4bec0d3900b1d6928e465e1bdd215e6176a7cde44b76ee645425487

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe

Filesize
184KB

MD5
4ec880e40ed3e89aedfee7239797cf10

SHA1
3175b90f5a4003f8d06f15212c5d80553dfb7605

SHA256
435375c2c8ab761000b39f192031154b9af25d4c691562af129a33236d607339

SHA512
eb9abb384666fa7a920b3e6e227b1f2299c115adb847f76683f97148e0ac9b4dc5dff8f1f3bc183ffcec8cde5fa3d9e9dcd89b44ffb43bbc69e633ba301e9e83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe

Filesize
184KB

MD5
7b23aa7f70254be4ebf8e53fe48c9184

SHA1
c3ee5a26a57c4462c84c1d942013f459bc4d9ebc

SHA256
0720adf654ed816016e40e6acfff026cf1c86459991fc61e570f1acaff01195e

SHA512
4622331cefb85d8bed4dc0b8bf484361eb6e1d5f7361e6fda5fb0682b6b073da59035fe1fee665d191051b9ce25a4931243e7fd2f88dc3187325fe8fa403a4a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe

Filesize
184KB

MD5
5f8bcc875215b6643204f9985b112602

SHA1
3349c3d2bb2f3d54b0082830e2b9127f546ede10

SHA256
f7392e6d585a0b576590d1469c004e0be28ffd801d38b3480665a61a5a6237b9

SHA512
5f5dcc415632c5819c7b65e04080ebcb19249d18f1f0a8a81af7cf2f83282f89a62d078c2871ac1ad5fb82f626a031adf3aa886c5e8117b49bb8619978f2590b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe

Filesize
184KB

MD5
dfe4afb3add2d7b0ae333bfcb51ae495

SHA1
644e0d3d0822470ac79d8f0c9ddc03d6626f7b6c

SHA256
2d6404c35e2d69fb659f59d131d4eb5bebfadfc218e77975c9acf587fe1825c9

SHA512
940d9eb7707c54396b235b023941050ee39a2988b03ff2aefdcfb4804854064b4a186041fbbf4c57b6da015d0cda462bdbf21236dad2c93882574c4249f5ff7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe

Filesize
184KB

MD5
76be5d40a531724dc9bf5ce1d76df053

SHA1
4e9074fa2f4005acdb2c745a110962967da437c3

SHA256
9c31823dc12af178b200c05d0c699ccafa9951096b2bf85853deb85ad4c46a7c

SHA512
abd298782517b0826baa7d8d7b11458423bb468a116d72eea953467feb344a6255170e2c31d4c2168ef633a641611f78de1cdec52924a69ee0249cd39d553350

Download Submit