6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22

Analysis

max time kernel
131s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
Size

184KB
MD5

a03cb139a07f36032f89bd9b2060fd0b
SHA1

b3d83c3071ae81b5d53522bcbcc13c99555d84c5
SHA256

6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22
SHA512

d680fa15e5e994c504e59df0b67a208cc34ac943ebd7355b53069f4f1cd6ae931e673ac42b240a2e1c3c6230a5b25ebca4684fac8f59fe1b2a150eacd384f0ac
SSDEEP

3072:ndB3gxoKipT/dHeWTPcL2VschlnniF7n3:ndYonlHejLKschlnniF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-39493.exeUnicorn-48621.exeUnicorn-63566.exeUnicorn-44620.exeUnicorn-59565.exeUnicorn-17978.exeUnicorn-32607.exeUnicorn-1880.exeUnicorn-47552.exeUnicorn-51636.exeUnicorn-5964.exeUnicorn-56872.exeUnicorn-11200.exeUnicorn-27537.exeUnicorn-42481.exeUnicorn-36281.exeUnicorn-40365.exeUnicorn-55310.exeUnicorn-9638.exeUnicorn-42010.exeUnicorn-11283.exeUnicorn-26228.exeUnicorn-58922.exeUnicorn-28196.exeUnicorn-43140.exeUnicorn-24666.exeUnicorn-44532.exeUnicorn-48616.exeUnicorn-63561.exeUnicorn-17890.exeUnicorn-33925.exeUnicorn-36124.exeUnicorn-60074.exeUnicorn-57614.exeUnicorn-11942.exeUnicorn-54921.exeUnicorn-56545.exeUnicorn-10873.exeUnicorn-39139.exeUnicorn-8413.exeUnicorn-28279.exeUnicorn-5912.exeUnicorn-18165.exeUnicorn-33109.exeUnicorn-57059.exeUnicorn-6467.exeUnicorn-61143.exeUnicorn-10551.exeUnicorn-45959.exeUnicorn-19317.exeUnicorn-38345.exeUnicorn-7619.exeUnicorn-55881.exeUnicorn-33323.exeUnicorn-2596.exeUnicorn-17733.exeUnicorn-52544.exeUnicorn-45767.exeUnicorn-15040.exeUnicorn-15040.exeUnicorn-45767.exeUnicorn-19125.exeUnicorn-34069.exeUnicorn-64796.exe

pid	process
3052	Unicorn-39493.exe
2928	Unicorn-48621.exe
2612	Unicorn-63566.exe
2580	Unicorn-44620.exe
2692	Unicorn-59565.exe
2460	Unicorn-17978.exe
2344	Unicorn-32607.exe
1464	Unicorn-1880.exe
1640	Unicorn-47552.exe
1032	Unicorn-51636.exe
1964	Unicorn-5964.exe
1780	Unicorn-56872.exe
1580	Unicorn-11200.exe
2820	Unicorn-27537.exe
1720	Unicorn-42481.exe
2276	Unicorn-36281.exe
704	Unicorn-40365.exe
1500	Unicorn-55310.exe
1120	Unicorn-9638.exe
848	Unicorn-42010.exe
1356	Unicorn-11283.exe
968	Unicorn-26228.exe
2272	Unicorn-58922.exe
1796	Unicorn-28196.exe
2832	Unicorn-43140.exe
2836	Unicorn-24666.exe
2544	Unicorn-44532.exe
1004	Unicorn-48616.exe
2744	Unicorn-63561.exe
2204	Unicorn-17890.exe
2932	Unicorn-33925.exe
2572	Unicorn-36124.exe
2668	Unicorn-60074.exe
2688	Unicorn-57614.exe
2400	Unicorn-11942.exe
2632	Unicorn-54921.exe
2896	Unicorn-56545.exe
2164	Unicorn-10873.exe
1648	Unicorn-39139.exe
356	Unicorn-8413.exe
1360	Unicorn-28279.exe
2376	Unicorn-5912.exe
2360	Unicorn-18165.exe
1804	Unicorn-33109.exe
2372	Unicorn-57059.exe
2776	Unicorn-6467.exe
2088	Unicorn-61143.exe
2816	Unicorn-10551.exe
748	Unicorn-45959.exe
1064	Unicorn-19317.exe
1748	Unicorn-38345.exe
2132	Unicorn-7619.exe
1320	Unicorn-55881.exe
2848	Unicorn-33323.exe
2148	Unicorn-2596.exe
1628	Unicorn-17733.exe
2940	Unicorn-52544.exe
2604	Unicorn-45767.exe
2700	Unicorn-15040.exe
2720	Unicorn-15040.exe
2680	Unicorn-45767.exe
2464	Unicorn-19125.exe
2536	Unicorn-34069.exe
2340	Unicorn-64796.exe

Loads dropped DLL 64 IoCs

Processes:

6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exeUnicorn-39493.exeUnicorn-48621.exeUnicorn-63566.exeWerFault.exeUnicorn-44620.exeUnicorn-59565.exeUnicorn-17978.exeWerFault.exeWerFault.exeUnicorn-32607.exeUnicorn-1880.exeUnicorn-51636.exeUnicorn-5964.exeUnicorn-47552.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
3052	Unicorn-39493.exe
3052	Unicorn-39493.exe
2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
2928	Unicorn-48621.exe
2928	Unicorn-48621.exe
3052	Unicorn-39493.exe
3052	Unicorn-39493.exe
2612	Unicorn-63566.exe
2612	Unicorn-63566.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
2580	Unicorn-44620.exe
2580	Unicorn-44620.exe
2692	Unicorn-59565.exe
2692	Unicorn-59565.exe
2928	Unicorn-48621.exe
2928	Unicorn-48621.exe
2612	Unicorn-63566.exe
2612	Unicorn-63566.exe
2460	Unicorn-17978.exe
2460	Unicorn-17978.exe
2396	WerFault.exe
2396	WerFault.exe
2396	WerFault.exe
2396	WerFault.exe
2396	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2344	Unicorn-32607.exe
2344	Unicorn-32607.exe
2580	Unicorn-44620.exe
2580	Unicorn-44620.exe
1464	Unicorn-1880.exe
1464	Unicorn-1880.exe
2692	Unicorn-59565.exe
2692	Unicorn-59565.exe
1032	Unicorn-51636.exe
1032	Unicorn-51636.exe
1964	Unicorn-5964.exe
1964	Unicorn-5964.exe
2460	Unicorn-17978.exe
2460	Unicorn-17978.exe
1640	Unicorn-47552.exe
1640	Unicorn-47552.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
280	WerFault.exe
280	WerFault.exe
280	WerFault.exe
280	WerFault.exe
2436	WerFault.exe
280	WerFault.exe
2408	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2588	2784	WerFault.exe	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
3028	3052	WerFault.exe	Unicorn-39493.exe
2396	2928	WerFault.exe	Unicorn-48621.exe
2348	2612	WerFault.exe	Unicorn-63566.exe
2436	2580	WerFault.exe	Unicorn-44620.exe
280	2692	WerFault.exe	Unicorn-59565.exe
2408	2460	WerFault.exe	Unicorn-17978.exe
1592	2344	WerFault.exe	Unicorn-32607.exe
2652	1464	WerFault.exe	Unicorn-1880.exe
2356	1032	WerFault.exe	Unicorn-51636.exe
2592	1964	WerFault.exe	Unicorn-5964.exe
2716	1640	WerFault.exe	Unicorn-47552.exe
2284	1780	WerFault.exe	Unicorn-56872.exe
676	1580	WerFault.exe	Unicorn-11200.exe
1272	1720	WerFault.exe	Unicorn-42481.exe
3036	2820	WerFault.exe	Unicorn-27537.exe
1836	2276	WerFault.exe	Unicorn-36281.exe
1876	704	WerFault.exe	Unicorn-40365.exe
348	1500	WerFault.exe	Unicorn-55310.exe
1692	1120	WerFault.exe	Unicorn-9638.exe
1828	848	WerFault.exe	Unicorn-42010.exe
564	1356	WerFault.exe	Unicorn-11283.exe
2060	968	WerFault.exe	Unicorn-26228.exe
1248	2272	WerFault.exe	Unicorn-58922.exe
904	1796	WerFault.exe	Unicorn-28196.exe
2332	2832	WerFault.exe	Unicorn-43140.exe
1324	2836	WerFault.exe	Unicorn-24666.exe
1728	2544	WerFault.exe	Unicorn-44532.exe
2040	2744	WerFault.exe	Unicorn-63561.exe
2684	2204	WerFault.exe	Unicorn-17890.exe
2516	1004	WerFault.exe	Unicorn-48616.exe
1652	2572	WerFault.exe	Unicorn-36124.exe
1952	2932	WerFault.exe	Unicorn-33925.exe
924	2688	WerFault.exe	Unicorn-57614.exe
3080	2400	WerFault.exe	Unicorn-11942.exe
3096	2376	WerFault.exe	Unicorn-5912.exe
3128	1360	WerFault.exe	Unicorn-28279.exe
3144	2632	WerFault.exe	Unicorn-54921.exe
3204	2668	WerFault.exe	Unicorn-60074.exe
3196	2896	WerFault.exe	Unicorn-56545.exe
3212	2360	WerFault.exe	Unicorn-18165.exe
3264	2372	WerFault.exe	Unicorn-57059.exe
3308	356	WerFault.exe	Unicorn-8413.exe
3336	2088	WerFault.exe	Unicorn-61143.exe
3344	1804	WerFault.exe	Unicorn-33109.exe
3384	1648	WerFault.exe	Unicorn-39139.exe
3392	2776	WerFault.exe	Unicorn-6467.exe
3408	2164	WerFault.exe	Unicorn-10873.exe
3428	2816	WerFault.exe	Unicorn-10551.exe
3352	1064	WerFault.exe	Unicorn-19317.exe
3504	1320	WerFault.exe	Unicorn-55881.exe
4004	2848	WerFault.exe	Unicorn-33323.exe
3788	1748	WerFault.exe	Unicorn-38345.exe
3980	1660	WerFault.exe	Unicorn-3343.exe
4084	2132	WerFault.exe	Unicorn-7619.exe
3452	2680	WerFault.exe	Unicorn-45767.exe
3568	748	WerFault.exe	Unicorn-45959.exe
3756	2224	WerFault.exe	Unicorn-42237.exe
4460	2340	WerFault.exe	Unicorn-64796.exe
4556	1776	WerFault.exe	Unicorn-58019.exe
4620	2112	WerFault.exe	Unicorn-35461.exe
4636	1296	WerFault.exe	Unicorn-64480.exe
4660	1604	WerFault.exe	Unicorn-22056.exe
4684	1860	WerFault.exe	Unicorn-31377.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exeUnicorn-39493.exeUnicorn-48621.exeUnicorn-63566.exeUnicorn-44620.exeUnicorn-59565.exeUnicorn-17978.exeUnicorn-32607.exeUnicorn-1880.exeUnicorn-51636.exeUnicorn-47552.exeUnicorn-5964.exeUnicorn-56872.exeUnicorn-11200.exeUnicorn-42481.exeUnicorn-27537.exeUnicorn-36281.exeUnicorn-40365.exeUnicorn-55310.exeUnicorn-9638.exeUnicorn-42010.exeUnicorn-11283.exeUnicorn-26228.exeUnicorn-58922.exeUnicorn-28196.exeUnicorn-43140.exeUnicorn-24666.exeUnicorn-44532.exeUnicorn-48616.exeUnicorn-63561.exeUnicorn-17890.exeUnicorn-33925.exeUnicorn-36124.exeUnicorn-57614.exeUnicorn-60074.exeUnicorn-11942.exeUnicorn-54921.exeUnicorn-56545.exeUnicorn-39139.exeUnicorn-10873.exeUnicorn-8413.exeUnicorn-28279.exeUnicorn-5912.exeUnicorn-18165.exeUnicorn-33109.exeUnicorn-57059.exeUnicorn-6467.exeUnicorn-61143.exeUnicorn-10551.exeUnicorn-45959.exeUnicorn-19317.exeUnicorn-38345.exeUnicorn-7619.exeUnicorn-55881.exeUnicorn-33323.exeUnicorn-2596.exeUnicorn-17733.exeUnicorn-52544.exeUnicorn-45767.exeUnicorn-15040.exeUnicorn-15040.exeUnicorn-45767.exeUnicorn-19125.exeUnicorn-64796.exe

pid	process
2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
3052	Unicorn-39493.exe
2928	Unicorn-48621.exe
2612	Unicorn-63566.exe
2580	Unicorn-44620.exe
2692	Unicorn-59565.exe
2460	Unicorn-17978.exe
2344	Unicorn-32607.exe
1464	Unicorn-1880.exe
1032	Unicorn-51636.exe
1640	Unicorn-47552.exe
1964	Unicorn-5964.exe
1780	Unicorn-56872.exe
1580	Unicorn-11200.exe
1720	Unicorn-42481.exe
2820	Unicorn-27537.exe
2276	Unicorn-36281.exe
704	Unicorn-40365.exe
1500	Unicorn-55310.exe
1120	Unicorn-9638.exe
848	Unicorn-42010.exe
1356	Unicorn-11283.exe
968	Unicorn-26228.exe
2272	Unicorn-58922.exe
1796	Unicorn-28196.exe
2832	Unicorn-43140.exe
2836	Unicorn-24666.exe
2544	Unicorn-44532.exe
1004	Unicorn-48616.exe
2744	Unicorn-63561.exe
2204	Unicorn-17890.exe
2932	Unicorn-33925.exe
2572	Unicorn-36124.exe
2688	Unicorn-57614.exe
2668	Unicorn-60074.exe
2400	Unicorn-11942.exe
2632	Unicorn-54921.exe
2896	Unicorn-56545.exe
1648	Unicorn-39139.exe
2164	Unicorn-10873.exe
356	Unicorn-8413.exe
1360	Unicorn-28279.exe
2376	Unicorn-5912.exe
2360	Unicorn-18165.exe
1804	Unicorn-33109.exe
2372	Unicorn-57059.exe
2776	Unicorn-6467.exe
2088	Unicorn-61143.exe
2816	Unicorn-10551.exe
748	Unicorn-45959.exe
1064	Unicorn-19317.exe
1748	Unicorn-38345.exe
2132	Unicorn-7619.exe
1320	Unicorn-55881.exe
2848	Unicorn-33323.exe
2148	Unicorn-2596.exe
1628	Unicorn-17733.exe
2940	Unicorn-52544.exe
2604	Unicorn-45767.exe
2720	Unicorn-15040.exe
2700	Unicorn-15040.exe
2680	Unicorn-45767.exe
2464	Unicorn-19125.exe
2340	Unicorn-64796.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exeUnicorn-39493.exeUnicorn-48621.exeUnicorn-63566.exeUnicorn-44620.exeUnicorn-59565.exeUnicorn-17978.exeUnicorn-32607.exe

description	pid	process	target process
PID 2784 wrote to memory of 3052	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-39493.exe
PID 2784 wrote to memory of 3052	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-39493.exe
PID 2784 wrote to memory of 3052	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-39493.exe
PID 2784 wrote to memory of 3052	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-39493.exe
PID 3052 wrote to memory of 2928	3052	Unicorn-39493.exe	Unicorn-48621.exe
PID 3052 wrote to memory of 2928	3052	Unicorn-39493.exe	Unicorn-48621.exe
PID 3052 wrote to memory of 2928	3052	Unicorn-39493.exe	Unicorn-48621.exe
PID 3052 wrote to memory of 2928	3052	Unicorn-39493.exe	Unicorn-48621.exe
PID 2784 wrote to memory of 2612	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-63566.exe
PID 2784 wrote to memory of 2612	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-63566.exe
PID 2784 wrote to memory of 2612	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-63566.exe
PID 2784 wrote to memory of 2612	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	Unicorn-63566.exe
PID 2784 wrote to memory of 2588	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	WerFault.exe
PID 2784 wrote to memory of 2588	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	WerFault.exe
PID 2784 wrote to memory of 2588	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	WerFault.exe
PID 2784 wrote to memory of 2588	2784	6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe	WerFault.exe
PID 2928 wrote to memory of 2580	2928	Unicorn-48621.exe	Unicorn-44620.exe
PID 2928 wrote to memory of 2580	2928	Unicorn-48621.exe	Unicorn-44620.exe
PID 2928 wrote to memory of 2580	2928	Unicorn-48621.exe	Unicorn-44620.exe
PID 2928 wrote to memory of 2580	2928	Unicorn-48621.exe	Unicorn-44620.exe
PID 3052 wrote to memory of 2692	3052	Unicorn-39493.exe	Unicorn-59565.exe
PID 3052 wrote to memory of 2692	3052	Unicorn-39493.exe	Unicorn-59565.exe
PID 3052 wrote to memory of 2692	3052	Unicorn-39493.exe	Unicorn-59565.exe
PID 3052 wrote to memory of 2692	3052	Unicorn-39493.exe	Unicorn-59565.exe
PID 2612 wrote to memory of 2460	2612	Unicorn-63566.exe	Unicorn-17978.exe
PID 2612 wrote to memory of 2460	2612	Unicorn-63566.exe	Unicorn-17978.exe
PID 2612 wrote to memory of 2460	2612	Unicorn-63566.exe	Unicorn-17978.exe
PID 2612 wrote to memory of 2460	2612	Unicorn-63566.exe	Unicorn-17978.exe
PID 3052 wrote to memory of 3028	3052	Unicorn-39493.exe	WerFault.exe
PID 3052 wrote to memory of 3028	3052	Unicorn-39493.exe	WerFault.exe
PID 3052 wrote to memory of 3028	3052	Unicorn-39493.exe	WerFault.exe
PID 3052 wrote to memory of 3028	3052	Unicorn-39493.exe	WerFault.exe
PID 2580 wrote to memory of 2344	2580	Unicorn-44620.exe	Unicorn-32607.exe
PID 2580 wrote to memory of 2344	2580	Unicorn-44620.exe	Unicorn-32607.exe
PID 2580 wrote to memory of 2344	2580	Unicorn-44620.exe	Unicorn-32607.exe
PID 2580 wrote to memory of 2344	2580	Unicorn-44620.exe	Unicorn-32607.exe
PID 2692 wrote to memory of 1464	2692	Unicorn-59565.exe	Unicorn-1880.exe
PID 2692 wrote to memory of 1464	2692	Unicorn-59565.exe	Unicorn-1880.exe
PID 2692 wrote to memory of 1464	2692	Unicorn-59565.exe	Unicorn-1880.exe
PID 2692 wrote to memory of 1464	2692	Unicorn-59565.exe	Unicorn-1880.exe
PID 2928 wrote to memory of 1640	2928	Unicorn-48621.exe	Unicorn-47552.exe
PID 2928 wrote to memory of 1640	2928	Unicorn-48621.exe	Unicorn-47552.exe
PID 2928 wrote to memory of 1640	2928	Unicorn-48621.exe	Unicorn-47552.exe
PID 2928 wrote to memory of 1640	2928	Unicorn-48621.exe	Unicorn-47552.exe
PID 2612 wrote to memory of 1032	2612	Unicorn-63566.exe	Unicorn-51636.exe
PID 2612 wrote to memory of 1032	2612	Unicorn-63566.exe	Unicorn-51636.exe
PID 2612 wrote to memory of 1032	2612	Unicorn-63566.exe	Unicorn-51636.exe
PID 2612 wrote to memory of 1032	2612	Unicorn-63566.exe	Unicorn-51636.exe
PID 2460 wrote to memory of 1964	2460	Unicorn-17978.exe	Unicorn-5964.exe
PID 2460 wrote to memory of 1964	2460	Unicorn-17978.exe	Unicorn-5964.exe
PID 2460 wrote to memory of 1964	2460	Unicorn-17978.exe	Unicorn-5964.exe
PID 2460 wrote to memory of 1964	2460	Unicorn-17978.exe	Unicorn-5964.exe
PID 2928 wrote to memory of 2396	2928	Unicorn-48621.exe	WerFault.exe
PID 2928 wrote to memory of 2396	2928	Unicorn-48621.exe	WerFault.exe
PID 2928 wrote to memory of 2396	2928	Unicorn-48621.exe	WerFault.exe
PID 2928 wrote to memory of 2396	2928	Unicorn-48621.exe	WerFault.exe
PID 2612 wrote to memory of 2348	2612	Unicorn-63566.exe	WerFault.exe
PID 2612 wrote to memory of 2348	2612	Unicorn-63566.exe	WerFault.exe
PID 2612 wrote to memory of 2348	2612	Unicorn-63566.exe	WerFault.exe
PID 2612 wrote to memory of 2348	2612	Unicorn-63566.exe	WerFault.exe
PID 2344 wrote to memory of 1580	2344	Unicorn-32607.exe	Unicorn-11200.exe
PID 2344 wrote to memory of 1580	2344	Unicorn-32607.exe	Unicorn-11200.exe
PID 2344 wrote to memory of 1580	2344	Unicorn-32607.exe	Unicorn-11200.exe
PID 2344 wrote to memory of 1580	2344	Unicorn-32607.exe	Unicorn-11200.exe

C:\Users\Admin\AppData\Local\Temp\6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe
"C:\Users\Admin\AppData\Local\Temp\6e14938a414264d60df84f684e03802fffd61379d2f00035e5844483ec53ee22.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
10⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
11⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
12⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
13⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
14⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
14⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
13⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
12⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
11⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
11⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
12⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
12⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
11⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
9⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
11⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
12⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
13⤵
PID:11752

C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
14⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 216
13⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
12⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
11⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
10⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 220
9⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
8⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
9⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
10⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
11⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
13⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
13⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 236
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
11⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
9⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
8⤵
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
9⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
11⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
12⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
13⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
14⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
14⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
13⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
12⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
11⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
10⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
11⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 220
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
11⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-22523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22523.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
11⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
12⤵
PID:10520

C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
13⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 216
13⤵
PID:14152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
11⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
9⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
8⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
11⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
12⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
13⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
13⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
11⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 236
9⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
8⤵
- Program crash
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
9⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
11⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
12⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
13⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
14⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
14⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
11⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
11⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
12⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
13⤵
PID:13668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 216
13⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
11⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
10⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
9⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
10⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
12⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
13⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 216
13⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 236
12⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
10⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
11⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
12⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 236
12⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
11⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
9⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
8⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
8⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
11⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
12⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
13⤵
PID:13784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 216
13⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
9⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
10⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
11⤵
PID:12008

C:\Users\Admin\AppData\Local\Temp\Unicorn-65179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65179.exe
12⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
11⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
10⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
7⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
6⤵
- Program crash
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
9⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
11⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
12⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
13⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
14⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
14⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
13⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
12⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
11⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
11⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
12⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
13⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
13⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
12⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
10⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
9⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
8⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
11⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
12⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
13⤵
PID:14156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
13⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
9⤵
- Program crash
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
8⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
8⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 220
12⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
9⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 220
10⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-53738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53738.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
10⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
11⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
12⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
12⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
8⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
7⤵
- Program crash
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
8⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 300
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
10⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
9⤵
- Program crash
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
10⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
11⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
12⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 220
12⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
11⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
8⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
8⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
10⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
11⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
12⤵
PID:13316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
12⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
8⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
9⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
10⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
11⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
11⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
10⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
8⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
7⤵
- Program crash
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
6⤵
- Program crash
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
9⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
11⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
12⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
13⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
13⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
11⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
12⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
11⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
9⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
8⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
9⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
11⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
12⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
13⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
13⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 236
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
11⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
12⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
12⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
9⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
8⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
7⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
8⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
11⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
12⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 236
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
10⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
11⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 236
11⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
8⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
7⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
7⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
8⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
9⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
11⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
12⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
12⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
10⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
11⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
11⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
10⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
9⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
8⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
7⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
8⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
9⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
10⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
11⤵
PID:13476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 236
11⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
10⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
8⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
7⤵
- Program crash
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
6⤵
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
7⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
10⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
11⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
12⤵
PID:13412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
11⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
8⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
9⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
10⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
11⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 216
11⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
10⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 236
9⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
8⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
9⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
10⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
11⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
11⤵
PID:14280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
10⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
9⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
8⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
7⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
6⤵
- Program crash
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
5⤵
- Program crash
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-27537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27537.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
8⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
9⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
10⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
11⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
12⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
13⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
14⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 220
14⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
11⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
10⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
11⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
12⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
13⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
13⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
12⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 220
10⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
10⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
11⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
11⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
8⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
9⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
8⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
7⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
12⤵
PID:11732

C:\Users\Admin\AppData\Local\Temp\Unicorn-6217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6217.exe
13⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11732 -s 216
13⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-25429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25429.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
10⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
11⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
12⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11296 -s 216
12⤵
PID:13908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
11⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 220
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
8⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
7⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
7⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
12⤵
PID:11652

C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
13⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11652 -s 216
13⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
11⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
10⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
11⤵
PID:11940

C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
11⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
10⤵
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
8⤵
- Program crash
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
7⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
10⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
11⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
12⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
12⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
10⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
9⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
9⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
10⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
11⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 220
11⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 220
10⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 240
9⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 220
8⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
7⤵
- Program crash
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
6⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
8⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
11⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
12⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
10⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
11⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
8⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
7⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
9⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
10⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
11⤵
PID:11740

C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
12⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
11⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
8⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 220
7⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
6⤵
- Executes dropped EXE
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-11387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11387.exe
7⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
10⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
11⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
11⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
8⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
7⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
8⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
9⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
10⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
10⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
9⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
8⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
7⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
5⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-58922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58922.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
8⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
10⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
11⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
11⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
9⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
8⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
7⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
10⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
11⤵
PID:11380

C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
12⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11380 -s 216
12⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
8⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 220
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
7⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
10⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
11⤵
PID:11780

C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
12⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
11⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
10⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
9⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
8⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
9⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
10⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
11⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 216
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
10⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
9⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
8⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
7⤵
- Program crash
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
6⤵
- Program crash
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
10⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
11⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 236
11⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
8⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
7⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
8⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe
9⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
10⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
10⤵
PID:13520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
9⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
8⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
6⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
5⤵
- Program crash
PID:1272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
9⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
10⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
11⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 220
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
11⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
11⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 220
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
11⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
8⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
9⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59867.exe
11⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 216
9⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 220
8⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
7⤵
- Program crash
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
7⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
12⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
13⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11560 -s 220
13⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 236
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
11⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
11⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
12⤵
PID:13724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
10⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
9⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 220
8⤵
- Program crash
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
7⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
8⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
9⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
10⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
11⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 236
11⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
10⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
8⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
7⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
6⤵
- Program crash
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
5⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
7⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
8⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
11⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
12⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
10⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
10⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
11⤵
PID:12220

C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
11⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
10⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
11⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
8⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
7⤵
- Program crash
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
6⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
7⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
9⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
10⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
11⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
11⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
10⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
9⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
8⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
9⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
10⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
11⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
11⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
10⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
9⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
8⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
7⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
6⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
6⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
10⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
12⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 220
12⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
10⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
7⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
9⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
10⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11784 -s 216
11⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
10⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
9⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
8⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
7⤵
- Program crash
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
6⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
8⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
9⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
10⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
10⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
9⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
7⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
6⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
5⤵
- Program crash
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
6⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
7⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
9⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
10⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
11⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
9⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
8⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
6⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
5⤵
- Program crash
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
10⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
11⤵
PID:11840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
12⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11840 -s 216
12⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
11⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
10⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
7⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
8⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
9⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
10⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
10⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
9⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
8⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
6⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
7⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
9⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
10⤵
PID:11376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
11⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
10⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
9⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
8⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
7⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
6⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
6⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
7⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
8⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
9⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
10⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 236
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
9⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
8⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
7⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
6⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
7⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
8⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
9⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
9⤵
PID:13708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
8⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
7⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
6⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
5⤵
- Program crash
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
4⤵
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
2⤵
- Program crash
PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe

Filesize
184KB

MD5
d5ca224546c507c93d3c60a952dfd74d

SHA1
9e67a85470244626d494376768289fa88a7bd2b2

SHA256
f44d3a342c6e4e728d03e05d611f9e7569a609ae20d868844abdfc7831e4d9a5

SHA512
6ad127dbf089c2a0c567ae7e9dd077af7fb884f386d01cdc581f21d213c30646039bee09276b8071bc2f6844ae8331bad327751527d15fb77ed13066c2112c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe

Filesize
184KB

MD5
e67a78733a714dbb07576e80a8780f07

SHA1
983069c2f62839e68491d722196d0085932c281e

SHA256
b76727e98c70fcc202b5d6f4c68e9a6bf124f887128dd9566d6a9d7973bd9cdd

SHA512
bb0f8810655174660a73af65c90967b5df71e98394679748879d291403b96bd703c4b3b9040b73d441d968341f421e44be3c43a769f992e6a56fbd2ed9cb5ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe

Filesize
184KB

MD5
a377f5b5e816195e50f0321ab704ea27

SHA1
7ab544cc39239652b8ca18292485a6db9fdce129

SHA256
7e9f40cf8fcf46a9300f380fb81a130fdbc9b0a9bd59183b9196b84c315f0cc7

SHA512
f4e222adc2a8b983a905b563ac566aefaba71ef63f008d0edecbf2060882b3c986a8c41fe699cec3c3662945c2ce233fc47af7e06a45b4eee4f44b8c2ba9a1ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe

Filesize
184KB

MD5
bd3561ea592633d909c1267282d3d698

SHA1
ab150363db0fb1673702f597594094b711681805

SHA256
5241760799cbafcc50c32428f81d81ff63da00226228aa1fac9be3059781fa02

SHA512
6747f0d524877d59fa97a5670b7a0ef68229803a63f0b9c196d46cf045362453794b573f42454f9b9f952d9709ae4aa503f7b645ae00f8e982c31149436d7c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe

Filesize
184KB

MD5
8569348aee2f9c76c118e4e354d98da2

SHA1
8fd9fc703551daea7ed89ae3363341d1b0be8aa5

SHA256
61dda1e4f9a11e862301db1adb58a26ddcc7c00130cf214a1aef1701ddf127d8

SHA512
8fc567e00832b2a092ac5b1f5f47793105a7db73db61a0d0b38a104ac847df6b6802097d3b74e4eed099d3b1a2901745f45d8617828cc5f1e8e1ee9180a9a8ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe

Filesize
184KB

MD5
f7a05575b8898b0d8dc2f1d4d5f155ac

SHA1
e6a9f985ab79ea87d99c5d251be9abb9afffd191

SHA256
ec29a8b943c89cbcb194bd9f1c15fde716d93f8e6437403c6feedc894b55e152

SHA512
837374bd837a21f9d6c109cbd75eb70aaeabf741f7d574be15ade10e55d8ff23708422282931bd3a3a387d64e961eb3023e88beb52c3179b3d4c70682fe923a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe

Filesize
184KB

MD5
727c774d70d22b04a21aabe66ca90dae

SHA1
f8a9fe8b344e2a4dff57e5ca42029a91bf559492

SHA256
8cbba2eb3ebaf78f92ec473800cdce7df1799caab74571f72cbba6de89be40a4

SHA512
d05e50b15f891c8b26c6166dff843c3379a42958c718c1e4ac05a4d60fa28efa0f6180c1388233128841c65e6dee9e221ead2ebbe6584a9b535df0b2de27b2d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe

Filesize
184KB

MD5
e168f9469355f949bede777336125238

SHA1
1e0bbb91d67809481c896878dbaaa6b92cb14090

SHA256
5a6500d1c3b7074ecae1779814fa3f460010017b5e800c811abbd6892e7bd45b

SHA512
6a5115f051d7249a3b35c6fcc93ec978867cba2e2340f9d2f471df19f089774ee2bf79c9b36852c589b6ca8d8a95ff0a824742099ec278a8f84a0ab7630ca2e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe

Filesize
184KB

MD5
e37239ca4cadb9d4d14984c02e1cab3e

SHA1
6f7e0912e81e2599ae211cb7d4e515e03fad5699

SHA256
bc9fe224f8b37e86689ad06f8bb1c00e944fc4ad925000d0be185d6d12ef4bf0

SHA512
5a91b03c4b123578becaf9878fb4e13c370abdaa8953b0e43fe22e44041571dc5a37755c34e1182d718f600cca2b3c4860ae27f841b9d91eb3c55726f27fa50c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe

Filesize
184KB

MD5
46ebbb5fd20c187d3f6c0c256242d74d

SHA1
ea7ab4fe671cfc5d8f9091c06343c1fecef59e60

SHA256
79f95d680d7211baded55f5007f15968b39924db0cfe0a781679a0b62126f202

SHA512
eb28d491252259c3b38fb964515954ec3e58fbcf8a330f920725cce704a2cf5ec2c0df6d1a08e9223b32ff6af4328eb0cb49506bf220339586619f0b1313af19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe

Filesize
184KB

MD5
260763a532b144ce008622310f674a93

SHA1
8fd5318511f71f1e34f96fee9387376e5e9418f8

SHA256
0acda4ad8188b9cdb2dd5560ae4521f2265619f9bfa54832f774384a2b110ba3

SHA512
b42420bdad311adbb1e19b83c9889f1bc40961b06b1dc47966a379a0e84211ea9add449f93f2e1716ed9cfddb171376433426f0b0034ccd0d1de524fab6224ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27537.exe

Filesize
184KB

MD5
3004893990de4a3e62f1ea8f297529ec

SHA1
ae77a22c3f9b3858a13dd5a3227fae6774622707

SHA256
78688800fa56934ea17254c5180ab1bc9ba542b3955ef64f36fa96669f58035b

SHA512
be9df49cd159df47e31536a36703110349f429c60074c480739558d32e9fefc1d16f035ae643fc7208fad36a3fdc7597568b65c29962cc3aaca1cd8c05fdf255

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe

Filesize
184KB

MD5
d6cea8da9064ddd2007711edb863c366

SHA1
a9adf2dad4be75fde48cac67d646997cdb442d8a

SHA256
e6ba737295bfe3d161f3938b758f21a8274f1609e106c7dab2a1334146e83886

SHA512
c715b788e14b07e86b6137a1d9261b4503b2df7f9ffd017ef21534ab1a6e08ddd9d544a0fa42f28390aecb8e399c2df48f908fe8fd6c8756e38d2656c4bfef6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe

Filesize
184KB

MD5
770a6264fc431efadd16a62f642214ef

SHA1
a3ad908d45d07ad90b8afc3aaefc28a15066f322

SHA256
9b1d185f6bfae75b837054c1c6c0085de585b036bc72bffa53f32dd8f8b7a4db

SHA512
4d0260706a98ab8aed98b54b1da0ca5fdb98e071523dcec63128044c01778ae5a9d246ba8c57916a09836b765e6d99e77376e290898fbe201420c62c4ac78817

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe

Filesize
184KB

MD5
1f01785f5b1202e7b8640e191d78b28a

SHA1
4ae68f0253ad1569f2182c724dc39647008e4389

SHA256
0a8338180e2b7b60f3f4c0734d3c213fb3ff0e3b980175d5d2fab509ca6040e0

SHA512
cec88057cd7aff3069b0623377e7ee555489413b3915fb401bc6877697e2e9d38e157c85c6abf0c1d7d70e99931642b5b013733f5692a8644753ee453c3bca08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe

Filesize
184KB

MD5
f0d7fd00543a7e3e238ea4ad51aa0a7a

SHA1
cb030937484c8be6a65fb6faf0cb28349dd3c445

SHA256
7595bf8b7b1c85fa7610e9114f3ab21345d809d8eaa028f9d7d5d3faa38137c7

SHA512
eaee01edc0cef9a4e5bb24335a9bf7cabbda3513f1996e6d99b1f9f2a690bee9881f40f21643b3e91f76884dd0792d017818126dbd3607b6abadfce67a29c2c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe

Filesize
184KB

MD5
4e3151a15245a20cad22c584421d6e5d

SHA1
a0b4c5dce2d2d53e2352292402d17a4dc74b52b9

SHA256
4d03b712e29d27b6232be8720eff337912180a313c2c3df284a2167e25b5a5d6

SHA512
aaf0a7824f64965b38b30bd371e3c1b38a33ac3a4a8ee489eac30f7f18792dd1cc11dc0b6728df7bdd4bd59afa3230abb99b931a69621cef7bf3bd165175194e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe

Filesize
184KB

MD5
29bafe92f787132d0fc3ab9c9c078da6

SHA1
ba1dd2a58bf522cc9534067ef991605b0c90af7f

SHA256
cec32fe29f33a59c1ed914d99d158a2a39f500f4e2b4d715f362be4fc1821a56

SHA512
e62874dd54663cebd5b592f1bbee0c91deaa9d3a5f07cce1b2e39a283c65cb441b0a9c52a0203c78dcbf6b672ffb6f243f0ab23ac9f8969c182f76b734872104

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe

Filesize
184KB

MD5
e4d97187aeeb15522b0f15d1310f3daa

SHA1
5dcf0c88a845b41e904736df83572ac715c80a88

SHA256
d54f85fefed98fca4f6c985f0329734084e84387ec4c7b4a7c559476a3a4283d

SHA512
771fe85cf6f9fbd21a817b74be7a9ecdf56942727fb495176eb9574117bf7b9bc20e8a28a1c32e4edb7ebaca0daed2d9bb9f7ee99a96cddbadfec6c339a3706d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe

Filesize
184KB

MD5
b5c4e11c2f9f52e0fe925e128729a19e

SHA1
373f66cdff7f03c30e9acfbbf9d0bc871ac1b411

SHA256
3f1e41bd9563872eb39df986950508cdf00aeb66bd1ed59daff6d3816abea81e

SHA512
ea9f8af70e9e4aac5bbf10dde91d62cb7acc614f1d472d4c5dd254e7439a1570d35da394a7e5a9b447d899cc79f9c57a2dfff04adf4862022e70587e0aecadf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe

Filesize
184KB

MD5
2a980cbce0d21598262b1e2deff47ae4

SHA1
f5dc7c7a2722152e2d3babe9978dfa3698b565a7

SHA256
9547fcc5401a05a2bed0a0b5ac353c8868421b1b42281b48500b146e2f29f54c

SHA512
908bf59fc2085d70dd3262295116616999b5e8134b8b4f4614f82fa48977c863c8cbd8a2fd1c448df07b00725cba28252f8425773b01aee79744ba4a45936b1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe

Filesize
184KB

MD5
3f3e037c67e108c035bbdaabe70580af

SHA1
02b2a1c66b8414eca535dbd627cbaee13f19a63e

SHA256
f432ccce6ae38836247ee2d361d5d1cea929db6e7b47c35b10aa359743aaca68

SHA512
d3c6b1b2197d58b2936a684a40eea1ff77f3c968b45c1ea4327b64cd49062b6937bb033b250dfc0ff8788f52440563c2cb4fd2cca1c3ba157667d0b8704527a6

Download Submit