2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
Size

184KB
MD5

32031f190365cac0cd09fc35857fc13e
SHA1

58db275fb269ac694fae07ad1b01b0d581a140df
SHA256

2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767
SHA512

4ebad258a690b8d1aac88b66de662cf608f6d063ee801a0b6c3bd30db6283782100e3ac5608de7e550e2095daad9a8519afe8893529f46b691ef955ed22453d9
SSDEEP

3072:67a3MtoTFJOTdGtmeC7LRXsThlnViFTn3:67PomJGtyL9sThlnViFT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-34926.exeUnicorn-4282.exeUnicorn-19227.exeUnicorn-10587.exeUnicorn-45398.exeUnicorn-25532.exeUnicorn-1433.exeUnicorn-43020.exeUnicorn-52580.exeUnicorn-52580.exeUnicorn-1988.exeUnicorn-20545.exeUnicorn-52663.exeUnicorn-26021.exeUnicorn-28713.exeUnicorn-44495.exeUnicorn-44495.exeUnicorn-24629.exeUnicorn-50800.exeUnicorn-14583.exeUnicorn-25444.exeUnicorn-2331.exeUnicorn-17276.exeUnicorn-26836.exeUnicorn-61646.exeUnicorn-41780.exeUnicorn-61646.exeUnicorn-2886.exeUnicorn-22752.exeUnicorn-33442.exeUnicorn-40218.exeUnicorn-3483.exeUnicorn-18428.exeUnicorn-1345.exeUnicorn-19820.exeUnicorn-34764.exeUnicorn-48408.exeUnicorn-29934.exeUnicorn-56576.exeUnicorn-5984.exeUnicorn-21766.exeUnicorn-61215.exeUnicorn-50354.exeUnicorn-57131.exeUnicorn-11459.exeUnicorn-65019.exeUnicorn-14427.exeUnicorn-26125.exeUnicorn-57406.exeUnicorn-7650.exeUnicorn-22595.exeUnicorn-42461.exeUnicorn-58797.exeUnicorn-34847.exeUnicorn-48491.exeUnicorn-63436.exeUnicorn-51184.exeUnicorn-44962.exeUnicorn-50437.exeUnicorn-3374.exeUnicorn-38185.exeUnicorn-12097.exeUnicorn-1236.exeUnicorn-1236.exe

pid	process
2188	Unicorn-34926.exe
2744	Unicorn-4282.exe
1732	Unicorn-19227.exe
2544	Unicorn-10587.exe
2252	Unicorn-45398.exe
2476	Unicorn-25532.exe
1220	Unicorn-1433.exe
2196	Unicorn-43020.exe
2008	Unicorn-52580.exe
2688	Unicorn-52580.exe
1088	Unicorn-1988.exe
2016	Unicorn-20545.exe
2808	Unicorn-52663.exe
1608	Unicorn-26021.exe
2248	Unicorn-28713.exe
2304	Unicorn-44495.exe
2536	Unicorn-44495.exe
536	Unicorn-24629.exe
1316	Unicorn-50800.exe
1336	Unicorn-14583.exe
2880	Unicorn-25444.exe
356	Unicorn-2331.exe
1808	Unicorn-17276.exe
2856	Unicorn-26836.exe
1232	Unicorn-61646.exe
864	Unicorn-41780.exe
1128	Unicorn-61646.exe
1892	Unicorn-2886.exe
2268	Unicorn-22752.exe
1756	Unicorn-33442.exe
2908	Unicorn-40218.exe
1236	Unicorn-3483.exe
3024	Unicorn-18428.exe
2152	Unicorn-1345.exe
2168	Unicorn-19820.exe
2996	Unicorn-34764.exe
2864	Unicorn-48408.exe
2716	Unicorn-29934.exe
2540	Unicorn-56576.exe
2472	Unicorn-5984.exe
2944	Unicorn-21766.exe
1880	Unicorn-61215.exe
2176	Unicorn-50354.exe
2328	Unicorn-57131.exe
1956	Unicorn-11459.exe
2000	Unicorn-65019.exe
2528	Unicorn-14427.exe
2920	Unicorn-26125.exe
2956	Unicorn-57406.exe
696	Unicorn-7650.exe
2412	Unicorn-22595.exe
836	Unicorn-42461.exe
752	Unicorn-58797.exe
1928	Unicorn-34847.exe
2904	Unicorn-48491.exe
2208	Unicorn-63436.exe
2084	Unicorn-51184.exe
2128	Unicorn-44962.exe
3036	Unicorn-50437.exe
3000	Unicorn-3374.exe
2988	Unicorn-38185.exe
2724	Unicorn-12097.exe
2868	Unicorn-1236.exe
2572	Unicorn-1236.exe

Loads dropped DLL 64 IoCs

Processes:

2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exeUnicorn-34926.exeUnicorn-4282.exeUnicorn-19227.exeWerFault.exeUnicorn-10587.exeUnicorn-45398.exeUnicorn-25532.exeWerFault.exeWerFault.exeUnicorn-43020.exeUnicorn-52580.exeUnicorn-1988.exeUnicorn-52580.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
2188	Unicorn-34926.exe
2188	Unicorn-34926.exe
1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
2744	Unicorn-4282.exe
2744	Unicorn-4282.exe
1732	Unicorn-19227.exe
1732	Unicorn-19227.exe
2188	Unicorn-34926.exe
2188	Unicorn-34926.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2544	Unicorn-10587.exe
2544	Unicorn-10587.exe
2744	Unicorn-4282.exe
2744	Unicorn-4282.exe
1732	Unicorn-19227.exe
2252	Unicorn-45398.exe
1732	Unicorn-19227.exe
2476	Unicorn-25532.exe
2252	Unicorn-45398.exe
2476	Unicorn-25532.exe
1436	WerFault.exe
1436	WerFault.exe
1436	WerFault.exe
1436	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
1436	WerFault.exe
2544	Unicorn-10587.exe
2544	Unicorn-10587.exe
2196	Unicorn-43020.exe
2196	Unicorn-43020.exe
2688	Unicorn-52580.exe
2688	Unicorn-52580.exe
2476	Unicorn-25532.exe
2476	Unicorn-25532.exe
1088	Unicorn-1988.exe
1088	Unicorn-1988.exe
2008	Unicorn-52580.exe
2008	Unicorn-52580.exe
2252	Unicorn-45398.exe
2252	Unicorn-45398.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2548	1632	WerFault.exe	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
2440	2188	WerFault.exe	Unicorn-34926.exe
1436	2744	WerFault.exe	Unicorn-4282.exe
2500	1732	WerFault.exe	Unicorn-19227.exe
584	2544	WerFault.exe	Unicorn-10587.exe
580	2476	WerFault.exe	Unicorn-25532.exe
1060	2252	WerFault.exe	Unicorn-45398.exe
2116	2196	WerFault.exe	Unicorn-43020.exe
1672	2688	WerFault.exe	Unicorn-52580.exe
1600	1088	WerFault.exe	Unicorn-1988.exe
1512	2008	WerFault.exe	Unicorn-52580.exe
2416	2016	WerFault.exe	Unicorn-20545.exe
2756	2808	WerFault.exe	Unicorn-52663.exe
1924	1608	WerFault.exe	Unicorn-26021.exe
2052	2248	WerFault.exe	Unicorn-28713.exe
776	2536	WerFault.exe	Unicorn-44495.exe
2280	2304	WerFault.exe	Unicorn-44495.exe
556	536	WerFault.exe	Unicorn-24629.exe
1552	2996	WerFault.exe	Unicorn-34764.exe
2508	1316	WerFault.exe	Unicorn-50800.exe
1996	1336	WerFault.exe	Unicorn-14583.exe
1740	2880	WerFault.exe	Unicorn-25444.exe
2888	356	WerFault.exe	Unicorn-2331.exe
408	1808	WerFault.exe	Unicorn-17276.exe
2256	1892	WerFault.exe	Unicorn-2886.exe
636	2268	WerFault.exe	Unicorn-22752.exe
2360	2856	WerFault.exe	Unicorn-26836.exe
2104	864	WerFault.exe	Unicorn-41780.exe
2368	1128	WerFault.exe	Unicorn-61646.exe
1244	1232	WerFault.exe	Unicorn-61646.exe
2076	1756	WerFault.exe	Unicorn-33442.exe
2236	2908	WerFault.exe	Unicorn-40218.exe
2612	3024	WerFault.exe	Unicorn-18428.exe
1220	1236	WerFault.exe	Unicorn-3483.exe
2184	2168	WerFault.exe	Unicorn-19820.exe
1816	2864	WerFault.exe	Unicorn-48408.exe
1200	2716	WerFault.exe	Unicorn-29934.exe
1428	2472	WerFault.exe	Unicorn-5984.exe
3092	1880	WerFault.exe	Unicorn-61215.exe
3100	2540	WerFault.exe	Unicorn-56576.exe
3140	2328	WerFault.exe	Unicorn-57131.exe
3132	2944	WerFault.exe	Unicorn-21766.exe
3168	1956	WerFault.exe	Unicorn-11459.exe
3176	2176	WerFault.exe	Unicorn-50354.exe
3696	2000	WerFault.exe	Unicorn-65019.exe
3716	2528	WerFault.exe	Unicorn-14427.exe
3932	2920	WerFault.exe	Unicorn-26125.exe
3388	3000	WerFault.exe	Unicorn-3374.exe
3416	2956	WerFault.exe	Unicorn-57406.exe
3492	2412	WerFault.exe	Unicorn-22595.exe
3560	2128	WerFault.exe	Unicorn-44962.exe
3988	2904	WerFault.exe	Unicorn-48491.exe
4088	2724	WerFault.exe	Unicorn-12097.exe
3220	1572	WerFault.exe	Unicorn-4204.exe
3612	560	WerFault.exe	Unicorn-8802.exe
3704	2752	WerFault.exe	Unicorn-33307.exe
3824	2608	WerFault.exe	Unicorn-42823.exe
3992	568	WerFault.exe	Unicorn-64588.exe
4136	2344	WerFault.exe	Unicorn-14339.exe
4144	1492	WerFault.exe	Unicorn-23795.exe
4208	1676	WerFault.exe	Unicorn-55927.exe
4216	2208	WerFault.exe	Unicorn-63436.exe
4240	2768	WerFault.exe	Unicorn-8117.exe
4264	2728	WerFault.exe	Unicorn-43976.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exeUnicorn-34926.exeUnicorn-4282.exeUnicorn-19227.exeUnicorn-10587.exeUnicorn-45398.exeUnicorn-25532.exeUnicorn-43020.exeUnicorn-52580.exeUnicorn-52580.exeUnicorn-1988.exeUnicorn-20545.exeUnicorn-52663.exeUnicorn-26021.exeUnicorn-28713.exeUnicorn-44495.exeUnicorn-24629.exeUnicorn-44495.exeUnicorn-50800.exeUnicorn-14583.exeUnicorn-25444.exeUnicorn-2331.exeUnicorn-17276.exeUnicorn-2886.exeUnicorn-26836.exeUnicorn-61646.exeUnicorn-41780.exeUnicorn-61646.exeUnicorn-22752.exeUnicorn-33442.exeUnicorn-40218.exeUnicorn-3483.exeUnicorn-18428.exeUnicorn-19820.exeUnicorn-34764.exeUnicorn-48408.exeUnicorn-29934.exeUnicorn-56576.exeUnicorn-5984.exeUnicorn-21766.exeUnicorn-61215.exeUnicorn-50354.exeUnicorn-57131.exeUnicorn-11459.exeUnicorn-65019.exeUnicorn-14427.exeUnicorn-26125.exeUnicorn-57406.exeUnicorn-22595.exeUnicorn-7650.exeUnicorn-42461.exeUnicorn-58797.exeUnicorn-34847.exeUnicorn-63436.exeUnicorn-48491.exeUnicorn-44962.exeUnicorn-50437.exeUnicorn-3374.exeUnicorn-38185.exeUnicorn-12097.exeUnicorn-42823.exeUnicorn-62689.exeUnicorn-3929.exeUnicorn-38739.exe

pid	process
1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
2188	Unicorn-34926.exe
2744	Unicorn-4282.exe
1732	Unicorn-19227.exe
2544	Unicorn-10587.exe
2252	Unicorn-45398.exe
2476	Unicorn-25532.exe
2196	Unicorn-43020.exe
2688	Unicorn-52580.exe
2008	Unicorn-52580.exe
1088	Unicorn-1988.exe
2016	Unicorn-20545.exe
2808	Unicorn-52663.exe
1608	Unicorn-26021.exe
2248	Unicorn-28713.exe
2536	Unicorn-44495.exe
536	Unicorn-24629.exe
2304	Unicorn-44495.exe
1316	Unicorn-50800.exe
1336	Unicorn-14583.exe
2880	Unicorn-25444.exe
356	Unicorn-2331.exe
1808	Unicorn-17276.exe
1892	Unicorn-2886.exe
2856	Unicorn-26836.exe
1232	Unicorn-61646.exe
864	Unicorn-41780.exe
1128	Unicorn-61646.exe
2268	Unicorn-22752.exe
1756	Unicorn-33442.exe
2908	Unicorn-40218.exe
1236	Unicorn-3483.exe
3024	Unicorn-18428.exe
2168	Unicorn-19820.exe
2996	Unicorn-34764.exe
2864	Unicorn-48408.exe
2716	Unicorn-29934.exe
2540	Unicorn-56576.exe
2472	Unicorn-5984.exe
2944	Unicorn-21766.exe
1880	Unicorn-61215.exe
2176	Unicorn-50354.exe
2328	Unicorn-57131.exe
1956	Unicorn-11459.exe
2000	Unicorn-65019.exe
2528	Unicorn-14427.exe
2920	Unicorn-26125.exe
2956	Unicorn-57406.exe
2412	Unicorn-22595.exe
696	Unicorn-7650.exe
836	Unicorn-42461.exe
752	Unicorn-58797.exe
1928	Unicorn-34847.exe
2208	Unicorn-63436.exe
2904	Unicorn-48491.exe
2128	Unicorn-44962.exe
3036	Unicorn-50437.exe
3000	Unicorn-3374.exe
2988	Unicorn-38185.exe
2724	Unicorn-12097.exe
2608	Unicorn-42823.exe
1152	Unicorn-62689.exe
2560	Unicorn-3929.exe
2332	Unicorn-38739.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exeUnicorn-34926.exeUnicorn-4282.exeUnicorn-19227.exeUnicorn-10587.exeUnicorn-45398.exeUnicorn-25532.exe

description	pid	process	target process
PID 1632 wrote to memory of 2188	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-34926.exe
PID 1632 wrote to memory of 2188	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-34926.exe
PID 1632 wrote to memory of 2188	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-34926.exe
PID 1632 wrote to memory of 2188	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-34926.exe
PID 2188 wrote to memory of 2744	2188	Unicorn-34926.exe	Unicorn-4282.exe
PID 2188 wrote to memory of 2744	2188	Unicorn-34926.exe	Unicorn-4282.exe
PID 2188 wrote to memory of 2744	2188	Unicorn-34926.exe	Unicorn-4282.exe
PID 2188 wrote to memory of 2744	2188	Unicorn-34926.exe	Unicorn-4282.exe
PID 1632 wrote to memory of 1732	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-19227.exe
PID 1632 wrote to memory of 1732	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-19227.exe
PID 1632 wrote to memory of 1732	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-19227.exe
PID 1632 wrote to memory of 1732	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	Unicorn-19227.exe
PID 1632 wrote to memory of 2548	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	WerFault.exe
PID 1632 wrote to memory of 2548	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	WerFault.exe
PID 1632 wrote to memory of 2548	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	WerFault.exe
PID 1632 wrote to memory of 2548	1632	2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe	WerFault.exe
PID 2744 wrote to memory of 2544	2744	Unicorn-4282.exe	Unicorn-10587.exe
PID 2744 wrote to memory of 2544	2744	Unicorn-4282.exe	Unicorn-10587.exe
PID 2744 wrote to memory of 2544	2744	Unicorn-4282.exe	Unicorn-10587.exe
PID 2744 wrote to memory of 2544	2744	Unicorn-4282.exe	Unicorn-10587.exe
PID 1732 wrote to memory of 2252	1732	Unicorn-19227.exe	Unicorn-45398.exe
PID 1732 wrote to memory of 2252	1732	Unicorn-19227.exe	Unicorn-45398.exe
PID 1732 wrote to memory of 2252	1732	Unicorn-19227.exe	Unicorn-45398.exe
PID 1732 wrote to memory of 2252	1732	Unicorn-19227.exe	Unicorn-45398.exe
PID 2188 wrote to memory of 2476	2188	Unicorn-34926.exe	Unicorn-25532.exe
PID 2188 wrote to memory of 2476	2188	Unicorn-34926.exe	Unicorn-25532.exe
PID 2188 wrote to memory of 2476	2188	Unicorn-34926.exe	Unicorn-25532.exe
PID 2188 wrote to memory of 2476	2188	Unicorn-34926.exe	Unicorn-25532.exe
PID 2188 wrote to memory of 2440	2188	Unicorn-34926.exe	WerFault.exe
PID 2188 wrote to memory of 2440	2188	Unicorn-34926.exe	WerFault.exe
PID 2188 wrote to memory of 2440	2188	Unicorn-34926.exe	WerFault.exe
PID 2188 wrote to memory of 2440	2188	Unicorn-34926.exe	WerFault.exe
PID 2544 wrote to memory of 1220	2544	Unicorn-10587.exe	Unicorn-1433.exe
PID 2544 wrote to memory of 1220	2544	Unicorn-10587.exe	Unicorn-1433.exe
PID 2544 wrote to memory of 1220	2544	Unicorn-10587.exe	Unicorn-1433.exe
PID 2544 wrote to memory of 1220	2544	Unicorn-10587.exe	Unicorn-1433.exe
PID 2744 wrote to memory of 2196	2744	Unicorn-4282.exe	Unicorn-43020.exe
PID 2744 wrote to memory of 2196	2744	Unicorn-4282.exe	Unicorn-43020.exe
PID 2744 wrote to memory of 2196	2744	Unicorn-4282.exe	Unicorn-43020.exe
PID 2744 wrote to memory of 2196	2744	Unicorn-4282.exe	Unicorn-43020.exe
PID 1732 wrote to memory of 1088	1732	Unicorn-19227.exe	Unicorn-1988.exe
PID 1732 wrote to memory of 1088	1732	Unicorn-19227.exe	Unicorn-1988.exe
PID 1732 wrote to memory of 1088	1732	Unicorn-19227.exe	Unicorn-1988.exe
PID 1732 wrote to memory of 1088	1732	Unicorn-19227.exe	Unicorn-1988.exe
PID 2252 wrote to memory of 2008	2252	Unicorn-45398.exe	Unicorn-52580.exe
PID 2252 wrote to memory of 2008	2252	Unicorn-45398.exe	Unicorn-52580.exe
PID 2252 wrote to memory of 2008	2252	Unicorn-45398.exe	Unicorn-52580.exe
PID 2252 wrote to memory of 2008	2252	Unicorn-45398.exe	Unicorn-52580.exe
PID 2476 wrote to memory of 2688	2476	Unicorn-25532.exe	Unicorn-52580.exe
PID 2476 wrote to memory of 2688	2476	Unicorn-25532.exe	Unicorn-52580.exe
PID 2476 wrote to memory of 2688	2476	Unicorn-25532.exe	Unicorn-52580.exe
PID 2476 wrote to memory of 2688	2476	Unicorn-25532.exe	Unicorn-52580.exe
PID 2744 wrote to memory of 1436	2744	Unicorn-4282.exe	WerFault.exe
PID 2744 wrote to memory of 1436	2744	Unicorn-4282.exe	WerFault.exe
PID 2744 wrote to memory of 1436	2744	Unicorn-4282.exe	WerFault.exe
PID 2744 wrote to memory of 1436	2744	Unicorn-4282.exe	WerFault.exe
PID 1732 wrote to memory of 2500	1732	Unicorn-19227.exe	WerFault.exe
PID 1732 wrote to memory of 2500	1732	Unicorn-19227.exe	WerFault.exe
PID 1732 wrote to memory of 2500	1732	Unicorn-19227.exe	WerFault.exe
PID 1732 wrote to memory of 2500	1732	Unicorn-19227.exe	WerFault.exe
PID 2544 wrote to memory of 2016	2544	Unicorn-10587.exe	Unicorn-20545.exe
PID 2544 wrote to memory of 2016	2544	Unicorn-10587.exe	Unicorn-20545.exe
PID 2544 wrote to memory of 2016	2544	Unicorn-10587.exe	Unicorn-20545.exe
PID 2544 wrote to memory of 2016	2544	Unicorn-10587.exe	Unicorn-20545.exe

C:\Users\Admin\AppData\Local\Temp\2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe
"C:\Users\Admin\AppData\Local\Temp\2acad83aa7699c6a0b4c063974fa7b83492f6ab8ce6118f530400f1faa3aa767.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
5⤵
- Executes dropped EXE
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
9⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
10⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
11⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
12⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
13⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
14⤵
PID:11424

C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
15⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
14⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
13⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 220
12⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
11⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
11⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
12⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
13⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
14⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 204
14⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
13⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 220
12⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
11⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 220
10⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
9⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
10⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
11⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
12⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
13⤵
PID:11308

C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
14⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
13⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 220
12⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
11⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
10⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
9⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
8⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
9⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
10⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
11⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
12⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
13⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
14⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
12⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
11⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
12⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
13⤵
PID:14076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 216
13⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
12⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 220
11⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
9⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
8⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
8⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
10⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
11⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
12⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
13⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
14⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 236
14⤵
PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 220
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 220
12⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-58748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58748.exe
11⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
13⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
13⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
9⤵
- Program crash
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
11⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
12⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
13⤵
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
13⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
10⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
8⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
9⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
11⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
12⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
13⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
14⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 220
14⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
12⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
10⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
11⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 200
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 236
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 236
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
9⤵
- Program crash
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
8⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
12⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
13⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
13⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
11⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
9⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
8⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
7⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
10⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
11⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
12⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
13⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
13⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 236
12⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
10⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
11⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 236
12⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 236
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 240
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
11⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
12⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
12⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
10⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
8⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
7⤵
- Program crash
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
6⤵
- Program crash
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
9⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
10⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
11⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
12⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
13⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
14⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
14⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 220
13⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 220
12⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
11⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
11⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
12⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
13⤵
PID:14156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
13⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 220
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
8⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
10⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
11⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
12⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
13⤵
PID:11532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
14⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
12⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
11⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
10⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
11⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 236
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
11⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
9⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
8⤵
- Program crash
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
8⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
11⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
12⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
13⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 220
13⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 220
12⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 220
11⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
9⤵
- Program crash
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
11⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 216
12⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
9⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
7⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
7⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
6⤵
- Program crash
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
8⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
10⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
11⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
12⤵
PID:11596

C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
13⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 236
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
11⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
9⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
11⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
12⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 220
12⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
11⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 220
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
7⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-41073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41073.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
10⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
11⤵
PID:11764

C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
12⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
11⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 220
10⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
8⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
7⤵
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
10⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
11⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
12⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
12⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
10⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
8⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
7⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
8⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 200
9⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
8⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 220
7⤵
- Program crash
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
6⤵
- Program crash
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
5⤵
- Program crash
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
9⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
11⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
12⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
13⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
14⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 220
14⤵
PID:13824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 236
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
11⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
11⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
13⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
13⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
11⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
8⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 220
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 220
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
9⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
8⤵
- Program crash
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-22595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22595.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
8⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
12⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
13⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 204
13⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
9⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
8⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
7⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-42461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42461.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
8⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
12⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
13⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
13⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 220
12⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
11⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 216
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 236
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
10⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
9⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
10⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
11⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
12⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 216
12⤵
PID:13896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
7⤵
- Program crash
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
6⤵
- Program crash
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
6⤵
- Executes dropped EXE
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
7⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
11⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
12⤵
PID:12040

C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
13⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 236
12⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
11⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
11⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
12⤵
PID:13416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 236
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
8⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
7⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-31063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31063.exe
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 220
11⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 236
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
9⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
10⤵
PID:11452

C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
11⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
10⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 220
9⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 240
8⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 220
7⤵
- Program crash
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
6⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
5⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-44962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44962.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
7⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
9⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
10⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
11⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
11⤵
PID:13476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
10⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
9⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 240
8⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
7⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
6⤵
- Program crash
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
7⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
9⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
12⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-21126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21126.exe
13⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
13⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
12⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
12⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 220
11⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
10⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 240
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
10⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
11⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
12⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 220
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
11⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
8⤵
- Program crash
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
10⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
11⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
12⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
12⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
10⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
9⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
10⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
11⤵
PID:13364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 236
10⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 220
9⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 240
8⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
7⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
6⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
11⤵
PID:10676

C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
12⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 216
12⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
11⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 220
10⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
9⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
10⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 220
11⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 220
10⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
6⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
5⤵
- Program crash
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
9⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
10⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
11⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
12⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-38183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38183.exe
13⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
14⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
14⤵
PID:14132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
13⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
12⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
11⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
12⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
13⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 216
13⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
8⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 188
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 220
11⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-14147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14147.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
12⤵
PID:11500

C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
13⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
9⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
10⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-16824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16824.exe
11⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
12⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 220
11⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 220
10⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
7⤵
- Program crash
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
6⤵
- Program crash
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
7⤵
- Executes dropped EXE
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
7⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
7⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
10⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
11⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
12⤵
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
12⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
11⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
7⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
9⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
10⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
11⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 216
11⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 236
10⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
8⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
7⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
6⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
5⤵
- Program crash
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
8⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
10⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
11⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
12⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
13⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 216
13⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 236
11⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
10⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
10⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
11⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
12⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 220
12⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
7⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
10⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
11⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
12⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 236
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 216
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
7⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
10⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
11⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
12⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
12⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 236
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
8⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
7⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
9⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
10⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
11⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
11⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
10⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
9⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
8⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
6⤵
- Program crash
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
7⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
8⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2754.exe
9⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
10⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
11⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
12⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
12⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 220
10⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
8⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
9⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
10⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
11⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 220
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
10⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
9⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
7⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
6⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
7⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
8⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
9⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
10⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
11⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
11⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 236
10⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
9⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
7⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
6⤵
- Program crash
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
5⤵
- Program crash
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
8⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 220
13⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 220
10⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
10⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
11⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
12⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
12⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 236
11⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 220
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
8⤵
- Program crash
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
7⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
9⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-58748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58748.exe
10⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
11⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
12⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 220
12⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 216
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
7⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
11⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
12⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 220
12⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 220
10⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
8⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
9⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
10⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
11⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 236
11⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 236
10⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
9⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
8⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
7⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
6⤵
- Program crash
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
6⤵
- Executes dropped EXE
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
6⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
10⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
11⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
12⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
9⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
10⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
11⤵
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
11⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
10⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
9⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 240
8⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
7⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
8⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
9⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
10⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
11⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
11⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
9⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
8⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
- Program crash
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
6⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
5⤵
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-2886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2886.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
6⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
11⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
12⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 220
12⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
9⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
10⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
11⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 216
11⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
10⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 220
9⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 220
8⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
9⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
10⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
11⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
10⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
9⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
8⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
7⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
6⤵
- Program crash
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
5⤵
- Executes dropped EXE
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
6⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
7⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
8⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
9⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
9⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
8⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
7⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
6⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
7⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
8⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe
9⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
10⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 220
10⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
9⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
8⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
7⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
6⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
5⤵
- Program crash
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
4⤵
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
2⤵
- Program crash
PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe

Filesize
184KB

MD5
cd8497b522723c6bcf8bd0974592dd8f

SHA1
b4073279b4d3cddec6fd30be578de20300a68579

SHA256
c023ef05060c05463bf5a8f69d25bf631c760e9ea420a38c1de5f12caddfb89e

SHA512
c1d1b6af2eca494fcc4ad717830949d0241e471fb6e666337db0cf2aefe53bf3e4cef65604fa4ae433ab06cadb13df0e8672096a300770e7e0af1e611cae508a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe

Filesize
184KB

MD5
cf3a44466b7b8d3ab31b1bb79d06e06a

SHA1
043b4baf23570c5c7ce06b7e41453f371481ba3b

SHA256
e0e932cf046ebe82a2fc5f390c296afccafa2ffdb00706d15cdb4272bff884c9

SHA512
1160a494b07eb59031d780005c92e683014c7c24958d4e2fa7249d3baf756a6ad98955962d563b6e779fc723bc007c32ff42f198ad60d71dae0ffa9e92aedb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe

Filesize
184KB

MD5
f2337062b84e0f0fed2a44d184879da8

SHA1
d45ebf04dcd8c9ab5176ecae6652f921bdff2b4a

SHA256
839c715dbc33957d321df3fd481da329bb921c38d8e2429084d743794ce49c1f

SHA512
c6d943608146cef59f805e8b55c0179b4331b67a069d9e982de9a7a27e9041fd8d0076f18797eddac094f284589e167637f0490c6419996f7b99772ea1e418d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe

Filesize
184KB

MD5
c6286f3595402521f87fefed37eeedcf

SHA1
a270b1ab81181f2e5cc5cce7489ecafc445addee

SHA256
dafc7ced8b158380f593861a5db15c5f7db6a8f79925e3e7489fefdb74fdd29c

SHA512
92d7a21aba16566ab306ae6b6c167cc7dc3ff3e02df8e23bc3bac0e6eab7810b9adc19d7ff62ce82dee3922ce0ce7a1458e9b76b2acb6a6fc217be9aab08b87a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe

Filesize
184KB

MD5
62c11788f604dacebc7cf357b296af5d

SHA1
d2d99a493154e5842d2246ffb3dfc605b1d4e5d2

SHA256
6be5a45062b8e2f419353e73f7d22157f7f742bab9326f4beb680f3463153e31

SHA512
7ddb2d2a84f6365f901fc7d168b4e248d09badccbb73044b7503143f4af194948300009b22bd25b592701f7c40774010f98ae6076e7b576448230d6cb0dc61e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe

Filesize
184KB

MD5
fe87e5cbdbdad48369af6dd4036780f8

SHA1
9105d1f94125884204ed15f3ddf8e6cf76632c60

SHA256
ad59c29396083442606ad69628118c8544cd0a17d1de6b5ee42eec2a8fa0f782

SHA512
8ef93c8953eb6f94ec77655af2847fa7db9234669d66d2f4698605ab0bbe9e788a07dcc9586f2167062355141f93e8edf38f369acfe6e6330bbaea01c745ef40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe

Filesize
184KB

MD5
4bab7c3126d8ca7ae3cdd2edfef2b1c7

SHA1
905577fbc86f38abddfc20504c5291ac99d13747

SHA256
594ec0c1cdcab671f2d61f28b57bc85c08c5ca51a02e9b3e8bc96ddb7ed649b3

SHA512
f3c92758698d70bbb2032f317a3eb6db631721d9e301029fb91a442887ecc2597d790ad6357db2285f8b3f16cf3c33ff1540cd247a0a2ab425ae8269791646ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe

Filesize
184KB

MD5
59dd56b0ec4df5f212318dfa3b5177df

SHA1
8121c6ce8a7ccfc455de25032b0ddec1ef60b714

SHA256
b51b5a59f3fd53d70b7c3b292f9fd71cd0fe27ea74161dab1e75cdc10460e94f

SHA512
804459e27e22a42fc1525905089f8fc0d8d66948cd7a584e2ddebf174b32d2f9396858e9e3d7ed33269396eb98387092014d24346bd15d0fa062b2613452968d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe

Filesize
184KB

MD5
b97f643275772e914080070f655fd999

SHA1
0f507b8428188dde7113c9525f2eef4e80d319f0

SHA256
1b14c5315ef112c484816eac4ca8dfdb224838ff586cd6aa341c28ffe5d6f5f4

SHA512
90f5f21f527392cf743b24ab55cbb198896a0aed5864eb997a964f78a28cecdb8150f8b5f60ed1ce01d5184b5eacd118561aea010dd7db8890d460869073fc37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe

Filesize
184KB

MD5
814011f689c4cdb0c81f4261a333ec68

SHA1
4c2761324648e047013643a0bd59b6fb742f33d0

SHA256
a61e07c34560cea4306368d2fa7dfee05af717e94d8f7de6aa0080f5fd8cbdb7

SHA512
d184f6290ee46ca50d206d9664af5a52d8516ac059adaac1a4ccd5636c2d0f87927109d57f0a4b77dd259acedb10e36da595d810c5eb260edaf6c01188c6fff9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe

Filesize
184KB

MD5
c10f665b406d840283acb5108b3da96c

SHA1
e593d3c8c4f5f443aca1c878ef79f635a011f5a2

SHA256
d37a62dad8daee8ae238d13512395e3ef275b52f34e657b4473f6ac641561df9

SHA512
1cde9be50e13f8ded59fbcd95787251b4bcd6dd19d01c87550d733afaf1345d076c475843f208d67c92d63bcf8bf2481e21a51aae38185e75f41cc443d746e4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe

Filesize
184KB

MD5
9069162519671e59b60bc4e59c8b59d9

SHA1
33bfe0ed2dc69fef742c8ab756768766a8de696e

SHA256
7e17d9313c178c71f06a47244ae3042ec3680585998ae823876dacba11a7f76e

SHA512
38f0f0be1ce021f83fb8fc5dd1865f5049bb65d1b5a0bf30934cb9f3b985d0dbae5636ddecadd50517a99fce4d11e0a28396f90cb930748eeee71a2d0c9d823b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe

Filesize
184KB

MD5
efa5340840b6fc4c096165f6ab92f942

SHA1
b32d20f8382050fff8b96b4117478cac84f61bfd

SHA256
73e9e34d6ae8d327433b84882395f01eafc1af3f30aeaa90c38773ae1f39e8b1

SHA512
425df96a156985f82476d8015b4b4c4ec317b3d9207d9df40f3cf8228ab7eba9d0d579afa9c6c9b59967c3c0987e420b8816be6c6d0160e0115d49058a6e2c1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe

Filesize
184KB

MD5
37dcde2e344e8459cca1fe7861411b0c

SHA1
2a2d341f148c1ea9129a8f8ec00ca4bdd49625fb

SHA256
74ba6fb819e21d4e0f5f33db4778acdaa77440198bd4f66b4c0f534e057b9a9a

SHA512
d4328b4947b2f13d3c10ecefe8ca0d0df8c892033e21e45295ee66a23e3b855346959bc10826ab23fff2b29e29c9d626b48f40d32ce1d13dca5a0b78a331c9a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe

Filesize
184KB

MD5
8148c37a6649173ac6a3ec22b4b43a8a

SHA1
032d08fe1402d265126c5644b347e152e45b0f6a

SHA256
6e00757f012bccd56465dd9c12a743a714e781178f0d5941f175cce2d4774bbc

SHA512
185f919fd81d28e92587800bc8ef04f9b6b500a79a6c04f384069e1a4d28e11ad7a635fe4d7e087be9c02e776892a10fa98564698c44e5ee74c8ebbda83fc43a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe

Filesize
184KB

MD5
0b24920a3a5c48867c9f454317e5790f

SHA1
e70dfd0aeb0ef49cde03aab4c62808068bb5f4c3

SHA256
4989c071b94fbda379d0d728a6322ac9dedc6cb13e4c3885bd3ddc0959957295

SHA512
0ac21667e7ffc0aa55117f0fb76ce9da60d7625e97b2896ab0c4c7624afbb05b02f04d656ef191637893d57ef134b3dc614803201d65f3ab73209d29b276f002

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe

Filesize
184KB

MD5
539b0ea35eb6be2471b5d6be3b1459d6

SHA1
de92d2d4d30471066b3b6f0cba58e7f73be30258

SHA256
c62746a8bb26f5d6926126c32b6493d6a20aa1c41f44f3f1d59febf2b0f14be2

SHA512
4c9b9a220bb7160ebd57d4a41a01d7f003e0524e79d8036095bede68897fc7bfc31ca537f9b81d6b32c7ca18518043d6873bea2415ee957e61992f5b3bced970

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe

Filesize
184KB

MD5
4c5cbe75b9c8a3c31433cabced761828

SHA1
fea8812ae81d9151b69a94d06308d9307a8178b6

SHA256
83b5d7bbbc3f4b3f09133c47a755e4138e17f56cfb3363460270995c3b7c95e0

SHA512
f4b24db0e39846f301938e8c8c80b5dd5097877950993e47a9c1f031450e442bcf3d02cb66a2bc0a936c892509f8ab6201fb0649bb0bea1c6895ac2eae98b2d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe

Filesize
184KB

MD5
5e6231fe0c16d5c1737b8bdfcceafe9f

SHA1
710d331ed79dbe7968b15e4c9480f42c64f508ce

SHA256
ba6b49db68095ee5c098fe73f8b0d0d1d161b8433b6af7909917461f240c738f

SHA512
277b9e84f28d22ba4cb053ddb1afc577b0f6238c1236f3314e06682b08be8d8a450641b3b9d5abf6dee909a2f82e8561802e1f92592078eec394fda900f674d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe

Filesize
184KB

MD5
4d6a45bcb7260b2bac833d28a8d447fd

SHA1
6430927edec5631c87b87c815558e39ce395d5e6

SHA256
6ebd44c90b0f805abad3e99acc73c0ca9c570b5bfe7ecd63a14746c3c1ca252d

SHA512
ffb4dc52af0e22602b5a5bd537ef117624f895d449676702d84c5d084e21362e47da32a26ee3ab4f249f9d6e7e0d42c7925b4ad293a63920c3dbebfe40314765

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe

Filesize
184KB

MD5
7aa6fc27334ec0c04fd34a63f996701a

SHA1
dced8ddd4ba7d4bb8d98e00e8d33450276d989eb

SHA256
3fd79949ca768df3bcc309a00199460e9ea88e65eca22141a1ff81b9795b4c4f

SHA512
ce8e66fefef2aaa70d8e581a7ff988f503c8c3b69a411691ad0e68ed9a28a8b29f1c808aa30f0b97432a1c13d0d2936d9a0e0b89c028838eb69dda4b005c6ac9

Download Submit