83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
Size

184KB
MD5

0f81141f41bafaa0524372f124d10b3d
SHA1

938effffb453f20ac89bdb22922271303fa7d59d
SHA256

83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66
SHA512

3275d897c01d70f43674abf76a8f170b0c36eb8d17fdcf6e74987b352f2506d6d42513d6ec74af5ba0895c99bf1971331ffa97ea78eccd069e1c8c550506804f
SSDEEP

3072:NmH6PgokBpbzdL6YelOLtapTIKGezPwZq+q2O5CoUlQ/lnVOFBnT:Nm1oOpL68LYpTIfF3E/lnVOFB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-56193.exeUnicorn-50765.exeUnicorn-5093.exeUnicorn-26474.exeUnicorn-37334.exeUnicorn-57200.exeUnicorn-57283.exeUnicorn-33333.exeUnicorn-53199.exeUnicorn-22473.exeUnicorn-2607.exeUnicorn-14387.exeUnicorn-6966.exeUnicorn-4273.exeUnicorn-60573.exeUnicorn-23302.exeUnicorn-54029.exeUnicorn-8357.exeUnicorn-8357.exeUnicorn-36152.exeUnicorn-44320.exeUnicorn-24454.exeUnicorn-9509.exeUnicorn-1896.exeUnicorn-38674.exeUnicorn-49535.exeUnicorn-3863.exeUnicorn-65316.exeUnicorn-26976.exeUnicorn-65316.exeUnicorn-46842.exeUnicorn-36295.exeUnicorn-63492.exeUnicorn-52631.exeUnicorn-14867.exeUnicorn-65459.exeUnicorn-30649.exeUnicorn-41509.exeUnicorn-61375.exeUnicorn-46985.exeUnicorn-28703.exeUnicorn-10228.exeUnicorn-21089.exeUnicorn-36871.exeUnicorn-17005.exeUnicorn-64068.exeUnicorn-18397.exeUnicorn-29257.exeUnicorn-59984.exeUnicorn-57867.exeUnicorn-23057.exeUnicorn-3191.exeUnicorn-9242.exeUnicorn-17411.exeUnicorn-28271.exeUnicorn-42984.exeUnicorn-36439.exeUnicorn-21495.exeUnicorn-21495.exeUnicorn-48884.exeUnicorn-14073.exeUnicorn-62205.exeUnicorn-16534.exeUnicorn-46191.exe

pid	process
1800	Unicorn-56193.exe
1836	Unicorn-50765.exe
1048	Unicorn-5093.exe
2604	Unicorn-26474.exe
2168	Unicorn-37334.exe
2756	Unicorn-57200.exe
1056	Unicorn-57283.exe
2724	Unicorn-33333.exe
3008	Unicorn-53199.exe
2808	Unicorn-22473.exe
2804	Unicorn-2607.exe
1540	Unicorn-14387.exe
1728	Unicorn-6966.exe
1308	Unicorn-4273.exe
2196	Unicorn-60573.exe
540	Unicorn-23302.exe
924	Unicorn-54029.exe
592	Unicorn-8357.exe
1508	Unicorn-8357.exe
2492	Unicorn-36152.exe
2340	Unicorn-44320.exe
1920	Unicorn-24454.exe
1368	Unicorn-9509.exe
796	Unicorn-1896.exe
1856	Unicorn-38674.exe
700	Unicorn-49535.exe
2376	Unicorn-3863.exe
1256	Unicorn-65316.exe
1632	Unicorn-26976.exe
2936	Unicorn-65316.exe
900	Unicorn-46842.exe
1984	Unicorn-36295.exe
2016	Unicorn-63492.exe
2032	Unicorn-52631.exe
1960	Unicorn-14867.exe
2236	Unicorn-65459.exe
2556	Unicorn-30649.exe
2616	Unicorn-41509.exe
2500	Unicorn-61375.exe
2620	Unicorn-46985.exe
2796	Unicorn-28703.exe
2740	Unicorn-10228.exe
1584	Unicorn-21089.exe
2856	Unicorn-36871.exe
2692	Unicorn-17005.exe
1648	Unicorn-64068.exe
1976	Unicorn-18397.exe
1744	Unicorn-29257.exe
1432	Unicorn-59984.exe
1804	Unicorn-57867.exe
2164	Unicorn-23057.exe
2924	Unicorn-3191.exe
2044	Unicorn-9242.exe
2080	Unicorn-17411.exe
892	Unicorn-28271.exe
2336	Unicorn-42984.exe
2980	Unicorn-36439.exe
2904	Unicorn-21495.exe
2816	Unicorn-21495.exe
2012	Unicorn-48884.exe
2560	Unicorn-14073.exe
1816	Unicorn-62205.exe
2568	Unicorn-16534.exe
2528	Unicorn-46191.exe

Loads dropped DLL 64 IoCs

Processes:

83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exeUnicorn-56193.exeUnicorn-50765.exeUnicorn-5093.exeWerFault.exeUnicorn-26474.exeUnicorn-57200.exeUnicorn-37334.exeWerFault.exeWerFault.exeUnicorn-57283.exeUnicorn-33333.exeUnicorn-53199.exeUnicorn-22473.exeUnicorn-2607.exeWerFault.exeWerFault.exe

pid	process
1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
1800	Unicorn-56193.exe
1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
1800	Unicorn-56193.exe
1836	Unicorn-50765.exe
1836	Unicorn-50765.exe
1800	Unicorn-56193.exe
1800	Unicorn-56193.exe
1048	Unicorn-5093.exe
1048	Unicorn-5093.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
2604	Unicorn-26474.exe
2604	Unicorn-26474.exe
1048	Unicorn-5093.exe
1048	Unicorn-5093.exe
2756	Unicorn-57200.exe
2756	Unicorn-57200.exe
1836	Unicorn-50765.exe
2168	Unicorn-37334.exe
1836	Unicorn-50765.exe
2168	Unicorn-37334.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2864	WerFault.exe
1056	Unicorn-57283.exe
1056	Unicorn-57283.exe
2604	Unicorn-26474.exe
2604	Unicorn-26474.exe
2724	Unicorn-33333.exe
2724	Unicorn-33333.exe
3008	Unicorn-53199.exe
3008	Unicorn-53199.exe
2756	Unicorn-57200.exe
2756	Unicorn-57200.exe
2168	Unicorn-37334.exe
2808	Unicorn-22473.exe
2804	Unicorn-2607.exe
2168	Unicorn-37334.exe
2808	Unicorn-22473.exe
2804	Unicorn-2607.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2600	1204	WerFault.exe	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
2688	1800	WerFault.exe	Unicorn-56193.exe
2864	1836	WerFault.exe	Unicorn-50765.exe
2988	1048	WerFault.exe	Unicorn-5093.exe
2244	2604	WerFault.exe	Unicorn-26474.exe
852	2168	WerFault.exe	Unicorn-37334.exe
2520	2756	WerFault.exe	Unicorn-57200.exe
1608	1056	WerFault.exe	Unicorn-57283.exe
2220	2724	WerFault.exe	Unicorn-33333.exe
1712	3008	WerFault.exe	Unicorn-53199.exe
2640	2804	WerFault.exe	Unicorn-2607.exe
2800	1256	WerFault.exe	Unicorn-65316.exe
1636	2936	WerFault.exe	Unicorn-65316.exe
712	1540	WerFault.exe	Unicorn-14387.exe
340	1308	WerFault.exe	Unicorn-4273.exe
964	540	WerFault.exe	Unicorn-23302.exe
788	2196	WerFault.exe	Unicorn-60573.exe
1672	1508	WerFault.exe	Unicorn-8357.exe
968	592	WerFault.exe	Unicorn-8357.exe
1828	924	WerFault.exe	Unicorn-54029.exe
2028	2492	WerFault.exe	Unicorn-36152.exe
2888	2340	WerFault.exe	Unicorn-44320.exe
2296	1920	WerFault.exe	Unicorn-24454.exe
1696	1368	WerFault.exe	Unicorn-9509.exe
2212	796	WerFault.exe	Unicorn-1896.exe
2760	700	WerFault.exe	Unicorn-49535.exe
2848	2376	WerFault.exe	Unicorn-3863.exe
2504	1632	WerFault.exe	Unicorn-26976.exe
3028	1856	WerFault.exe	Unicorn-38674.exe
2428	900	WerFault.exe	Unicorn-46842.exe
3016	2832	WerFault.exe	Unicorn-65350.exe
1604	1984	WerFault.exe	Unicorn-36295.exe
2104	2016	WerFault.exe	Unicorn-63492.exe
2324	1960	WerFault.exe	Unicorn-14867.exe
2352	2032	WerFault.exe	Unicorn-52631.exe
3100	2500	WerFault.exe	Unicorn-61375.exe
3132	2556	WerFault.exe	Unicorn-30649.exe
3124	2616	WerFault.exe	Unicorn-41509.exe
3184	2236	WerFault.exe	Unicorn-65459.exe
3212	2620	WerFault.exe	Unicorn-46985.exe
3292	2796	WerFault.exe	Unicorn-28703.exe
3408	2740	WerFault.exe	Unicorn-10228.exe
3476	1584	WerFault.exe	Unicorn-21089.exe
3468	2856	WerFault.exe	Unicorn-36871.exe
3460	2692	WerFault.exe	Unicorn-17005.exe
3540	1432	WerFault.exe	Unicorn-59984.exe
3548	1648	WerFault.exe	Unicorn-64068.exe
3564	1744	WerFault.exe	Unicorn-29257.exe
3576	1976	WerFault.exe	Unicorn-18397.exe
3884	2924	WerFault.exe	Unicorn-3191.exe
3572	2568	WerFault.exe	Unicorn-16534.exe
3712	1804	WerFault.exe	Unicorn-57867.exe
3828	2728	WerFault.exe	Unicorn-10674.exe
3880	2528	WerFault.exe	Unicorn-46191.exe
3872	2164	WerFault.exe	Unicorn-23057.exe
3940	1588	WerFault.exe	Unicorn-560.exe
3240	2012	WerFault.exe	Unicorn-48884.exe
3524	2080	WerFault.exe	Unicorn-17411.exe
3692	300	WerFault.exe	Unicorn-42792.exe
4152	2560	WerFault.exe	Unicorn-14073.exe
4180	2044	WerFault.exe	Unicorn-9242.exe
4236	1444	WerFault.exe	Unicorn-12065.exe
4288	1968	WerFault.exe	Unicorn-16342.exe
4408	2700	WerFault.exe	Unicorn-61219.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exeUnicorn-56193.exeUnicorn-50765.exeUnicorn-5093.exeUnicorn-26474.exeUnicorn-37334.exeUnicorn-57200.exeUnicorn-57283.exeUnicorn-33333.exeUnicorn-53199.exeUnicorn-22473.exeUnicorn-2607.exeUnicorn-14387.exeUnicorn-6966.exeUnicorn-4273.exeUnicorn-60573.exeUnicorn-23302.exeUnicorn-8357.exeUnicorn-54029.exeUnicorn-8357.exeUnicorn-36152.exeUnicorn-44320.exeUnicorn-24454.exeUnicorn-9509.exeUnicorn-1896.exeUnicorn-49535.exeUnicorn-38674.exeUnicorn-3863.exeUnicorn-46842.exeUnicorn-65316.exeUnicorn-65316.exeUnicorn-26976.exeUnicorn-36295.exeUnicorn-63492.exeUnicorn-52631.exeUnicorn-14867.exeUnicorn-65459.exeUnicorn-30649.exeUnicorn-41509.exeUnicorn-61375.exeUnicorn-46985.exeUnicorn-28703.exeUnicorn-21089.exeUnicorn-10228.exeUnicorn-36871.exeUnicorn-17005.exeUnicorn-64068.exeUnicorn-18397.exeUnicorn-29257.exeUnicorn-59984.exeUnicorn-57867.exeUnicorn-3191.exeUnicorn-23057.exeUnicorn-9242.exeUnicorn-17411.exeUnicorn-28271.exeUnicorn-42984.exeUnicorn-36439.exeUnicorn-21495.exeUnicorn-62205.exeUnicorn-14073.exeUnicorn-48884.exeUnicorn-16534.exeUnicorn-46191.exe

pid	process
1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
1800	Unicorn-56193.exe
1836	Unicorn-50765.exe
1048	Unicorn-5093.exe
2604	Unicorn-26474.exe
2168	Unicorn-37334.exe
2756	Unicorn-57200.exe
1056	Unicorn-57283.exe
2724	Unicorn-33333.exe
3008	Unicorn-53199.exe
2808	Unicorn-22473.exe
2804	Unicorn-2607.exe
1540	Unicorn-14387.exe
1728	Unicorn-6966.exe
1308	Unicorn-4273.exe
2196	Unicorn-60573.exe
540	Unicorn-23302.exe
592	Unicorn-8357.exe
924	Unicorn-54029.exe
1508	Unicorn-8357.exe
2492	Unicorn-36152.exe
2340	Unicorn-44320.exe
1920	Unicorn-24454.exe
1368	Unicorn-9509.exe
796	Unicorn-1896.exe
700	Unicorn-49535.exe
1856	Unicorn-38674.exe
2376	Unicorn-3863.exe
900	Unicorn-46842.exe
2936	Unicorn-65316.exe
1256	Unicorn-65316.exe
1632	Unicorn-26976.exe
1984	Unicorn-36295.exe
2016	Unicorn-63492.exe
2032	Unicorn-52631.exe
1960	Unicorn-14867.exe
2236	Unicorn-65459.exe
2556	Unicorn-30649.exe
2616	Unicorn-41509.exe
2500	Unicorn-61375.exe
2620	Unicorn-46985.exe
2796	Unicorn-28703.exe
1584	Unicorn-21089.exe
2740	Unicorn-10228.exe
2856	Unicorn-36871.exe
2692	Unicorn-17005.exe
1648	Unicorn-64068.exe
1976	Unicorn-18397.exe
1744	Unicorn-29257.exe
1432	Unicorn-59984.exe
1804	Unicorn-57867.exe
2924	Unicorn-3191.exe
2164	Unicorn-23057.exe
2044	Unicorn-9242.exe
2080	Unicorn-17411.exe
892	Unicorn-28271.exe
2336	Unicorn-42984.exe
2980	Unicorn-36439.exe
2904	Unicorn-21495.exe
1816	Unicorn-62205.exe
2560	Unicorn-14073.exe
2012	Unicorn-48884.exe
2568	Unicorn-16534.exe
2528	Unicorn-46191.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exeUnicorn-56193.exeUnicorn-50765.exeUnicorn-5093.exeUnicorn-26474.exeUnicorn-57200.exeUnicorn-37334.exeUnicorn-57283.exe

description	pid	process	target process
PID 1204 wrote to memory of 1800	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-56193.exe
PID 1204 wrote to memory of 1800	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-56193.exe
PID 1204 wrote to memory of 1800	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-56193.exe
PID 1204 wrote to memory of 1800	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-56193.exe
PID 1204 wrote to memory of 1836	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-50765.exe
PID 1204 wrote to memory of 1836	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-50765.exe
PID 1204 wrote to memory of 1836	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-50765.exe
PID 1204 wrote to memory of 1836	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	Unicorn-50765.exe
PID 1800 wrote to memory of 1048	1800	Unicorn-56193.exe	Unicorn-5093.exe
PID 1800 wrote to memory of 1048	1800	Unicorn-56193.exe	Unicorn-5093.exe
PID 1800 wrote to memory of 1048	1800	Unicorn-56193.exe	Unicorn-5093.exe
PID 1800 wrote to memory of 1048	1800	Unicorn-56193.exe	Unicorn-5093.exe
PID 1204 wrote to memory of 2600	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	WerFault.exe
PID 1204 wrote to memory of 2600	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	WerFault.exe
PID 1204 wrote to memory of 2600	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	WerFault.exe
PID 1204 wrote to memory of 2600	1204	83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe	WerFault.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-50765.exe	Unicorn-26474.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-50765.exe	Unicorn-26474.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-50765.exe	Unicorn-26474.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-50765.exe	Unicorn-26474.exe
PID 1800 wrote to memory of 2168	1800	Unicorn-56193.exe	Unicorn-37334.exe
PID 1800 wrote to memory of 2168	1800	Unicorn-56193.exe	Unicorn-37334.exe
PID 1800 wrote to memory of 2168	1800	Unicorn-56193.exe	Unicorn-37334.exe
PID 1800 wrote to memory of 2168	1800	Unicorn-56193.exe	Unicorn-37334.exe
PID 1048 wrote to memory of 2756	1048	Unicorn-5093.exe	Unicorn-57200.exe
PID 1048 wrote to memory of 2756	1048	Unicorn-5093.exe	Unicorn-57200.exe
PID 1048 wrote to memory of 2756	1048	Unicorn-5093.exe	Unicorn-57200.exe
PID 1048 wrote to memory of 2756	1048	Unicorn-5093.exe	Unicorn-57200.exe
PID 1800 wrote to memory of 2688	1800	Unicorn-56193.exe	WerFault.exe
PID 1800 wrote to memory of 2688	1800	Unicorn-56193.exe	WerFault.exe
PID 1800 wrote to memory of 2688	1800	Unicorn-56193.exe	WerFault.exe
PID 1800 wrote to memory of 2688	1800	Unicorn-56193.exe	WerFault.exe
PID 2604 wrote to memory of 1056	2604	Unicorn-26474.exe	Unicorn-57283.exe
PID 2604 wrote to memory of 1056	2604	Unicorn-26474.exe	Unicorn-57283.exe
PID 2604 wrote to memory of 1056	2604	Unicorn-26474.exe	Unicorn-57283.exe
PID 2604 wrote to memory of 1056	2604	Unicorn-26474.exe	Unicorn-57283.exe
PID 1048 wrote to memory of 2724	1048	Unicorn-5093.exe	Unicorn-33333.exe
PID 1048 wrote to memory of 2724	1048	Unicorn-5093.exe	Unicorn-33333.exe
PID 1048 wrote to memory of 2724	1048	Unicorn-5093.exe	Unicorn-33333.exe
PID 1048 wrote to memory of 2724	1048	Unicorn-5093.exe	Unicorn-33333.exe
PID 2756 wrote to memory of 3008	2756	Unicorn-57200.exe	Unicorn-53199.exe
PID 2756 wrote to memory of 3008	2756	Unicorn-57200.exe	Unicorn-53199.exe
PID 2756 wrote to memory of 3008	2756	Unicorn-57200.exe	Unicorn-53199.exe
PID 2756 wrote to memory of 3008	2756	Unicorn-57200.exe	Unicorn-53199.exe
PID 1836 wrote to memory of 2804	1836	Unicorn-50765.exe	Unicorn-2607.exe
PID 1836 wrote to memory of 2804	1836	Unicorn-50765.exe	Unicorn-2607.exe
PID 1836 wrote to memory of 2804	1836	Unicorn-50765.exe	Unicorn-2607.exe
PID 1836 wrote to memory of 2804	1836	Unicorn-50765.exe	Unicorn-2607.exe
PID 2168 wrote to memory of 2808	2168	Unicorn-37334.exe	Unicorn-22473.exe
PID 2168 wrote to memory of 2808	2168	Unicorn-37334.exe	Unicorn-22473.exe
PID 2168 wrote to memory of 2808	2168	Unicorn-37334.exe	Unicorn-22473.exe
PID 2168 wrote to memory of 2808	2168	Unicorn-37334.exe	Unicorn-22473.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-50765.exe	WerFault.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-50765.exe	WerFault.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-50765.exe	WerFault.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-50765.exe	WerFault.exe
PID 1048 wrote to memory of 2988	1048	Unicorn-5093.exe	WerFault.exe
PID 1048 wrote to memory of 2988	1048	Unicorn-5093.exe	WerFault.exe
PID 1048 wrote to memory of 2988	1048	Unicorn-5093.exe	WerFault.exe
PID 1048 wrote to memory of 2988	1048	Unicorn-5093.exe	WerFault.exe
PID 1056 wrote to memory of 1540	1056	Unicorn-57283.exe	Unicorn-14387.exe
PID 1056 wrote to memory of 1540	1056	Unicorn-57283.exe	Unicorn-14387.exe
PID 1056 wrote to memory of 1540	1056	Unicorn-57283.exe	Unicorn-14387.exe
PID 1056 wrote to memory of 1540	1056	Unicorn-57283.exe	Unicorn-14387.exe

C:\Users\Admin\AppData\Local\Temp\83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe
"C:\Users\Admin\AppData\Local\Temp\83be5effb84f5296c44fcfaa93ff734051f63a5cd5515351d44343728a9a0d66.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
9⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
10⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
11⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
12⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
13⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
14⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 220
14⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
13⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 236
12⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
11⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
10⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
9⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
10⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-41417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41417.exe
11⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
12⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
13⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
14⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
14⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
13⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
12⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
10⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
9⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
8⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
9⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exe
11⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
13⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
12⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
9⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
8⤵
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
9⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
11⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
12⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
13⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
14⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
14⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 220
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
12⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
11⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
11⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
12⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
13⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
13⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
12⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
11⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
12⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
13⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 236
13⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
9⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
8⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
7⤵
- Program crash
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
9⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
11⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
12⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
13⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
14⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
14⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 220
13⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
11⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
13⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
11⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
10⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 220
9⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
8⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-15075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15075.exe
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
11⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
12⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
13⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 220
13⤵
PID:14028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 220
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
10⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 236
9⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
8⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
11⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
12⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
13⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 236
13⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 236
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
10⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
11⤵
PID:10676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
12⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 216
12⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 236
11⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 220
9⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
8⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
7⤵
- Program crash
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
6⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
11⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
12⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
13⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
13⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
12⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
9⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-48775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48775.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
11⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
12⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-49700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49700.exe
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 220
13⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 220
12⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
9⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
8⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
8⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
12⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
13⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 220
13⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
10⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-60234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60234.exe
11⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
12⤵
PID:14048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 216
12⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
11⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
8⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
7⤵
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
7⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
8⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
11⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
12⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
13⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 204
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
11⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
12⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 220
11⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
9⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
8⤵
- Program crash
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
7⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
9⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
10⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 240
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
10⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 240
9⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
8⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
7⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
6⤵
- Program crash
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
5⤵
- Program crash
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
12⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
13⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
14⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 220
14⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
13⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
11⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-28728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28728.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
12⤵
PID:10608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
13⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 236
13⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
11⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
11⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
12⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
13⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
13⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
9⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 220
8⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
8⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
10⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
11⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
12⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
11⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
8⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
7⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
7⤵
- Executes dropped EXE
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
7⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
10⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
11⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
12⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 204
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
8⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
7⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
6⤵
- Program crash
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
11⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
13⤵
PID:13704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 236
13⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 236
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
9⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 148
10⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
7⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-25413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25413.exe
10⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
12⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
11⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-46933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46933.exe
8⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
9⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
10⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
11⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
11⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
10⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
8⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
7⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
10⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
12⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
11⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
8⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
8⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
9⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 212
10⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
9⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
6⤵
- Program crash
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
5⤵
- Program crash
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
7⤵
- Program crash
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
7⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
10⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
11⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-62891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62891.exe
12⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 204
12⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
7⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
9⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
10⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 236
12⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
11⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
8⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
7⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 220
6⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
7⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
8⤵
- Program crash
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
7⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
10⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
11⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
12⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
13⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 236
13⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 236
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
11⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
8⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
6⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
10⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
11⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
12⤵
PID:14092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
12⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
11⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
7⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
- Program crash
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
6⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
7⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
10⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 320
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
9⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
11⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 220
12⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 220
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
10⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
8⤵
- Program crash
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
7⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-43514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43514.exe
11⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
12⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 236
12⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
11⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
10⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
8⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
7⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
6⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
10⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
11⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
12⤵
PID:13740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 220
12⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
11⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
8⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
8⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
9⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
10⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
11⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
11⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 236
10⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
9⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
8⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
6⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
6⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
9⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
11⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
12⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
8⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
7⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
8⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
9⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
10⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
11⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
11⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
10⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
9⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
8⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
7⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
6⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
7⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
8⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
9⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
10⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
11⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
11⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
10⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
8⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
7⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
6⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
5⤵
- Program crash
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
9⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
10⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
11⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
12⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
13⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
14⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
14⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 220
13⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
11⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
10⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-35719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35719.exe
11⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
12⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
13⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
12⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
9⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
11⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
12⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
13⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
12⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
9⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
8⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
8⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
10⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
11⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
12⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 236
12⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
11⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
10⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
10⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
11⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 204
12⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
11⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
10⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 220
8⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
7⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
8⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
11⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
12⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
13⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 204
13⤵
PID:13960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 220
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
11⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
12⤵
PID:13416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 220
11⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
8⤵
- Program crash
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
7⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
9⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
9⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
10⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
11⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
11⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
10⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
9⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
8⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
7⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
11⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
12⤵
PID:13392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 236
12⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
10⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
9⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
10⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
11⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 204
11⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 220
10⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
6⤵
- Program crash
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
5⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-36295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36295.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
8⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
11⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
12⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 220
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
11⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
10⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-2439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2439.exe
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
11⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
12⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 204
12⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
10⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
8⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
7⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
12⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 220
11⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
8⤵
- Program crash
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
7⤵
- Program crash
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
11⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-53773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53773.exe
12⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
13⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 220
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
11⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
12⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
12⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 240
9⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
11⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
12⤵
PID:14280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
11⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
8⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
7⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
10⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
11⤵
PID:12684

C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
12⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 236
11⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
9⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
7⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
6⤵
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
7⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
11⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
12⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
9⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
7⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
9⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
10⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
11⤵
PID:14196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 220
10⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
9⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
6⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
7⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
8⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
9⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
10⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
11⤵
PID:11420

C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
12⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11420 -s 216
12⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 236
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
10⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
9⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
7⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
8⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
9⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
10⤵
PID:12856

C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
10⤵
PID:696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 220
9⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
8⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
7⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
6⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
6⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
6⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
11⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
12⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 204
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
8⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
8⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
9⤵
PID:9468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
10⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
10⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 236
9⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 220
8⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
7⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
6⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
7⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
8⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
9⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
10⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
9⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
8⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 216
7⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 220
6⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
5⤵
- Program crash
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
4⤵
- Program crash
PID:2640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
2⤵
- Program crash
PID:2600

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
Filesize
184KB

MD5
dd6355c0a0ba8691ab6726e899fed208

SHA1
c9e72825a2b1614de0c5427a567ceeb42e9946cf

SHA256
fc73e2fb204f54478a6be054e523d7d64d8a7a5f33c9c9b480eaf1128581078f

SHA512
742327fe2eb5b34c6125fc5816b113228b67de1e9088fbffa73bc00781771a58610d74d6dcc9bf1e21853006dd8fea4f109ea466cde94d600273c49d4e612c33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
Filesize
184KB

MD5
b5a0c8f4e6bf71db879ab8e3f11d4f03

SHA1
1811437e0866d90bf9f7aeb9d083bf5510e52e4a

SHA256
7016bf1ce6e1ff311580fca7c67c7ce8d726097a5c6962cb3b90d1460af48b5b

SHA512
8320e60710b0604b39802e8b8795364f07c509383b5f548956a48621712adb13ad3ed5a816beb9755dba650001604fe03a8c8a5e9a28366b652377c62648e3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
Filesize
184KB

MD5
5790c6b9bc6f1452b5f78e7bfb2a3e5b

SHA1
daff7f344f0908bfe8dfc95b2635c43a6320573c

SHA256
5552cac5ab48f1411734f8251c9f4d2992d5ef9277953fb503da6313c036df42

SHA512
3f83ccf6e0edb55693f3f3b5fa7f0b03638697e343f9ef7c4e44d3c598cc8c67f56f4a21b8b14b38d9a33a377f11d9dc665abe49fbffd55b0e63716750a2b5db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
Filesize
184KB

MD5
0f288912181c55dd02bdb12b5e53be9d

SHA1
1d4352f9e255bf5fefeefca942ec645e0d10e45a

SHA256
853825f8d9adba4b68cb9366b04bb04649c83252909e8398715e2d4205678968

SHA512
3a2974b975c12a5b5b706575bd7cd6b23b1d0fbb31221e9cdb224fef2d133497a78640ef232602d04c0cad78a6ca97a85734ca9d469635518454b842dbd8b94f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
Filesize
184KB

MD5
27a55cd5a89c888f1c062b07d1b498c7

SHA1
36b89d2127c80a572acee37846b19b504d04b2db

SHA256
114cf59c16caaa53d36744baa32d5e8ff783f92541dcc8d400a01053b2447b58

SHA512
7d0b12728833332e320c14e86f69cfeec8b88c14ad487feb307a3202bfe4483e5ccdf147939a7295b0921569566465bec2b5e94784cf46d332feaf4c07c0b8e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
Filesize
184KB

MD5
defa6c4a3cb4d31c75a3818daf831158

SHA1
b4d9ac2847d099ea07d38f00d0b6af5ff928b150

SHA256
874ffde35f8a0f7c4ff306376949e12d7480204ccdce7ffc7abe3c38a71e03db

SHA512
642a3fa8d0e382f79e03f15ceac95b2d95364a1c4d9643e2abba467126b77745011667fb5fffc1ee9718dd828f42e32b561177f474b71b4167e0b828e5bf9820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
Filesize
184KB

MD5
b070967e8e4960abd12ad07f5c4ec191

SHA1
dbbbc1c450d0c586289c894d8afb29eea604ccff

SHA256
6ea1dbeeca0b133fed62a14f6e06aa76c8d0480393e78d40c37ca53521e0c63a

SHA512
1c8ab8dcddd6f0ab1d2f86f9590982c5dfed29e8e946be455dbb85d5b8d0a97de6a33ee7bf4c90c061bed67cfad3703f474d98c84b10d2147984ee2713d1df09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
Filesize
184KB

MD5
8b574c4bc210121a1ceb4e062beea3bd

SHA1
e82bf249c098a1f363059be1abeba9d0045147ee

SHA256
f8696cf5a76cfe4ffc05a59cfebddb64a673be2d59462874395a737ab61217ce

SHA512
c67eee0b65ee5bbbfae99d97d68c8a18bdc7fd948f11d5fa06e6be8ddb4ede13f2958a735be783d553632f7aadcb6a17abd9b17b8e8b8e4dc05a947e8be5cd89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
Filesize
184KB

MD5
8eaf38d49804ca23dce04f79c6c72951

SHA1
f5f3bcb0168f5828f6e839a014491271f9f5ad8d

SHA256
91f0cf858afb16823ba300564b2ac6814416df2f96defe14a021b799666bf9c3

SHA512
2831a805d91d8dc6fde443719bf5fb496c955a9cd5c8b31672277344ce192202ee704eee566b044aeb68ab58e49833cbac6caeefff1ec8babe1108c176abcb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62891.exe
Filesize
184KB

MD5
006d3238dd944c479fc4e936357814cf

SHA1
a86c5d0fe933cc276e315798dd501cac5b6e6b2c

SHA256
dbcf7ba0c5e702d293e750e5d2229ddb21eca5697fe52b7e9a6435a95b4a9029

SHA512
4e6b4753c5cd025df440939e8ab45ce3856878056dabdae9ba8d793bb2127dc1f768f0d687e37aa20aa1e117342860b04a8634eaf44d5980fdb41d2952404b5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
Filesize
184KB

MD5
630931789fafc80112358e62b8ca6eb3

SHA1
6f9974b43013186eaccd0e0d063433a1cccd6f02

SHA256
0183788f8e39bfbc47d35682d330d9e07cbbba23a5f7c344553ac47f533c27bd

SHA512
1ed93f68e8faf4846e54a6250578996b3b1f7e8c7135c0a7d2d84525df65ef156b1de2ac96cfce56dc352ba8533f3b5769af9585949fb095aa9fddc9a0473613

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
Filesize
184KB

MD5
86c059e979325be71fbaccf7253b2080

SHA1
9f5829ccd82eeeb821b3424b967ab7a253983189

SHA256
ba5f60f94ba358a04ca338f5daa6ec26a07d3ea1714f457d31bd6e3381951bf4

SHA512
e4e0bd4fb93f297b6b6d3f427ca7436a33130c99ace24d5465d4a4e0cb63e434b73a71afd1441da55e1d8c73e1600bd995a75c97e7eb21efa948491bd46fd39a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
Filesize
184KB

MD5
6f2df475a567452abed9f603e2deb71b

SHA1
0ca65acab642d18e8c67be430317eb2e04bbf37c

SHA256
f8342effbc3328aa7d4a356253f36d58305606562fdd1cd0b08dc32b051d9888

SHA512
cd4972049c630060ee6f1674b607ddc045687e510856343a37d8fe4902731b0b9a0136a94893d5b42f33dae1d6b1982710cf7c032849fa0c3c33701619a1a2a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
Filesize
184KB

MD5
4d96b207751786c6a8adacebf2236d5f

SHA1
71c2d3573e2b8d8c161fd83299d99a0039351777

SHA256
e8452f132ff5ece03fc735648c11df431b505835d247dc15ecb242611a7fee4f

SHA512
38a2f7afdc735ebc9418b18597d4d15dd4a8b547bdeebbe283c76dd25d3798044c068378a3d0c494a901e6f0101233942ca3127e952cc6af1ae9a6945031b669

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
Filesize
184KB

MD5
705cb01eb636ff90b30b64309e8b7975

SHA1
b56671d1c19c8759177655fc9b6057ab14f15aaa

SHA256
5001b0e6d7bd90ae493d7480ca51b7aa37938174282dc7582efa846565886ec3

SHA512
73bc204be3a1942352150b9bbb01b1596438aac17577a2e0b598e0f1f35215c960ed730304514c2ddfb7ec69a152deb7d5cd2d242226757b61d1c7602cbc702f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
Filesize
184KB

MD5
e3a4cd1f6516d2ccc3c895af355024db

SHA1
3fbf9211b56f9d2ecc4d6aa70abe5c4c8d825fd1

SHA256
7db5f8863cf421711c10720846a33260ece2a9fe2cfc7e96a406d610dd855422

SHA512
d220155d1a1c60d3d71e6e0b1be4d9e4ca2265b8e7bafad68c78cadd95f2442ef00f04b11b77ee9622a2500db42bcd4619dfd5d83f9d505d4ca9f7bab81ce2bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
Filesize
184KB

MD5
25fa4655012959bab39df30412c9e7cc

SHA1
668fed56fdc60e47c128472ee23f4c848421fe1e

SHA256
df959be50fbd52c17a0140e3f24d5303f3b62a15dc437eb64c2cfd494c22b08e

SHA512
28132d6f1c2e2ecfb7ab49b6230b2555bf0a34f6eff6e42b955127b5264bbbe3d0eddd815cb1f996af482547089749a1c703a2d5d69b4a244018251fc17d37cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
Filesize
184KB

MD5
c738ababaf8eb54813a4360eb43cc7a3

SHA1
4841123aa2d9e4a8e6c4079adb51b69f064aeb57

SHA256
83cad589e52b4f1d537915bedcf9f0b77c098b63324dac11cc2143fc2a17b666

SHA512
de77b164248f2a2906c243747ca74b3bc305fdd8dd3f0c9ce6941ac3e6e9f48a799c918198b3660dd4fca27e330ccea5ce9dd2637d965c44394d255451e95c07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
Filesize
184KB

MD5
ad1fd1254b2ca414d1669c8814df6dac

SHA1
961a7bc4141d61b9410fdcd1c1a5b20355d74583

SHA256
ef982de6afc1c2696044841f27dd5b068a25a53f538e5adf1ec8fca9b684214a

SHA512
17f1950d08f031425402773387e494484f41d5cea183266789216309fb2bf8970a1167d39cc8c03cb276d47d5f6d063cd69287bbdf8c1179b2547057229089f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads