b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
Size

184KB
MD5

3fc4b1fc74ae85e48f5b9d806f612770
SHA1

9cb65de0cdaa2a576fc4ae50bcfba27841177181
SHA256

b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733
SHA512

73c354feba56491804835faabd96bce45fd8bfc1f36f683e50908abfa4fe5171549440067326fe6c9e8af5be310041eef806cfc0c27c07153b594bda12bd03d2
SSDEEP

3072:ilj6cxozLLONZXEneDoLRTC/hlnniF3n3:il/oyHXEZLFC/hlnniF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-4747.exeUnicorn-42122.exeUnicorn-2905.exeUnicorn-59172.exeUnicorn-39306.exeUnicorn-12436.exeUnicorn-29583.exeUnicorn-62317.exeUnicorn-31913.exeUnicorn-49510.exeUnicorn-29644.exeUnicorn-41488.exeUnicorn-24275.exeUnicorn-23952.exeUnicorn-8265.exeUnicorn-54451.exeUnicorn-8265.exeUnicorn-34585.exeUnicorn-54129.exeUnicorn-13940.exeUnicorn-26939.exeUnicorn-62212.exeUnicorn-9866.exeUnicorn-12518.exeUnicorn-62788.exeUnicorn-62980.exeUnicorn-58382.exeUnicorn-45767.exeUnicorn-10634.exeUnicorn-26093.exeUnicorn-30500.exeUnicorn-45959.exeUnicorn-50438.exeUnicorn-63437.exeUnicorn-17766.exeUnicorn-21606.exeUnicorn-1932.exeUnicorn-54854.exeUnicorn-27081.exeUnicorn-27081.exeUnicorn-40271.exeUnicorn-22312.exeUnicorn-40463.exeUnicorn-55560.exeUnicorn-55560.exeUnicorn-55560.exeUnicorn-55560.exeUnicorn-3214.exeUnicorn-3214.exeUnicorn-3214.exeUnicorn-23080.exeUnicorn-21552.exeUnicorn-39703.exeUnicorn-59569.exeUnicorn-19440.exeUnicorn-47898.exeUnicorn-2226.exeUnicorn-48090.exeUnicorn-35283.exeUnicorn-35475.exeUnicorn-2480.exeUnicorn-57431.exeUnicorn-27795.exeUnicorn-43315.exe

pid	process
2540	Unicorn-4747.exe
3020	Unicorn-42122.exe
1976	Unicorn-2905.exe
2652	Unicorn-59172.exe
2992	Unicorn-39306.exe
2456	Unicorn-12436.exe
2516	Unicorn-29583.exe
2792	Unicorn-62317.exe
2788	Unicorn-31913.exe
316	Unicorn-49510.exe
272	Unicorn-29644.exe
1860	Unicorn-41488.exe
2008	Unicorn-24275.exe
2932	Unicorn-23952.exe
2248	Unicorn-8265.exe
1728	Unicorn-54451.exe
1972	Unicorn-8265.exe
2208	Unicorn-34585.exe
580	Unicorn-54129.exe
3028	Unicorn-13940.exe
852	Unicorn-26939.exe
1880	Unicorn-62212.exe
936	Unicorn-9866.exe
1656	Unicorn-12518.exe
864	Unicorn-62788.exe
2072	Unicorn-62980.exe
1864	Unicorn-58382.exe
564	Unicorn-45767.exe
2244	Unicorn-10634.exe
1432	Unicorn-26093.exe
1948	Unicorn-30500.exe
1896	Unicorn-45959.exe
2584	Unicorn-50438.exe
2624	Unicorn-63437.exe
2668	Unicorn-17766.exe
2500	Unicorn-21606.exe
2944	Unicorn-1932.exe
1596	Unicorn-54854.exe
2704	Unicorn-27081.exe
2760	Unicorn-27081.exe
328	Unicorn-40271.exe
1452	Unicorn-22312.exe
2152	Unicorn-40463.exe
2168	Unicorn-55560.exe
2188	Unicorn-55560.exe
1568	Unicorn-55560.exe
2176	Unicorn-55560.exe
2968	Unicorn-3214.exe
844	Unicorn-3214.exe
532	Unicorn-3214.exe
780	Unicorn-23080.exe
1884	Unicorn-21552.exe
2552	Unicorn-39703.exe
1964	Unicorn-59569.exe
956	Unicorn-19440.exe
952	Unicorn-47898.exe
2240	Unicorn-2226.exe
2296	Unicorn-48090.exe
1576	Unicorn-35283.exe
1888	Unicorn-35475.exe
1672	Unicorn-2480.exe
2848	Unicorn-57431.exe
2716	Unicorn-27795.exe
2620	Unicorn-43315.exe

Loads dropped DLL 64 IoCs

Processes:

b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exeUnicorn-4747.exeUnicorn-42122.exeUnicorn-2905.exeWerFault.exeUnicorn-39306.exeUnicorn-59172.exeUnicorn-12436.exeWerFault.exeWerFault.exeUnicorn-62317.exeUnicorn-29583.exeUnicorn-29644.exeUnicorn-49510.exeUnicorn-31913.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
2540	Unicorn-4747.exe
2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
2540	Unicorn-4747.exe
3020	Unicorn-42122.exe
3020	Unicorn-42122.exe
2540	Unicorn-4747.exe
2540	Unicorn-4747.exe
1976	Unicorn-2905.exe
1976	Unicorn-2905.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
2992	Unicorn-39306.exe
2992	Unicorn-39306.exe
3020	Unicorn-42122.exe
3020	Unicorn-42122.exe
2652	Unicorn-59172.exe
2652	Unicorn-59172.exe
2456	Unicorn-12436.exe
1976	Unicorn-2905.exe
2456	Unicorn-12436.exe
1976	Unicorn-2905.exe
1328	WerFault.exe
1328	WerFault.exe
1328	WerFault.exe
1328	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
1328	WerFault.exe
536	WerFault.exe
2792	Unicorn-62317.exe
2792	Unicorn-62317.exe
2516	Unicorn-29583.exe
2516	Unicorn-29583.exe
2992	Unicorn-39306.exe
2992	Unicorn-39306.exe
272	Unicorn-29644.exe
316	Unicorn-49510.exe
316	Unicorn-49510.exe
272	Unicorn-29644.exe
2456	Unicorn-12436.exe
2456	Unicorn-12436.exe
2788	Unicorn-31913.exe
2788	Unicorn-31913.exe
2652	Unicorn-59172.exe
2652	Unicorn-59172.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
1084	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2588	2912	WerFault.exe	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
1944	2540	WerFault.exe	Unicorn-4747.exe
1328	3020	WerFault.exe	Unicorn-42122.exe
536	1976	WerFault.exe	Unicorn-2905.exe
1152	2992	WerFault.exe	Unicorn-39306.exe
2288	2652	WerFault.exe	Unicorn-59172.exe
1084	2456	WerFault.exe	Unicorn-12436.exe
2752	2792	WerFault.exe	Unicorn-62317.exe
1464	2516	WerFault.exe	Unicorn-29583.exe
2560	272	WerFault.exe	Unicorn-29644.exe
1932	316	WerFault.exe	Unicorn-49510.exe
2656	2788	WerFault.exe	Unicorn-31913.exe
1684	2008	WerFault.exe	Unicorn-24275.exe
2828	1860	WerFault.exe	Unicorn-41488.exe
1552	2932	WerFault.exe	Unicorn-23952.exe
1052	2248	WerFault.exe	Unicorn-8265.exe
916	580	WerFault.exe	Unicorn-54129.exe
3040	1728	WerFault.exe	Unicorn-54451.exe
2872	1972	WerFault.exe	Unicorn-8265.exe
796	2208	WerFault.exe	Unicorn-34585.exe
2600	3028	WerFault.exe	Unicorn-13940.exe
2724	852	WerFault.exe	Unicorn-26939.exe
2492	1880	WerFault.exe	Unicorn-62212.exe
1176	936	WerFault.exe	Unicorn-9866.exe
2964	1656	WerFault.exe	Unicorn-12518.exe
1236	1864	WerFault.exe	Unicorn-58382.exe
1204	864	WerFault.exe	Unicorn-62788.exe
1592	2072	WerFault.exe	Unicorn-62980.exe
920	1896	WerFault.exe	Unicorn-45959.exe
2192	564	WerFault.exe	Unicorn-45767.exe
2108	1432	WerFault.exe	Unicorn-26093.exe
1212	1948	WerFault.exe	Unicorn-30500.exe
2020	2244	WerFault.exe	Unicorn-10634.exe
3308	2668	WerFault.exe	Unicorn-17766.exe
3632	2500	WerFault.exe	Unicorn-21606.exe
3648	2760	WerFault.exe	Unicorn-27081.exe
3792	2152	WerFault.exe	Unicorn-40463.exe
3984	844	WerFault.exe	Unicorn-3214.exe
2268	2624	WerFault.exe	Unicorn-63437.exe
3120	780	WerFault.exe	Unicorn-23080.exe
3112	532	WerFault.exe	Unicorn-3214.exe
3180	2176	WerFault.exe	Unicorn-55560.exe
3192	2968	WerFault.exe	Unicorn-3214.exe
3216	3064	WerFault.exe	Unicorn-65242.exe
3248	2584	WerFault.exe	Unicorn-50438.exe
3288	2704	WerFault.exe	Unicorn-27081.exe
3296	2944	WerFault.exe	Unicorn-1932.exe
3384	1596	WerFault.exe	Unicorn-54854.exe
3624	1452	WerFault.exe	Unicorn-22312.exe
3664	1568	WerFault.exe	Unicorn-55560.exe
3816	2168	WerFault.exe	Unicorn-55560.exe
3224	328	WerFault.exe	Unicorn-40271.exe
3444	3004	WerFault.exe	Unicorn-14530.exe
3564	2716	WerFault.exe	Unicorn-27795.exe
3800	2156	WerFault.exe	Unicorn-22210.exe
3936	952	WerFault.exe	Unicorn-47898.exe
3944	2296	WerFault.exe	Unicorn-48090.exe
1936	1968	WerFault.exe	Unicorn-50410.exe
996	2528	WerFault.exe	Unicorn-140.exe
3212	1264	WerFault.exe	Unicorn-5957.exe
3304	2040	WerFault.exe	Unicorn-55459.exe
3496	2800	WerFault.exe	Unicorn-42844.exe
3528	1460	WerFault.exe	Unicorn-5957.exe
3784	1940	WerFault.exe	Unicorn-26015.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exeUnicorn-4747.exeUnicorn-42122.exeUnicorn-2905.exeUnicorn-39306.exeUnicorn-59172.exeUnicorn-12436.exeUnicorn-29583.exeUnicorn-62317.exeUnicorn-49510.exeUnicorn-29644.exeUnicorn-31913.exeUnicorn-41488.exeUnicorn-24275.exeUnicorn-23952.exeUnicorn-8265.exeUnicorn-34585.exeUnicorn-54451.exeUnicorn-8265.exeUnicorn-54129.exeUnicorn-13940.exeUnicorn-26939.exeUnicorn-62212.exeUnicorn-9866.exeUnicorn-12518.exeUnicorn-62980.exeUnicorn-58382.exeUnicorn-62788.exeUnicorn-45767.exeUnicorn-26093.exeUnicorn-10634.exeUnicorn-45959.exeUnicorn-30500.exeUnicorn-50438.exeUnicorn-63437.exeUnicorn-17766.exeUnicorn-21606.exeUnicorn-1932.exeUnicorn-54854.exeUnicorn-27081.exeUnicorn-27081.exeUnicorn-22312.exeUnicorn-40463.exeUnicorn-40271.exeUnicorn-23080.exeUnicorn-55560.exeUnicorn-55560.exeUnicorn-3214.exeUnicorn-3214.exeUnicorn-55560.exeUnicorn-55560.exeUnicorn-3214.exeUnicorn-39703.exeUnicorn-21552.exeUnicorn-59569.exeUnicorn-19440.exeUnicorn-47898.exeUnicorn-2226.exeUnicorn-48090.exeUnicorn-35283.exeUnicorn-35475.exeUnicorn-2480.exeUnicorn-57431.exeUnicorn-27795.exe

pid	process
2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
2540	Unicorn-4747.exe
3020	Unicorn-42122.exe
1976	Unicorn-2905.exe
2992	Unicorn-39306.exe
2652	Unicorn-59172.exe
2456	Unicorn-12436.exe
2516	Unicorn-29583.exe
2792	Unicorn-62317.exe
316	Unicorn-49510.exe
272	Unicorn-29644.exe
2788	Unicorn-31913.exe
1860	Unicorn-41488.exe
2008	Unicorn-24275.exe
2932	Unicorn-23952.exe
2248	Unicorn-8265.exe
2208	Unicorn-34585.exe
1728	Unicorn-54451.exe
1972	Unicorn-8265.exe
580	Unicorn-54129.exe
3028	Unicorn-13940.exe
852	Unicorn-26939.exe
1880	Unicorn-62212.exe
936	Unicorn-9866.exe
1656	Unicorn-12518.exe
2072	Unicorn-62980.exe
1864	Unicorn-58382.exe
864	Unicorn-62788.exe
564	Unicorn-45767.exe
1432	Unicorn-26093.exe
2244	Unicorn-10634.exe
1896	Unicorn-45959.exe
1948	Unicorn-30500.exe
2584	Unicorn-50438.exe
2624	Unicorn-63437.exe
2668	Unicorn-17766.exe
2500	Unicorn-21606.exe
2944	Unicorn-1932.exe
1596	Unicorn-54854.exe
2704	Unicorn-27081.exe
2760	Unicorn-27081.exe
1452	Unicorn-22312.exe
2152	Unicorn-40463.exe
328	Unicorn-40271.exe
780	Unicorn-23080.exe
2188	Unicorn-55560.exe
2168	Unicorn-55560.exe
2968	Unicorn-3214.exe
844	Unicorn-3214.exe
2176	Unicorn-55560.exe
1568	Unicorn-55560.exe
532	Unicorn-3214.exe
2552	Unicorn-39703.exe
1884	Unicorn-21552.exe
1964	Unicorn-59569.exe
956	Unicorn-19440.exe
952	Unicorn-47898.exe
2240	Unicorn-2226.exe
2296	Unicorn-48090.exe
1576	Unicorn-35283.exe
1888	Unicorn-35475.exe
1672	Unicorn-2480.exe
2848	Unicorn-57431.exe
2716	Unicorn-27795.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exeUnicorn-4747.exeUnicorn-42122.exeUnicorn-2905.exeUnicorn-39306.exeUnicorn-59172.exeUnicorn-12436.exeUnicorn-62317.exe

description	pid	process	target process
PID 2912 wrote to memory of 2540	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-4747.exe
PID 2912 wrote to memory of 2540	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-4747.exe
PID 2912 wrote to memory of 2540	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-4747.exe
PID 2912 wrote to memory of 2540	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-4747.exe
PID 2912 wrote to memory of 1976	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-2905.exe
PID 2540 wrote to memory of 3020	2540	Unicorn-4747.exe	Unicorn-42122.exe
PID 2540 wrote to memory of 3020	2540	Unicorn-4747.exe	Unicorn-42122.exe
PID 2912 wrote to memory of 1976	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-2905.exe
PID 2540 wrote to memory of 3020	2540	Unicorn-4747.exe	Unicorn-42122.exe
PID 2912 wrote to memory of 1976	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-2905.exe
PID 2540 wrote to memory of 3020	2540	Unicorn-4747.exe	Unicorn-42122.exe
PID 2912 wrote to memory of 1976	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	Unicorn-2905.exe
PID 2912 wrote to memory of 2588	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	WerFault.exe
PID 2912 wrote to memory of 2588	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	WerFault.exe
PID 2912 wrote to memory of 2588	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	WerFault.exe
PID 2912 wrote to memory of 2588	2912	b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe	WerFault.exe
PID 3020 wrote to memory of 2652	3020	Unicorn-42122.exe	Unicorn-59172.exe
PID 3020 wrote to memory of 2652	3020	Unicorn-42122.exe	Unicorn-59172.exe
PID 3020 wrote to memory of 2652	3020	Unicorn-42122.exe	Unicorn-59172.exe
PID 3020 wrote to memory of 2652	3020	Unicorn-42122.exe	Unicorn-59172.exe
PID 2540 wrote to memory of 2992	2540	Unicorn-4747.exe	Unicorn-39306.exe
PID 2540 wrote to memory of 2992	2540	Unicorn-4747.exe	Unicorn-39306.exe
PID 2540 wrote to memory of 2992	2540	Unicorn-4747.exe	Unicorn-39306.exe
PID 2540 wrote to memory of 2992	2540	Unicorn-4747.exe	Unicorn-39306.exe
PID 1976 wrote to memory of 2456	1976	Unicorn-2905.exe	Unicorn-12436.exe
PID 1976 wrote to memory of 2456	1976	Unicorn-2905.exe	Unicorn-12436.exe
PID 1976 wrote to memory of 2456	1976	Unicorn-2905.exe	Unicorn-12436.exe
PID 1976 wrote to memory of 2456	1976	Unicorn-2905.exe	Unicorn-12436.exe
PID 2540 wrote to memory of 1944	2540	Unicorn-4747.exe	WerFault.exe
PID 2540 wrote to memory of 1944	2540	Unicorn-4747.exe	WerFault.exe
PID 2540 wrote to memory of 1944	2540	Unicorn-4747.exe	WerFault.exe
PID 2540 wrote to memory of 1944	2540	Unicorn-4747.exe	WerFault.exe
PID 2992 wrote to memory of 2516	2992	Unicorn-39306.exe	Unicorn-29583.exe
PID 2992 wrote to memory of 2516	2992	Unicorn-39306.exe	Unicorn-29583.exe
PID 2992 wrote to memory of 2516	2992	Unicorn-39306.exe	Unicorn-29583.exe
PID 2992 wrote to memory of 2516	2992	Unicorn-39306.exe	Unicorn-29583.exe
PID 3020 wrote to memory of 2792	3020	Unicorn-42122.exe	Unicorn-62317.exe
PID 3020 wrote to memory of 2792	3020	Unicorn-42122.exe	Unicorn-62317.exe
PID 3020 wrote to memory of 2792	3020	Unicorn-42122.exe	Unicorn-62317.exe
PID 3020 wrote to memory of 2792	3020	Unicorn-42122.exe	Unicorn-62317.exe
PID 2652 wrote to memory of 2788	2652	Unicorn-59172.exe	Unicorn-31913.exe
PID 2652 wrote to memory of 2788	2652	Unicorn-59172.exe	Unicorn-31913.exe
PID 2652 wrote to memory of 2788	2652	Unicorn-59172.exe	Unicorn-31913.exe
PID 2652 wrote to memory of 2788	2652	Unicorn-59172.exe	Unicorn-31913.exe
PID 2456 wrote to memory of 316	2456	Unicorn-12436.exe	Unicorn-49510.exe
PID 2456 wrote to memory of 316	2456	Unicorn-12436.exe	Unicorn-49510.exe
PID 2456 wrote to memory of 316	2456	Unicorn-12436.exe	Unicorn-49510.exe
PID 2456 wrote to memory of 316	2456	Unicorn-12436.exe	Unicorn-49510.exe
PID 1976 wrote to memory of 272	1976	Unicorn-2905.exe	Unicorn-29644.exe
PID 1976 wrote to memory of 272	1976	Unicorn-2905.exe	Unicorn-29644.exe
PID 1976 wrote to memory of 272	1976	Unicorn-2905.exe	Unicorn-29644.exe
PID 1976 wrote to memory of 272	1976	Unicorn-2905.exe	Unicorn-29644.exe
PID 3020 wrote to memory of 1328	3020	Unicorn-42122.exe	WerFault.exe
PID 3020 wrote to memory of 1328	3020	Unicorn-42122.exe	WerFault.exe
PID 3020 wrote to memory of 1328	3020	Unicorn-42122.exe	WerFault.exe
PID 3020 wrote to memory of 1328	3020	Unicorn-42122.exe	WerFault.exe
PID 1976 wrote to memory of 536	1976	Unicorn-2905.exe	WerFault.exe
PID 1976 wrote to memory of 536	1976	Unicorn-2905.exe	WerFault.exe
PID 1976 wrote to memory of 536	1976	Unicorn-2905.exe	WerFault.exe
PID 1976 wrote to memory of 536	1976	Unicorn-2905.exe	WerFault.exe
PID 2792 wrote to memory of 1860	2792	Unicorn-62317.exe	Unicorn-41488.exe
PID 2792 wrote to memory of 1860	2792	Unicorn-62317.exe	Unicorn-41488.exe
PID 2792 wrote to memory of 1860	2792	Unicorn-62317.exe	Unicorn-41488.exe
PID 2792 wrote to memory of 1860	2792	Unicorn-62317.exe	Unicorn-41488.exe

C:\Users\Admin\AppData\Local\Temp\b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe
"C:\Users\Admin\AppData\Local\Temp\b64dae6d42bae25127efb1254ff96016a9ce496f7af393c07b52d12a9d191733.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
9⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
10⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
11⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
12⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
13⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
14⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
15⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
14⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
13⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
12⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
11⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
10⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
10⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
11⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
12⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
13⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
13⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
12⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
11⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
10⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
8⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
9⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
11⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
12⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
13⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 216
13⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
12⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
11⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
10⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
9⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 220
8⤵
- Program crash
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
8⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
9⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
12⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
13⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
13⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
12⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
11⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
9⤵
- Program crash
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
11⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
12⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 220
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
8⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
7⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
8⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
10⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
12⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 220
13⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 236
12⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
9⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 220
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
8⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-26379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26379.exe
11⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-13460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13460.exe
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 236
12⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
9⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
8⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
7⤵
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
6⤵
- Program crash
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
8⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
11⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
12⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
13⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
13⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
12⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
11⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
10⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
10⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
11⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 236
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
7⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
10⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
11⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
12⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 220
11⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
8⤵
- Program crash
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
7⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
11⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
12⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 236
8⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
7⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
6⤵
- Program crash
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
9⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
10⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
11⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
12⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
13⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
14⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
12⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
10⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
10⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
12⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
11⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
10⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
8⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
11⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
12⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
10⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 236
9⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
8⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
11⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
12⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 220
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
8⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
7⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39648.exe
8⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
12⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
12⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
11⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
10⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
11⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 220
11⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
8⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
7⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
10⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
11⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 220
10⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
9⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 216
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
6⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
10⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
11⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
12⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 236
11⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
7⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
8⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
10⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
11⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
11⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
9⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
8⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
7⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
11⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 188
12⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 236
11⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
7⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
8⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
9⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
10⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 236
10⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
9⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
8⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
6⤵
- Program crash
PID:1176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
5⤵
- Program crash
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
9⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
10⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
11⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
12⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
13⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 236
13⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
11⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53690.exe
11⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
12⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
13⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
8⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
11⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-27080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27080.exe
12⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 220
12⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
8⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
8⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
11⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 236
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-24256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24256.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
8⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
7⤵
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
8⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
11⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
12⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
10⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
10⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
9⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
8⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
7⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
11⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
8⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
7⤵
- Program crash
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
8⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
10⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52415.exe
12⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
13⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
11⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
12⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 220
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
7⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
10⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
11⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
12⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
11⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 236
10⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
7⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
8⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
11⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 236
10⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
8⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
7⤵
- Program crash
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
6⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
5⤵
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
10⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
11⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 220
12⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
11⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
8⤵
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
7⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
6⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
7⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
9⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
10⤵
PID:9640

C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
11⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
11⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
10⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
9⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
8⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
7⤵
- Program crash
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 220
6⤵
- Program crash
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
6⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
7⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
9⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
10⤵
PID:9556

C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
11⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
11⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
10⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
9⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
8⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
7⤵
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
6⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
7⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
8⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
9⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
10⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 220
10⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 220
9⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
8⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
7⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
6⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
5⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
9⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
10⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
11⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-55780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55780.exe
12⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
13⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
12⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 216
10⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
9⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
8⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
10⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
11⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
12⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 236
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
11⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
10⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-43315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43315.exe
7⤵
- Executes dropped EXE
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
12⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
13⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 236
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 236
11⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
10⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
11⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
10⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
8⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
7⤵
- Program crash
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
6⤵
- Program crash
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
7⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
11⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
12⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
12⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 236
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
8⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
9⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
10⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
11⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
11⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
10⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
9⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
8⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
7⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
6⤵
- Program crash
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 220
5⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
7⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
8⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 200
9⤵
- Program crash
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
8⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
7⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
9⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
10⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
11⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 220
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
10⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
8⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
6⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
7⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
10⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
11⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
8⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
7⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 220
6⤵
- Program crash
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
6⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
8⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
9⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
10⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
10⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
9⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
8⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
7⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
6⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
7⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
8⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
9⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
10⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
10⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 236
9⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
8⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
7⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
6⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
5⤵
- Program crash
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
7⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
12⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
9⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
10⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
11⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
11⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
10⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
8⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
7⤵
- Program crash
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
6⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
7⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
8⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
9⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
11⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
12⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
10⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 216
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
7⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
6⤵
- Program crash
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
6⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
7⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
9⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
10⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
11⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
11⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 220
10⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
9⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 216
8⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
7⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
6⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
7⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
8⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
9⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
10⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
10⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
9⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
8⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
7⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
6⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
5⤵
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
7⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
9⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
10⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
11⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
11⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
10⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
8⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
8⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
9⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
10⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
10⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
9⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
8⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
7⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
6⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
7⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
8⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
9⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
10⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
10⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
9⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
8⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
7⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
6⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
5⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
6⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
7⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
8⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
9⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
10⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
10⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
9⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
8⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
7⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
6⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 220
5⤵
- Program crash
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
4⤵
- Program crash
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
2⤵
- Program crash
PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe

Filesize
184KB

MD5
8ef58e5d7b411153bb25e2fe7be84b07

SHA1
146aa1b9c8a20a4371cfe604db9ec51494bda74d

SHA256
f45cb270e05a26414117cc3647fe93521598eb6aabc6b857a6d987418fd90373

SHA512
6acb5b527e69dc31c9ad00e51eae817e39187165f56ec8414d601f2e0d814ca689fc1622b979983a1bfc19ba3e377e5fd80324e67186ca6a0a80019b9969d01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe

Filesize
184KB

MD5
62fcc5f87519cf3f0da312d01b833195

SHA1
8465f05b5c1e8b008b1c28fed5de279c6dcd7ada

SHA256
059d9ef06bb9f46a990a427ee3a20d1ace4d35f794e27330a5f662921e528464

SHA512
e94a7c9ca1ac6b6984ea4d2a487b4745c2f8df92e78185e2dccfd7a5d48b4a55d1e5ec22d81f4dfd33800a5c9e107d306601240b1bbd790ff5cc87197500dcb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe

Filesize
184KB

MD5
ac75502fcdf7b4d2486939db6e46baae

SHA1
c1a7ba7f1ffd0eb53056578e6406b14e219d7c9c

SHA256
b21bb12b82f8254e21d1d54f4456b4548f1a45a19f3aa2460522a6749de82cd3

SHA512
2b42b5720ccd3a6e6b9508b805716d8e6eb9a0bdd5405b1d1e67c690c70eb35c18ac10ba3d866401ce62a399d10e53c2b1afe6919723996a0ab3271498e4ae01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe

Filesize
184KB

MD5
7ca057043db101666f1a018f6dd10ca4

SHA1
450f415b5a546bdf808177c5db3365f52f114264

SHA256
36dd62e294ce20b7663afd05d9e8cb382e7b5ce2c0b7b219073d9e4654d4aea7

SHA512
15bb988a0457da7441931691caf6ab4008ef2117ca4b6163b3742353b586828e3a4d59c3d062c11404210a888088e78c8eb35088df92ed74ee5e58db12ae63d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe

Filesize
184KB

MD5
7ee76e018a028dd15ca0a8859bdf1dcf

SHA1
0262f236be7a85309b7eb1ed3b0ee766ae5d4e0f

SHA256
c50e3424a7291835d6e74f787779cf11fdcaa5f62c2bff7d616323023c954af2

SHA512
e1a8db49dd1a887bad3046d1d9828a7aacd1e9635f13f29218741857980bed3e0fad77e08788abca73932fdcda06aa810f2ee79683142fbe0854ccd2b237a3ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe

Filesize
184KB

MD5
8328919cfecbd22df38f8e99cb755d5a

SHA1
d3f413ae134e22772dd47ac9e896d48d1f2a4e0e

SHA256
257eee2a58847516fbe8900dcf53ba5f3c7e4fb989c4091905510eddb91a7f96

SHA512
612cc053e53343b5d48e04278e1344d470cf1e888d4556198986da9b975820c4c736d0687e5c104c4ea2b0518c041efd60d48f2d5d611c3ded267ccc62cc97b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe

Filesize
184KB

MD5
8ba6132e9a6f41d1ec73706623cf2359

SHA1
6849a78a137a288c8d0b8791a751719b85824d5a

SHA256
d23e8d8099b8a69757a4b36c1496b5ede1737aae7f71c968b8a2924ac2322c4c

SHA512
3f6b28f4c4cd1751cb01d75af0c6ac7b2cd30e548f3196653f165841fd36b10ba67870648af40472edcb71fc9b22b64a3dc7de1608b383d9f16f047a424b0834

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe

Filesize
184KB

MD5
0e0e828c3be19bb85893f2a273c63f04

SHA1
8ca5a8b7a04aa4697b07370778cd9084c05cc215

SHA256
79dcec21d3bce5f7bc81380380a6a34b32095038c9819f1258933a63eb3dcbbc

SHA512
03aafd602ecc6e506fe6aef4e0db8e918fde7f565c4c13c3e36f7dcb0489a36e75f12ffed31f98298f83eb4c62c300e083541a9f8a3c5f49cd6cc13b48219be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe

Filesize
184KB

MD5
76095ce902f7b07b2e2e3ffdf4aa1be3

SHA1
347db4110cd86f2ed053c13b860ba4ed569a26f2

SHA256
a30654b42ffb4d710ca6d1e73955f1f2513d2299d680dcaaea0e29e831361b21

SHA512
233dcc6fe653b7827cad05892a20dbe660a6aa471a1e1c90816d9a9b8318fdb877bcde6f07549211012a30842ecd71a14649bc8f44152f2415066fff0f7e30da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe

Filesize
184KB

MD5
6f2d820ff52afbc226dc708ef3a80863

SHA1
eaa98abda35813a67b565c7490fff59faa6e8fba

SHA256
fa0065adaccbf952583daf7a97680bc03ddb0280b84da92331146daa4ad13c1f

SHA512
f2a5cbb7c1a66cf598dd3fe760fa8c50e7142def2bf46b779313b20c52fb038c9b7544e535ba11b8a9bed9630c3621bb9603389ea476a5e1ffdb9d4c0276bbd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe

Filesize
184KB

MD5
4445e4c388015a75ef4204755064b563

SHA1
4f9121e2b1e7e0c5794a236116bdbca8fffb2826

SHA256
19fe797d5bb63bf884e7c45a811248c816e335ff975778ad1f4a40fb0d0dee31

SHA512
8139e3c12d55d5bdcfee4bfbc164af9998e5436fbf75f92a7a63471722df4698b2062b68d39e5b08bfc2258b2ec6132e0e66d25f9cf34a5971a2b60e63311da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe

Filesize
184KB

MD5
c1db8cd242afe9d98f99cab78d2b1e28

SHA1
cb29e706758901f89872f6e560407c2abfe8c277

SHA256
9a2ba0804082ae947a83b7dc82c6951efe1fe9bd94c92d9214cb5817e2ffb3fd

SHA512
df1899adbb37feab2bd3d0d0683823e7f116d8c96223cf0ce0fe688fb8bf380b98e8d6eb0e94e0da7ac6ae9a7d6226b6d14a7971e12d92a5683d71629a0f7d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe

Filesize
184KB

MD5
12dbbadc7c47138c2f87af444398f14a

SHA1
fccd96baba7f1524406ae4a08c4037507b875577

SHA256
70818a717095ec5a9f3ca230b1bc9b89538d5e419e95109204e00dcfb0188982

SHA512
d36e47e78dd230199bdc2c9bb5793ecad3104d455e60dcd22ee146ff6635068503abbf1d528d934b8eeae2ba4db05b5bc0cec783dcac42ee13021fb8b0dc96e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe

Filesize
184KB

MD5
fa6561c043bb5d74909a569e78c87ebb

SHA1
4cc5b8b9fc2c490c3dc753d5b5ebbae3516d2ad9

SHA256
331c71e30e7772d87c813ad7f34118af2ae1a1bf56fca19e67ab11e76611e0a6

SHA512
cd83f7163bec611ba1c84dfd567426baa3afe900a830986b48b10d8aecffae56a3b77e6167793fdd644f9540a111b8e4a737e2a53fe3c9f91748715f450267c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe

Filesize
184KB

MD5
9c93bc87a38790d7f36b55f5b51c7ca6

SHA1
2999381918a211930e205f124379dcd042cc849e

SHA256
3f26330aa5f7421270e557dd698291795ecf0d483d1f2c9ee11b96d8c8e5f24b

SHA512
a0d3fae6f74528439e06ac6d17304109bb210144c78a4d1d21a173d2fa0c3414f9272f5fd7857d0bb3cca5be0ed089ee41197204963d39129a513c712d6cbec0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe

Filesize
184KB

MD5
13806d4c0c52a98d4c3f796395c5aa42

SHA1
56eb19eef58b29c319e25834c8bf689262df9ce5

SHA256
c9dfdd23072aee0571f53b1dfd39305f6d1d196a9a21035ac327491a938bd5c7

SHA512
7d38f1d379fabb5662376424f5f5a999bd74c8b4da2f4e897a55c6ef21b83231f84005afbb533c2e920bc13341c4321b8f07a286bcf6bd18f5dfb3f7e0ef06a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe

Filesize
184KB

MD5
f1d54277a6b1f23be556c995b29237ae

SHA1
504663b5060e8efe1634bc19d048eadcde89780d

SHA256
b65c26da3116d3f894be726f85e8be4ac0c010926b51f85f0bce316946ab6bb6

SHA512
c6e2e5821397ff2f1bfbf72972a6c038b8f156324d2b58096f361e67329ca5484e3ee92f11570162cb603534fc3db3d22fc4af64dbb7642121afe0f9d1849ce7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe

Filesize
184KB

MD5
53034da53b5a4a48082843202c33fdd2

SHA1
15f8022c65773ab028dfa47147fbde0235faf855

SHA256
0112222c86908803a42443a317240635fa0f5553cf7019393d200128616202c1

SHA512
f51df22c6fa12ad89de29fc54aba2f7852b8e9dba7ebca5c281957e2f04e5f9b0b94bc44db6cd0ae6b287c5eac656c5be6dd1d89e1132f9f171a003318db5bc8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe

Filesize
184KB

MD5
072fe57a02c7ac9b7f4b9a16f2265cb8

SHA1
a6fb5484faebf68db0d24649266d14aed0b172fc

SHA256
166186588234044ab73a60ff8f9731616f763090b48bb44aa5c6eda15f33a7b3

SHA512
3b1b775baad718ea98d2241e81772786fd3f2a07e820c136a0705d3579712f781e1b625cfa446d64086d1fa42a39b254c525a0ae798ce5466533ba30edfffb53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe

Filesize
184KB

MD5
859e3d61f54501364a815c738454d378

SHA1
565f1a02c51354bb390a854d0aa842ffd3416500

SHA256
4266b4975bf305b1562d858789af9962ee0b8ef98dae97e05e0c7222e0c62843

SHA512
4280fb16748fdb418293a7a0ecebb671adb9a939e76ecec340c6cd9e20eef70735154244a48dc672ddd4b32dbb104017ab099d7250d4b6de5b51cea9ea01eca6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe

Filesize
184KB

MD5
d2d54569e7aaeabab4c3d3231edc5450

SHA1
a0dc4e641e3951c235ebf15e8fea75bd7c2810e9

SHA256
d19dd0bec756e1fdec8ab9600ee92ba1f675a324430cd8938d7f7929eedfcc0b

SHA512
b826db1b5cf7cadc8c3f65f97a52a1df0b5a9f2ccfdfc1097c3ff7a6758d81e376a711721741b60e5cf7f722d5341dff038f0c1cccb8090d6928f75c60b68d69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe

Filesize
184KB

MD5
4dc49261da4b35784848ffbd6052255d

SHA1
a5e0c9e3c9c4a2c928eb49d113cb31e106846238

SHA256
3d896d7aeefc01d1cc4560212b7e11b644e41fc2e8bb28c5871c08ca2368201a

SHA512
98b13b235bb73ffccc9c18a9ad135597b383008b13bcf2b7a27fb4a554f36878f529091f039cce4eebf60689ad07d469211c77bb14c033cc1f92446db45faaf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe

Filesize
184KB

MD5
2bcaceebc7ca8a398f6d489b8cf1efad

SHA1
20434f2b0057fa38b2d8491b7b528fdc32bb19db

SHA256
5b67f883c944a09515aed597915f4ba092ba6f2820a4611a72734e4a37390312

SHA512
79244d973a6401382c2351cf240a11dfb4e0c37d3e7ab787902b339b8c8e61eb38344485eae9fb7b4d307f6f771dede7f8b383529ea633c22ade384721c66736

Download Submit