3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
Size

184KB
MD5

2c417ab6aec5bb4bcd2095d5f620b2b6
SHA1

ce8a694931e40844838f1316381da59d53e57a2a
SHA256

3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542
SHA512

2d7b58b7e4581751288a740254f919c891c584befe208a578cc87b3d9352e7ebed139ccdd503fbceff3eb9089cd6f912bdf682f799f38f92f8d428b0bfd5c2c5
SSDEEP

1536:c7xQ6j5Zu39xo604BQvAoqwMUVIyGZclOmd8SkLa2RzeH2hlShj5mizpvV:SNm39xo7mQvcdUifenkLaWq2hlowiFt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-59452.exeUnicorn-20641.exeUnicorn-35585.exeUnicorn-33530.exeUnicorn-18586.exeUnicorn-53396.exeUnicorn-38212.exeUnicorn-42296.exeUnicorn-57241.exeUnicorn-59187.exeUnicorn-13515.exeUnicorn-48565.exeUnicorn-30645.exeUnicorn-32037.exeUnicorn-38259.exeUnicorn-53204.exeUnicorn-7532.exeUnicorn-42343.exeUnicorn-57288.exeUnicorn-11699.exeUnicorn-26644.exeUnicorn-26090.exeUnicorn-41034.exeUnicorn-34258.exeUnicorn-17106.exeUnicorn-10329.exeUnicorn-25274.exeUnicorn-60085.exeUnicorn-14413.exeUnicorn-45140.exeUnicorn-27796.exeUnicorn-23158.exeUnicorn-57968.exeUnicorn-38102.exeUnicorn-7397.exeUnicorn-7397.exeUnicorn-22342.exeUnicorn-61237.exeUnicorn-50376.exeUnicorn-30510.exeUnicorn-19650.exeUnicorn-3313.exeUnicorn-9343.exeUnicorn-9343.exeUnicorn-24288.exeUnicorn-24288.exeUnicorn-44154.exeUnicorn-24288.exeUnicorn-37631.exeUnicorn-36815.exeUnicorn-44429.exeUnicorn-28647.exeUnicorn-17787.exeUnicorn-23817.exeUnicorn-8035.exeUnicorn-12119.exeUnicorn-21679.exeUnicorn-56489.exeUnicorn-25763.exeUnicorn-9981.exeUnicorn-3204.exeUnicorn-3204.exeUnicorn-5342.exeUnicorn-20287.exe

pid	process
2096	Unicorn-59452.exe
1976	Unicorn-20641.exe
2244	Unicorn-35585.exe
2672	Unicorn-33530.exe
2740	Unicorn-18586.exe
2604	Unicorn-53396.exe
1712	Unicorn-38212.exe
1400	Unicorn-42296.exe
1524	Unicorn-57241.exe
1812	Unicorn-59187.exe
1548	Unicorn-13515.exe
1776	Unicorn-48565.exe
2800	Unicorn-30645.exe
2136	Unicorn-32037.exe
3056	Unicorn-38259.exe
488	Unicorn-53204.exe
736	Unicorn-7532.exe
2268	Unicorn-42343.exe
2892	Unicorn-57288.exe
1820	Unicorn-11699.exe
1564	Unicorn-26644.exe
1760	Unicorn-26090.exe
788	Unicorn-41034.exe
2148	Unicorn-34258.exe
2236	Unicorn-17106.exe
1364	Unicorn-10329.exe
1184	Unicorn-25274.exe
1752	Unicorn-60085.exe
2820	Unicorn-14413.exe
2636	Unicorn-45140.exe
2008	Unicorn-27796.exe
1732	Unicorn-23158.exe
2132	Unicorn-57968.exe
2184	Unicorn-38102.exe
2456	Unicorn-7397.exe
2704	Unicorn-7397.exe
2504	Unicorn-22342.exe
2796	Unicorn-61237.exe
1200	Unicorn-50376.exe
1904	Unicorn-30510.exe
1208	Unicorn-19650.exe
1620	Unicorn-3313.exe
1704	Unicorn-9343.exe
2676	Unicorn-9343.exe
1936	Unicorn-24288.exe
1744	Unicorn-24288.exe
1272	Unicorn-44154.exe
1568	Unicorn-24288.exe
604	Unicorn-37631.exe
800	Unicorn-36815.exe
1560	Unicorn-44429.exe
2300	Unicorn-28647.exe
1076	Unicorn-17787.exe
2828	Unicorn-23817.exe
1984	Unicorn-8035.exe
2424	Unicorn-12119.exe
2980	Unicorn-21679.exe
2312	Unicorn-56489.exe
2092	Unicorn-25763.exe
1708	Unicorn-9981.exe
2696	Unicorn-3204.exe
2588	Unicorn-3204.exe
2748	Unicorn-5342.exe
2832	Unicorn-20287.exe

Loads dropped DLL 64 IoCs

Processes:

3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exeUnicorn-59452.exeUnicorn-20641.exeUnicorn-35585.exeWerFault.exeUnicorn-33530.exeUnicorn-53396.exeUnicorn-18586.exeWerFault.exeWerFault.exeUnicorn-38212.exeUnicorn-57241.exeUnicorn-42296.exeUnicorn-59187.exeUnicorn-13515.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
2096	Unicorn-59452.exe
2096	Unicorn-59452.exe
1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
1976	Unicorn-20641.exe
1976	Unicorn-20641.exe
2244	Unicorn-35585.exe
2096	Unicorn-59452.exe
2096	Unicorn-59452.exe
2244	Unicorn-35585.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2672	Unicorn-33530.exe
2672	Unicorn-33530.exe
2604	Unicorn-53396.exe
2604	Unicorn-53396.exe
2244	Unicorn-35585.exe
2244	Unicorn-35585.exe
1976	Unicorn-20641.exe
2740	Unicorn-18586.exe
2740	Unicorn-18586.exe
1976	Unicorn-20641.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2512	WerFault.exe
2776	WerFault.exe
1712	Unicorn-38212.exe
1712	Unicorn-38212.exe
2672	Unicorn-33530.exe
2672	Unicorn-33530.exe
1524	Unicorn-57241.exe
1524	Unicorn-57241.exe
1400	Unicorn-42296.exe
1400	Unicorn-42296.exe
2604	Unicorn-53396.exe
2604	Unicorn-53396.exe
1812	Unicorn-59187.exe
1812	Unicorn-59187.exe
1548	Unicorn-13515.exe
1548	Unicorn-13515.exe
2740	Unicorn-18586.exe
2740	Unicorn-18586.exe
1048	WerFault.exe
1048	WerFault.exe
1048	WerFault.exe
1048	WerFault.exe
1048	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
328	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2700	1160	WerFault.exe	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
2516	2096	WerFault.exe	Unicorn-59452.exe
2776	2244	WerFault.exe	Unicorn-35585.exe
2512	1976	WerFault.exe	Unicorn-20641.exe
1048	2672	WerFault.exe	Unicorn-33530.exe
2848	2604	WerFault.exe	Unicorn-53396.exe
328	2740	WerFault.exe	Unicorn-18586.exe
1692	1712	WerFault.exe	Unicorn-38212.exe
2224	1524	WerFault.exe	Unicorn-57241.exe
2308	1400	WerFault.exe	Unicorn-42296.exe
2836	1812	WerFault.exe	Unicorn-59187.exe
2780	1548	WerFault.exe	Unicorn-13515.exe
2808	2800	WerFault.exe	Unicorn-30645.exe
2648	1776	WerFault.exe	Unicorn-48565.exe
856	2136	WerFault.exe	Unicorn-32037.exe
1884	3056	WerFault.exe	Unicorn-38259.exe
2408	736	WerFault.exe	Unicorn-7532.exe
1756	488	WerFault.exe	Unicorn-53204.exe
1948	2268	WerFault.exe	Unicorn-42343.exe
452	2892	WerFault.exe	Unicorn-57288.exe
2176	1820	WerFault.exe	Unicorn-11699.exe
108	1564	WerFault.exe	Unicorn-26644.exe
2124	1760	WerFault.exe	Unicorn-26090.exe
1964	788	WerFault.exe	Unicorn-41034.exe
2420	2148	WerFault.exe	Unicorn-34258.exe
2940	2236	WerFault.exe	Unicorn-17106.exe
1628	1184	WerFault.exe	Unicorn-25274.exe
2352	1364	WerFault.exe	Unicorn-10329.exe
2552	2820	WerFault.exe	Unicorn-14413.exe
2448	1752	WerFault.exe	Unicorn-60085.exe
1740	2636	WerFault.exe	Unicorn-45140.exe
3232	2008	WerFault.exe	Unicorn-27796.exe
3324	2132	WerFault.exe	Unicorn-57968.exe
3384	2184	WerFault.exe	Unicorn-38102.exe
3412	1732	WerFault.exe	Unicorn-23158.exe
3492	2796	WerFault.exe	Unicorn-61237.exe
3508	2504	WerFault.exe	Unicorn-22342.exe
3516	1208	WerFault.exe	Unicorn-19650.exe
3540	1200	WerFault.exe	Unicorn-50376.exe
3556	1704	WerFault.exe	Unicorn-9343.exe
3564	2456	WerFault.exe	Unicorn-7397.exe
3612	1904	WerFault.exe	Unicorn-30510.exe
3636	2676	WerFault.exe	Unicorn-9343.exe
3652	1744	WerFault.exe	Unicorn-24288.exe
3644	1620	WerFault.exe	Unicorn-3313.exe
3684	1936	WerFault.exe	Unicorn-24288.exe
3720	1568	WerFault.exe	Unicorn-24288.exe
3732	1272	WerFault.exe	Unicorn-44154.exe
3824	604	WerFault.exe	Unicorn-37631.exe
3976	1668	WerFault.exe	Unicorn-41366.exe
3996	2948	WerFault.exe	Unicorn-41366.exe
3952	2424	WerFault.exe	Unicorn-12119.exe
3908	2240	WerFault.exe	Unicorn-34485.exe
3128	2180	WerFault.exe	Unicorn-17595.exe
3132	800	WerFault.exe	Unicorn-36815.exe
3332	2748	WerFault.exe	Unicorn-5342.exe
4148	2828	WerFault.exe	Unicorn-23817.exe
4168	2312	WerFault.exe	Unicorn-56489.exe
4192	1984	WerFault.exe	Unicorn-8035.exe
4204	1644	WerFault.exe	Unicorn-17595.exe
4252	1708	WerFault.exe	Unicorn-9981.exe
4268	2924	WerFault.exe	Unicorn-48082.exe
4276	324	WerFault.exe	Unicorn-49151.exe
4284	296	WerFault.exe	Unicorn-14340.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exeUnicorn-59452.exeUnicorn-20641.exeUnicorn-35585.exeUnicorn-33530.exeUnicorn-53396.exeUnicorn-18586.exeUnicorn-38212.exeUnicorn-42296.exeUnicorn-57241.exeUnicorn-59187.exeUnicorn-13515.exeUnicorn-48565.exeUnicorn-30645.exeUnicorn-32037.exeUnicorn-38259.exeUnicorn-7532.exeUnicorn-42343.exeUnicorn-53204.exeUnicorn-57288.exeUnicorn-11699.exeUnicorn-26644.exeUnicorn-26090.exeUnicorn-41034.exeUnicorn-34258.exeUnicorn-17106.exeUnicorn-25274.exeUnicorn-14413.exeUnicorn-10329.exeUnicorn-60085.exeUnicorn-45140.exeUnicorn-27796.exeUnicorn-23158.exeUnicorn-38102.exeUnicorn-57968.exeUnicorn-7397.exeUnicorn-22342.exeUnicorn-61237.exeUnicorn-50376.exeUnicorn-30510.exeUnicorn-19650.exeUnicorn-3313.exeUnicorn-24288.exeUnicorn-9343.exeUnicorn-9343.exeUnicorn-44154.exeUnicorn-24288.exeUnicorn-24288.exeUnicorn-37631.exeUnicorn-36815.exeUnicorn-44429.exeUnicorn-28647.exeUnicorn-17787.exeUnicorn-23817.exeUnicorn-8035.exeUnicorn-12119.exeUnicorn-21679.exeUnicorn-56489.exeUnicorn-25763.exeUnicorn-9981.exeUnicorn-3204.exeUnicorn-3204.exeUnicorn-5342.exeUnicorn-20287.exe

pid	process
1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
2096	Unicorn-59452.exe
1976	Unicorn-20641.exe
2244	Unicorn-35585.exe
2672	Unicorn-33530.exe
2604	Unicorn-53396.exe
2740	Unicorn-18586.exe
1712	Unicorn-38212.exe
1400	Unicorn-42296.exe
1524	Unicorn-57241.exe
1812	Unicorn-59187.exe
1548	Unicorn-13515.exe
1776	Unicorn-48565.exe
2800	Unicorn-30645.exe
2136	Unicorn-32037.exe
3056	Unicorn-38259.exe
736	Unicorn-7532.exe
2268	Unicorn-42343.exe
488	Unicorn-53204.exe
2892	Unicorn-57288.exe
1820	Unicorn-11699.exe
1564	Unicorn-26644.exe
1760	Unicorn-26090.exe
788	Unicorn-41034.exe
2148	Unicorn-34258.exe
2236	Unicorn-17106.exe
1184	Unicorn-25274.exe
2820	Unicorn-14413.exe
1364	Unicorn-10329.exe
1752	Unicorn-60085.exe
2636	Unicorn-45140.exe
2008	Unicorn-27796.exe
1732	Unicorn-23158.exe
2184	Unicorn-38102.exe
2132	Unicorn-57968.exe
2456	Unicorn-7397.exe
2504	Unicorn-22342.exe
2796	Unicorn-61237.exe
1200	Unicorn-50376.exe
1904	Unicorn-30510.exe
1208	Unicorn-19650.exe
1620	Unicorn-3313.exe
1936	Unicorn-24288.exe
1704	Unicorn-9343.exe
2676	Unicorn-9343.exe
1272	Unicorn-44154.exe
1744	Unicorn-24288.exe
1568	Unicorn-24288.exe
604	Unicorn-37631.exe
800	Unicorn-36815.exe
1560	Unicorn-44429.exe
2300	Unicorn-28647.exe
1076	Unicorn-17787.exe
2828	Unicorn-23817.exe
1984	Unicorn-8035.exe
2424	Unicorn-12119.exe
2980	Unicorn-21679.exe
2312	Unicorn-56489.exe
2092	Unicorn-25763.exe
1708	Unicorn-9981.exe
2696	Unicorn-3204.exe
2588	Unicorn-3204.exe
2748	Unicorn-5342.exe
2736	Unicorn-20287.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exeUnicorn-59452.exeUnicorn-20641.exeUnicorn-35585.exeUnicorn-33530.exeUnicorn-53396.exeUnicorn-18586.exeUnicorn-38212.exe

description	pid	process	target process
PID 1160 wrote to memory of 2096	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-59452.exe
PID 1160 wrote to memory of 2096	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-59452.exe
PID 1160 wrote to memory of 2096	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-59452.exe
PID 1160 wrote to memory of 2096	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-59452.exe
PID 2096 wrote to memory of 1976	2096	Unicorn-59452.exe	Unicorn-20641.exe
PID 2096 wrote to memory of 1976	2096	Unicorn-59452.exe	Unicorn-20641.exe
PID 2096 wrote to memory of 1976	2096	Unicorn-59452.exe	Unicorn-20641.exe
PID 2096 wrote to memory of 1976	2096	Unicorn-59452.exe	Unicorn-20641.exe
PID 1160 wrote to memory of 2244	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-35585.exe
PID 1160 wrote to memory of 2244	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-35585.exe
PID 1160 wrote to memory of 2244	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-35585.exe
PID 1160 wrote to memory of 2244	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	Unicorn-35585.exe
PID 1160 wrote to memory of 2700	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	WerFault.exe
PID 1160 wrote to memory of 2700	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	WerFault.exe
PID 1160 wrote to memory of 2700	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	WerFault.exe
PID 1160 wrote to memory of 2700	1160	3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe	WerFault.exe
PID 1976 wrote to memory of 2740	1976	Unicorn-20641.exe	Unicorn-18586.exe
PID 1976 wrote to memory of 2740	1976	Unicorn-20641.exe	Unicorn-18586.exe
PID 1976 wrote to memory of 2740	1976	Unicorn-20641.exe	Unicorn-18586.exe
PID 1976 wrote to memory of 2740	1976	Unicorn-20641.exe	Unicorn-18586.exe
PID 2096 wrote to memory of 2672	2096	Unicorn-59452.exe	Unicorn-33530.exe
PID 2096 wrote to memory of 2672	2096	Unicorn-59452.exe	Unicorn-33530.exe
PID 2096 wrote to memory of 2672	2096	Unicorn-59452.exe	Unicorn-33530.exe
PID 2096 wrote to memory of 2672	2096	Unicorn-59452.exe	Unicorn-33530.exe
PID 2244 wrote to memory of 2604	2244	Unicorn-35585.exe	Unicorn-53396.exe
PID 2244 wrote to memory of 2604	2244	Unicorn-35585.exe	Unicorn-53396.exe
PID 2244 wrote to memory of 2604	2244	Unicorn-35585.exe	Unicorn-53396.exe
PID 2244 wrote to memory of 2604	2244	Unicorn-35585.exe	Unicorn-53396.exe
PID 2096 wrote to memory of 2516	2096	Unicorn-59452.exe	WerFault.exe
PID 2096 wrote to memory of 2516	2096	Unicorn-59452.exe	WerFault.exe
PID 2096 wrote to memory of 2516	2096	Unicorn-59452.exe	WerFault.exe
PID 2096 wrote to memory of 2516	2096	Unicorn-59452.exe	WerFault.exe
PID 2672 wrote to memory of 1712	2672	Unicorn-33530.exe	Unicorn-38212.exe
PID 2672 wrote to memory of 1712	2672	Unicorn-33530.exe	Unicorn-38212.exe
PID 2672 wrote to memory of 1712	2672	Unicorn-33530.exe	Unicorn-38212.exe
PID 2672 wrote to memory of 1712	2672	Unicorn-33530.exe	Unicorn-38212.exe
PID 2604 wrote to memory of 1400	2604	Unicorn-53396.exe	Unicorn-42296.exe
PID 2604 wrote to memory of 1400	2604	Unicorn-53396.exe	Unicorn-42296.exe
PID 2604 wrote to memory of 1400	2604	Unicorn-53396.exe	Unicorn-42296.exe
PID 2604 wrote to memory of 1400	2604	Unicorn-53396.exe	Unicorn-42296.exe
PID 2244 wrote to memory of 1524	2244	Unicorn-35585.exe	Unicorn-57241.exe
PID 2244 wrote to memory of 1524	2244	Unicorn-35585.exe	Unicorn-57241.exe
PID 2244 wrote to memory of 1524	2244	Unicorn-35585.exe	Unicorn-57241.exe
PID 2244 wrote to memory of 1524	2244	Unicorn-35585.exe	Unicorn-57241.exe
PID 2740 wrote to memory of 1548	2740	Unicorn-18586.exe	Unicorn-13515.exe
PID 2740 wrote to memory of 1548	2740	Unicorn-18586.exe	Unicorn-13515.exe
PID 2740 wrote to memory of 1548	2740	Unicorn-18586.exe	Unicorn-13515.exe
PID 2740 wrote to memory of 1548	2740	Unicorn-18586.exe	Unicorn-13515.exe
PID 1976 wrote to memory of 1812	1976	Unicorn-20641.exe	Unicorn-59187.exe
PID 1976 wrote to memory of 1812	1976	Unicorn-20641.exe	Unicorn-59187.exe
PID 1976 wrote to memory of 1812	1976	Unicorn-20641.exe	Unicorn-59187.exe
PID 1976 wrote to memory of 1812	1976	Unicorn-20641.exe	Unicorn-59187.exe
PID 1976 wrote to memory of 2512	1976	Unicorn-20641.exe	WerFault.exe
PID 1976 wrote to memory of 2512	1976	Unicorn-20641.exe	WerFault.exe
PID 1976 wrote to memory of 2512	1976	Unicorn-20641.exe	WerFault.exe
PID 1976 wrote to memory of 2512	1976	Unicorn-20641.exe	WerFault.exe
PID 2244 wrote to memory of 2776	2244	Unicorn-35585.exe	WerFault.exe
PID 2244 wrote to memory of 2776	2244	Unicorn-35585.exe	WerFault.exe
PID 2244 wrote to memory of 2776	2244	Unicorn-35585.exe	WerFault.exe
PID 2244 wrote to memory of 2776	2244	Unicorn-35585.exe	WerFault.exe
PID 1712 wrote to memory of 1776	1712	Unicorn-38212.exe	Unicorn-48565.exe
PID 1712 wrote to memory of 1776	1712	Unicorn-38212.exe	Unicorn-48565.exe
PID 1712 wrote to memory of 1776	1712	Unicorn-38212.exe	Unicorn-48565.exe
PID 1712 wrote to memory of 1776	1712	Unicorn-38212.exe	Unicorn-48565.exe

C:\Users\Admin\AppData\Local\Temp\3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe
"C:\Users\Admin\AppData\Local\Temp\3bb3613e613038684dfa58eebe6d4edc21b70cba7eb0b8c1cb242b63af4b7542.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-59452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59452.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-20641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20641.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
9⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
10⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
11⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
12⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
13⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
14⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
14⤵
PID:13528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
12⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
11⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
10⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
10⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
11⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 224
13⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
8⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
10⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
11⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
12⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
13⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 220
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 220
11⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 220
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
9⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
8⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
7⤵
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
10⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
11⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
12⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
13⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
13⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 220
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-2963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2963.exe
10⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
11⤵
PID:11384

C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
12⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
11⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 220
10⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
8⤵
- Program crash
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
7⤵
- Program crash
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
6⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
8⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
9⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
10⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
11⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
12⤵
PID:9468

C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 236
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
11⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
12⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
13⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
13⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
9⤵
- Program crash
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
8⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-23156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23156.exe
12⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
13⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11204 -s 236
13⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
12⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
9⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
8⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
7⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
8⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
12⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
13⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
13⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
10⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
9⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
8⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
7⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
7⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
9⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
11⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38641.exe
12⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
13⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11108 -s 220
13⤵
PID:13824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
9⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
7⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64592.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
10⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
11⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
12⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 236
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
11⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 236
10⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
8⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
7⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
6⤵
- Program crash
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:736

C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
9⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
12⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
13⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 236
13⤵
PID:13368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 220
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
8⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
9⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
11⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
12⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
13⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
13⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
8⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
8⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
11⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-213.exe
12⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
13⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 216
13⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
12⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
11⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
10⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
11⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
12⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
10⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 220
8⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 220
7⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
7⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
8⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
12⤵
PID:11488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
13⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
12⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
11⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
12⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
12⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 236
10⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
8⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
7⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
10⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
11⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
12⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 236
12⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 236
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
8⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
7⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 240
6⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
8⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
9⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
12⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
13⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 236
13⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
12⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
10⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
11⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
12⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 236
12⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
7⤵
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
8⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
7⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
6⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
7⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
12⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
12⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 220
10⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
8⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
9⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
10⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 216
11⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
10⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
9⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
8⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 220
7⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
6⤵
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
5⤵
- Program crash
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
9⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
10⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
11⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
12⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exe
13⤵
PID:11300

C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
14⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 220
13⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
12⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
11⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
10⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
12⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
13⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 220
13⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
12⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
11⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
9⤵
- Program crash
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
8⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
12⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
13⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
13⤵
PID:13900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
9⤵
- Program crash
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
8⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
11⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
12⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
13⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 216
13⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 236
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
9⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
8⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
7⤵
- Program crash
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
8⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
9⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
11⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
12⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30515.exe
13⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 220
13⤵
PID:14196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 220
11⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
10⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 216
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
10⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
11⤵
PID:11528

C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
12⤵
PID:14048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11528 -s 216
12⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 220
11⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
10⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
8⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
7⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
10⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
11⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
12⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
12⤵
PID:14012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 236
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
9⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 216
8⤵
- Program crash
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
7⤵
- Program crash
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
8⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-30099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30099.exe
11⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
12⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
13⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
13⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 220
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
10⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
11⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
12⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 236
12⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
7⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
11⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
12⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11496 -s 216
12⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
11⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
10⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
8⤵
- Program crash
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
7⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
7⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
10⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
12⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
11⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 220
10⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
8⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
9⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
10⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
11⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
11⤵
PID:13740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
10⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
9⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
8⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
7⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
6⤵
- Program crash
PID:108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
5⤵
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
11⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
13⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
13⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
12⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 220
11⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35641.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
11⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
12⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
12⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 220
10⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
8⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-47613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47613.exe
10⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
11⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
12⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 236
12⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
11⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
8⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
6⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
7⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
11⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
12⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
10⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
8⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
8⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
9⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-789.exe
10⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
11⤵
PID:14216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
11⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
10⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
9⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
8⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
7⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
- Program crash
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
5⤵
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38259.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
9⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
10⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
12⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
13⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 220
12⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 220
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
12⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 236
13⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 236
12⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
8⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
11⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
12⤵
PID:12056

C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
13⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 220
8⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
7⤵
- Executes dropped EXE
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
8⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
11⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
12⤵
PID:11332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
13⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 220
11⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
10⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
11⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
12⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 220
11⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
10⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
8⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
11⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
12⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
13⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
13⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
10⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
11⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
12⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 220
11⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
10⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 220
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
9⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
10⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
11⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
11⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
10⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
8⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
7⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
6⤵
- Program crash
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
8⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
11⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
12⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 236
13⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
10⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
11⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 236
11⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
7⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
8⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
7⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
10⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-61199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61199.exe
11⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-33556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33556.exe
12⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
12⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
10⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
9⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
8⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
7⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
8⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
9⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
10⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
11⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
11⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
10⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
9⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
8⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
7⤵
- Program crash
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
6⤵
- Program crash
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
5⤵
- Program crash
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45140.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
7⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
10⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
11⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
11⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
7⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
9⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
10⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
11⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
11⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
10⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
8⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
7⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
6⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
7⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
11⤵
PID:11520

C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
12⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
7⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
8⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
9⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
10⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
11⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
11⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
10⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 220
8⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
7⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
6⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
6⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-6336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6336.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-7592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7592.exe
9⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
10⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
11⤵
PID:11732

C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
12⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11732 -s 220
12⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
11⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
10⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
8⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
8⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
9⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
10⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 220
11⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
10⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
9⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
8⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
7⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
6⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
8⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
9⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
10⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 236
11⤵
PID:14276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
10⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
9⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
7⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
6⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 220
5⤵
- Program crash
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
6⤵
- Executes dropped EXE
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
11⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
10⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
11⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
12⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 216
12⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
8⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
7⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
9⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
10⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
11⤵
PID:13696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 216
11⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
10⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
9⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
8⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 220
7⤵
- Program crash
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
6⤵
- Program crash
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
10⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
11⤵
PID:11812

C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
12⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 220
10⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 220
9⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
8⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
7⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
9⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
10⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
11⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
10⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
6⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
7⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
8⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
9⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
10⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
11⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 220
10⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
9⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 220
8⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
7⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
6⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
5⤵
- Program crash
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
10⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
12⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
12⤵
PID:14188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
10⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 216
8⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
7⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
6⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
8⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
9⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
10⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
11⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
11⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
10⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
9⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
8⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
7⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
6⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
5⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
6⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
7⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
9⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
10⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
11⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
10⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
9⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
8⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
7⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
6⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
7⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
8⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-59528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59528.exe
9⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
10⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 216
10⤵
PID:14060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
9⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
8⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 220
7⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
6⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
5⤵
- Program crash
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
4⤵
- Program crash
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
2⤵
- Program crash
PID:2700

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
Filesize
184KB

MD5
3862594298f4b1ef1fa4b506b06ee4ab

SHA1
193dbe44939c47e33f4ee90911c89532dd8a1c90

SHA256
64cb03785e917fb9c5eaf911ab67348ed87f8d7b474618997ee847947d64e985

SHA512
f985895b7d3053253d9db34fd20f305576ca6628fa9fcb14a45924b80f85589fc2b8d570eb2c1a8447d70e604f98f815d983302788e73e87d25da92d28cf3094

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
Filesize
184KB

MD5
9e60e7b77140f38b32685db872899838

SHA1
7c3c8a1367cb717fdc827e6ffe4f9323fe4b2fc7

SHA256
335ee4d4faa73358709c930dc8df8c6f43a36a093d29973a31a01ad453b97fac

SHA512
ab1faf94d9c48a8516869d10bdaa01bebbd4f37febb6ac7b6229604c1450e90ad76b60a3d305461483dcc219f00135aad9ec0542d20c700ebf2a9cb2908a757f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
Filesize
184KB

MD5
2aa16ee9ae138d1d0f462ef0f5e870c0

SHA1
71f86b0339c24e7338746e003d6389a96c0c1e0f

SHA256
a2c3dc2e3d89de9975d473183249f32c7570689e3c60f644de81715816c9413d

SHA512
4eb1c21e6b1f84e9fe19dd8fa7f3434d986df22ac2537f4382a1c27f303badaae48e14a9d3ec117dcbb8d3573ab10bebafc4643bb756b717155ce2723af814e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
Filesize
184KB

MD5
79c6abcba2bc35f677e6cdbbc37addea

SHA1
7efd2a6bec5ac06b2c7d217f0346452eac1946b4

SHA256
52a8f45e2c98ab7eb4dbb09779700d34b8677175bbb882aabb749db8f6916646

SHA512
c9636c2ab62be8d8e9fd1a5c58a0a8dfe6575dafe793b68aed9c9a41f26a52d181c064fba6e87698ffaa05d5d3e2aa9759cb19d5c6887b1c01f3ed790cc02cda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
Filesize
184KB

MD5
eb1dbeaaaaeed34b65fc4cf275f15c88

SHA1
9b3ad744e6b72b74a048344bce2ada6f9a450abf

SHA256
d11f515839546072449e825c4382c5eb4e7ebf49c4ec2bf356d54f6c17db63ea

SHA512
c736b123cb08d9893fe2acfa62c29e87f0a7744bc7b61df6a23aa314f87b3a1d0964004d84315bda719388add2be1977c602a565a84a4a759746695d711bd603

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
Filesize
184KB

MD5
c4b87430c11fa481a7f1b0d9510e11a7

SHA1
cd838cc9b07328ac4429f80e4f9d5e13f42cb5ea

SHA256
9a91026818ac6deb7867ce8f714fd62797c39bd095cbcfada75dcdbc87daf756

SHA512
28ed63d0bccd9b5e441f8fd6ed240e90b961298cf736ce6f26b070ad72299ec0f30b3a45bc38944bf49be73c245866dd12e8971d65b2e7c37181df87643795e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
Filesize
184KB

MD5
ec50c8729751950a8c731fdaa9b53d21

SHA1
42c719f78c811d99171b41d2966d6fe95deff79e

SHA256
95dd77f61017116787c12939bfdef434e791033c6822e89909a1fa24b67f59d4

SHA512
5dbcb2064b2141d016eebb8f997576b4557e09b62718373912594e48f81ede2e02e12ebbbe0f739b79133f464949a479afb9eaed530115e4b440118082cb40e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6336.exe
Filesize
184KB

MD5
591fd31afb2fe27f45f444ec4eff5dda

SHA1
42cd9e119d67038f857b03f6e0a6bd1b2d971e0b

SHA256
02fe32737dad40a5a25ebc3d0701eef30292db97439b39e79ed10f14072f8419

SHA512
5bebb6a3af43c20ddf5a1677a728dcc37956547624dd9537690dd0af3cae6f8399eb9baaf59925e7373b20165c97582762e1a12e0c5cd9f86b2a23bf71f300cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
Filesize
184KB

MD5
3fd259ca3ce1fb1f9d3f6b99a26b68d2

SHA1
2587e2ef0b51d205be2c808fd7a6fe4be2d3fbfd

SHA256
2f033c9a8b8590c7a98b964f5c2720023c0397f7cef9fd95577b0f83b4e6e52f

SHA512
b29f3e2d71702c97044f6a6760249dc0a43ab977078f7f351d6af9794144d3f71ffe2d62767a8bfe6411f53bab22a9689c89dbdd3e94fa55a6d8045555185f7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
Filesize
184KB

MD5
a0cb49e27f797628656a1c75553e3604

SHA1
33f973189765501305894989fa09de5e108f7e57

SHA256
dd7141917a87b8b9080e2e04d18e1f6dcd758ec11fc6c58ba7e2850b667e1ce2

SHA512
2c33b8a0b37aab43037b3377ec4882243e0f1ae94bdf284d3b464c063e86c20aaeda37d20dfe0123a9be604f6920bad4eafeae234f4f13ada35f6fc94c3d1adc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
Filesize
184KB

MD5
ec77a0cf88c524cf9d94cf8a32343b4c

SHA1
6d1776c81de4799118dca75c43698052c7bbe480

SHA256
c0c7a8579560b74310ef711b2d4366b5eceb3c81c1066ecb45199a151295f9d5

SHA512
b1006eb3565fa159f512f7f59b2c2beeac1ea364473bcfabc52484510e6b1682d30b073834ef537c352154725cb3471b6fb2104e179c34cf3a13267593a856cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
Filesize
184KB

MD5
57f90b166d6c014d35037ea56e38a584

SHA1
60abaf007b57a4419c6e529fcd59614a8f4e613e

SHA256
5d3276f09309c5bf37976b48d6cdade60a9f55ab97080c816c442eba38a93026

SHA512
a162894aa04a2a4d2bfe18ac362b476a466074fcf2208a72b35ecb8adb23f71a272b11884dfd271a7c1bdc59c384163c51419073183e937f499d74ca4299524f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20641.exe
Filesize
184KB

MD5
cad8748b0f13d7b0327bfbdd627039fb

SHA1
0bffdb0de82c2de2ff37499d032a4f6e83ff323a

SHA256
a6e2dff9a2aaec829c643f19e50560ee1ad85faf1751e7bcd86c7f8142e04e5b

SHA512
2c7e742d50aeb5333ef46740a012050f9244c47afd9f5ad454d738b74049600c75c57969f103c59eb4099ee0b4c16f28dcbb1b1b0d4c7692addf78da9b1af5ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
Filesize
184KB

MD5
b798199d563efb14435b3d8a3c74a784

SHA1
d491bc0202079bd4ec1417bbaea4db0bea13adcb

SHA256
9244b9bf332adef84a3ee296abeadd637939200afc4d8bbb0e4bf65c5e5fe646

SHA512
89ac98cf9fe53c16e875e50807c4b4a088da7a75da851f0da8b77a3b2322005d580cd687dc327d0a51afcd1bf27f47ea5c299efa6568151591b8ef68ab083d50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
Filesize
184KB

MD5
40c6ac5657860c57e6203a5aab4159d5

SHA1
991dd05446f578cf967f1bfe9c5ee6b509798b01

SHA256
c666882fa58fb30a7be906ad870a4d897b3fda7465ee3e4babae9a67f6adfc9a

SHA512
e6492c60316cb757c18989d9b3b3388568e99362ebb6a0aa494d76fe1d8f5bbd796ae5e19d98659ece36e0b7e2f6edb6ec145c8eea02cba6d7bfa37141911900

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
Filesize
184KB

MD5
e933c1cedcb482f918513356bbdca612

SHA1
b5dc33edf279ebc26064b30113a4ae96ee187abb

SHA256
672fd12d785fbc0f2da2f7fc872b551747488f4bba396ce0e66462d3965afdd4

SHA512
73840a19280c5060096d1f30cfad3f0e4ca1eef427b99e3289e46b5534f9a1dc46a550c9de7dd8e32a4adf4460e46fbb7305ad813f87c7a79264fda49094ea8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
Filesize
184KB

MD5
ed796cac1cdcd410d06a8a91ceb405c2

SHA1
e1fc5b15c773dc7bf812ae1f833eab2bc52a353c

SHA256
375866dedd2793dd5d347e3d835393e9a611a8c2c3894d4fff22d1e8bfdd5146

SHA512
a46562565371a92658dcbbc2c6d02228f743ac072036283bf4166d9553786111295695c7203e1b1a36377257eeb38fed7ab5ae2d3defa8a624ce22799bb8518a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
Filesize
184KB

MD5
31309febd2dd6505056d4194d342c56a

SHA1
fd00b80c9086371a3144aefa940a23e748430ad7

SHA256
acd371d2f9cdb12b8aa5f76cc8a3218574b55852fbe5409f1d76ba7aeee19caf

SHA512
b2749325a6dac3818a1ab92116a86b34bcafe523a1a8b082908c95d64c75666ecef28aec537d2b9c68f26d45a7f8461afb352acc608c4d81d3f4722d47acffc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
Filesize
184KB

MD5
9567e1b0ecb2af45bcc079acab9a32cb

SHA1
a3dd4632585068a9825e15b64defbf074712b0e5

SHA256
954e0723e33a7f3851360d723ef2a6a25064e39e4e1eeccd8c7473c2b0d4f433

SHA512
68dc92e49d423d6899b56b62a25bb38bafc476cad8c57610d054fc2bdc0873d0452f408fec245e869068033f05dca4b6b72c8970e60e4e73f4e29568c5f6f09f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59452.exe
Filesize
184KB

MD5
2ed303cd3dd8a7bbabb889d62ef2b8ae

SHA1
7c19ab136e44a7ea9c9bac47117d78e702b63233

SHA256
cacfc06d07af47da47dc11e9014cabc97fc5339b1365ed73e00af20cfef0bcd5

SHA512
a0340c253c0dd309e80b361d55ff0652c9520b0012e53c7da7a0f3ded709fba340d90eb5862a0b00a29350ff0cd47b5b73046f30dbd5142e5a8e67449fefe5f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads