8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
Size

184KB
MD5

efa4d4326fe5eb6affdc572a2ed2f7b6
SHA1

293ae011da3607edb1691ff6e2064133217c627e
SHA256

8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7
SHA512

ca5262712f6ef8114b8ca77a79ff4e39904dddd0bf187251e289da3e170cc69d2a59bab823cfa9aa3ec97db47624947dc105d5bddeba631002fedf4072d3c169
SSDEEP

3072:Jc+vS8of76hMd16RedwLRJsXhlnViFBn3:Jc0og416tLfsXhlnViFB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-8289.exeUnicorn-39417.exeUnicorn-19551.exeUnicorn-20877.exeUnicorn-37737.exeUnicorn-55998.exeUnicorn-36218.exeUnicorn-10732.exeUnicorn-30598.exeUnicorn-12995.exeUnicorn-58667.exeUnicorn-54961.exeUnicorn-52802.exeUnicorn-13663.exeUnicorn-33529.exeUnicorn-48817.exeUnicorn-46658.exeUnicorn-986.exeUnicorn-33005.exeUnicorn-48528.exeUnicorn-20106.exeUnicorn-44475.exeUnicorn-24678.exeUnicorn-15528.exeUnicorn-35918.exeUnicorn-35918.exeUnicorn-13961.exeUnicorn-59633.exeUnicorn-58196.exeUnicorn-16374.exeUnicorn-47869.exeUnicorn-2197.exeUnicorn-392.exeUnicorn-34605.exeUnicorn-48327.exeUnicorn-54824.exeUnicorn-56189.exeUnicorn-29131.exeUnicorn-43901.exeUnicorn-7536.exeUnicorn-9461.exeUnicorn-29327.exeUnicorn-40567.exeUnicorn-4988.exeUnicorn-47064.exeUnicorn-3940.exeUnicorn-14557.exeUnicorn-34423.exeUnicorn-36971.exeUnicorn-17105.exeUnicorn-46374.exeUnicorn-702.exeUnicorn-58904.exeUnicorn-40119.exeUnicorn-33875.exeUnicorn-15781.exeUnicorn-36523.exeUnicorn-30279.exeUnicorn-8946.exeUnicorn-58072.exeUnicorn-30562.exeUnicorn-62021.exeUnicorn-56858.exeUnicorn-28300.exe

pid	process
2188	Unicorn-8289.exe
2388	Unicorn-39417.exe
2644	Unicorn-19551.exe
3068	Unicorn-20877.exe
2540	Unicorn-37737.exe
2680	Unicorn-55998.exe
2244	Unicorn-36218.exe
2692	Unicorn-10732.exe
3000	Unicorn-30598.exe
884	Unicorn-12995.exe
2172	Unicorn-58667.exe
868	Unicorn-54961.exe
2288	Unicorn-52802.exe
2116	Unicorn-13663.exe
2712	Unicorn-33529.exe
2468	Unicorn-48817.exe
2764	Unicorn-46658.exe
968	Unicorn-986.exe
920	Unicorn-33005.exe
2280	Unicorn-48528.exe
1528	Unicorn-20106.exe
1356	Unicorn-44475.exe
3012	Unicorn-24678.exe
752	Unicorn-15528.exe
872	Unicorn-35918.exe
1148	Unicorn-35918.exe
2940	Unicorn-13961.exe
1964	Unicorn-59633.exe
348	Unicorn-58196.exe
1952	Unicorn-16374.exe
1496	Unicorn-47869.exe
1492	Unicorn-2197.exe
2672	Unicorn-392.exe
2632	Unicorn-34605.exe
2232	Unicorn-48327.exe
2796	Unicorn-54824.exe
2228	Unicorn-56189.exe
1924	Unicorn-29131.exe
2760	Unicorn-43901.exe
2872	Unicorn-7536.exe
2016	Unicorn-9461.exe
2768	Unicorn-29327.exe
2164	Unicorn-40567.exe
2004	Unicorn-4988.exe
1960	Unicorn-47064.exe
1664	Unicorn-3940.exe
1516	Unicorn-14557.exe
2108	Unicorn-34423.exe
1936	Unicorn-36971.exe
2412	Unicorn-17105.exe
664	Unicorn-46374.exe
1468	Unicorn-702.exe
1628	Unicorn-58904.exe
2332	Unicorn-40119.exe
864	Unicorn-33875.exe
2444	Unicorn-15781.exe
2308	Unicorn-36523.exe
2808	Unicorn-30279.exe
2512	Unicorn-8946.exe
2592	Unicorn-58072.exe
2296	Unicorn-30562.exe
1728	Unicorn-62021.exe
2400	Unicorn-56858.exe
2404	Unicorn-28300.exe

Loads dropped DLL 64 IoCs

Processes:

8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exeUnicorn-8289.exeUnicorn-19551.exeUnicorn-39417.exeWerFault.exeUnicorn-20877.exeUnicorn-37737.exeUnicorn-55998.exeWerFault.exeWerFault.exeUnicorn-36218.exeUnicorn-12995.exeUnicorn-30598.exeUnicorn-58667.exeUnicorn-10732.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
2188	Unicorn-8289.exe
2188	Unicorn-8289.exe
2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
2644	Unicorn-19551.exe
2644	Unicorn-19551.exe
2388	Unicorn-39417.exe
2388	Unicorn-39417.exe
2188	Unicorn-8289.exe
2188	Unicorn-8289.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3068	Unicorn-20877.exe
3068	Unicorn-20877.exe
2644	Unicorn-19551.exe
2644	Unicorn-19551.exe
2540	Unicorn-37737.exe
2540	Unicorn-37737.exe
2680	Unicorn-55998.exe
2680	Unicorn-55998.exe
2388	Unicorn-39417.exe
2388	Unicorn-39417.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
564	WerFault.exe
2244	Unicorn-36218.exe
2244	Unicorn-36218.exe
3068	Unicorn-20877.exe
3068	Unicorn-20877.exe
2680	Unicorn-55998.exe
2680	Unicorn-55998.exe
884	Unicorn-12995.exe
884	Unicorn-12995.exe
3000	Unicorn-30598.exe
3000	Unicorn-30598.exe
2540	Unicorn-37737.exe
2172	Unicorn-58667.exe
2540	Unicorn-37737.exe
2172	Unicorn-58667.exe
2692	Unicorn-10732.exe
2692	Unicorn-10732.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
732	WerFault.exe
732	WerFault.exe
732	WerFault.exe
732	WerFault.exe
732	WerFault.exe
1076	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2640	2420	WerFault.exe	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
3032	2188	WerFault.exe	Unicorn-8289.exe
564	2644	WerFault.exe	Unicorn-19551.exe
2312	2388	WerFault.exe	Unicorn-39417.exe
2476	3068	WerFault.exe	Unicorn-20877.exe
732	2540	WerFault.exe	Unicorn-37737.exe
1076	2680	WerFault.exe	Unicorn-55998.exe
2820	2244	WerFault.exe	Unicorn-36218.exe
1040	884	WerFault.exe	Unicorn-12995.exe
3004	3000	WerFault.exe	Unicorn-30598.exe
2136	2172	WerFault.exe	Unicorn-58667.exe
2732	2692	WerFault.exe	Unicorn-10732.exe
1072	2288	WerFault.exe	Unicorn-52802.exe
1908	868	WerFault.exe	Unicorn-54961.exe
1540	2712	WerFault.exe	Unicorn-33529.exe
1920	2672	WerFault.exe	Unicorn-392.exe
600	2116	WerFault.exe	Unicorn-13663.exe
1644	2468	WerFault.exe	Unicorn-48817.exe
936	2632	WerFault.exe	Unicorn-34605.exe
2480	2764	WerFault.exe	Unicorn-46658.exe
2376	920	WerFault.exe	Unicorn-33005.exe
2284	968	WerFault.exe	Unicorn-986.exe
756	864	WerFault.exe	Unicorn-33875.exe
2756	2196	WerFault.exe	Unicorn-33215.exe
2880	2280	WerFault.exe	Unicorn-48528.exe
1780	3012	WerFault.exe	Unicorn-24678.exe
2504	1148	WerFault.exe	Unicorn-35918.exe
1536	1356	WerFault.exe	Unicorn-44475.exe
1624	752	WerFault.exe	Unicorn-15528.exe
2256	872	WerFault.exe	Unicorn-35918.exe
1772	1496	WerFault.exe	Unicorn-47869.exe
1724	2940	WerFault.exe	Unicorn-13961.exe
1808	1492	WerFault.exe	Unicorn-2197.exe
1840	1952	WerFault.exe	Unicorn-16374.exe
1332	348	WerFault.exe	Unicorn-58196.exe
2952	2848	WerFault.exe	Unicorn-65130.exe
3608	2232	WerFault.exe	Unicorn-48327.exe
3644	2796	WerFault.exe	Unicorn-54824.exe
3672	2228	WerFault.exe	Unicorn-56189.exe
3752	1924	WerFault.exe	Unicorn-29131.exe
3808	2768	WerFault.exe	Unicorn-29327.exe
3528	1664	WerFault.exe	Unicorn-3940.exe
3564	2108	WerFault.exe	Unicorn-34423.exe
3572	2164	WerFault.exe	Unicorn-40567.exe
3620	2872	WerFault.exe	Unicorn-7536.exe
3656	2412	WerFault.exe	Unicorn-17105.exe
3688	2016	WerFault.exe	Unicorn-9461.exe
3852	1516	WerFault.exe	Unicorn-14557.exe
3916	664	WerFault.exe	Unicorn-46374.exe
3960	1528	WerFault.exe	Unicorn-20106.exe
3980	2760	WerFault.exe	Unicorn-43901.exe
4024	1936	WerFault.exe	Unicorn-36971.exe
4032	3028	WerFault.exe	Unicorn-9515.exe
4040	3064	WerFault.exe	Unicorn-48052.exe
4048	2592	WerFault.exe	Unicorn-58072.exe
4080	1728	WerFault.exe	Unicorn-62021.exe
3104	1592	WerFault.exe	Unicorn-23123.exe
3136	780	WerFault.exe	Unicorn-32282.exe
3260	2296	WerFault.exe	Unicorn-30562.exe
3364	2408	WerFault.exe	Unicorn-63340.exe
3436	2076	WerFault.exe	Unicorn-23813.exe
3496	2052	WerFault.exe	Unicorn-23123.exe
3500	1816	WerFault.exe	Unicorn-56843.exe
3724	2492	WerFault.exe	Unicorn-49266.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exeUnicorn-8289.exeUnicorn-19551.exeUnicorn-39417.exeUnicorn-20877.exeUnicorn-55998.exeUnicorn-37737.exeUnicorn-36218.exeUnicorn-12995.exeUnicorn-30598.exeUnicorn-10732.exeUnicorn-58667.exeUnicorn-54961.exeUnicorn-52802.exeUnicorn-13663.exeUnicorn-33529.exeUnicorn-48817.exeUnicorn-46658.exeUnicorn-33005.exeUnicorn-986.exeUnicorn-48528.exeUnicorn-20106.exeUnicorn-44475.exeUnicorn-24678.exeUnicorn-15528.exeUnicorn-35918.exeUnicorn-35918.exeUnicorn-59633.exeUnicorn-16374.exeUnicorn-47869.exeUnicorn-13961.exeUnicorn-2197.exeUnicorn-58196.exeUnicorn-392.exeUnicorn-34605.exeUnicorn-48327.exeUnicorn-54824.exeUnicorn-56189.exeUnicorn-29131.exeUnicorn-43901.exeUnicorn-7536.exeUnicorn-9461.exeUnicorn-29327.exeUnicorn-40567.exeUnicorn-4988.exeUnicorn-47064.exeUnicorn-3940.exeUnicorn-14557.exeUnicorn-34423.exeUnicorn-36971.exeUnicorn-17105.exeUnicorn-46374.exeUnicorn-702.exeUnicorn-58904.exeUnicorn-40119.exeUnicorn-33875.exeUnicorn-15781.exeUnicorn-36523.exeUnicorn-30279.exeUnicorn-8946.exeUnicorn-58072.exeUnicorn-30562.exeUnicorn-62021.exeUnicorn-56858.exe

pid	process
2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
2188	Unicorn-8289.exe
2644	Unicorn-19551.exe
2388	Unicorn-39417.exe
3068	Unicorn-20877.exe
2680	Unicorn-55998.exe
2540	Unicorn-37737.exe
2244	Unicorn-36218.exe
884	Unicorn-12995.exe
3000	Unicorn-30598.exe
2692	Unicorn-10732.exe
2172	Unicorn-58667.exe
868	Unicorn-54961.exe
2288	Unicorn-52802.exe
2116	Unicorn-13663.exe
2712	Unicorn-33529.exe
2468	Unicorn-48817.exe
2764	Unicorn-46658.exe
920	Unicorn-33005.exe
968	Unicorn-986.exe
2280	Unicorn-48528.exe
1528	Unicorn-20106.exe
1356	Unicorn-44475.exe
3012	Unicorn-24678.exe
752	Unicorn-15528.exe
1148	Unicorn-35918.exe
872	Unicorn-35918.exe
1964	Unicorn-59633.exe
1952	Unicorn-16374.exe
1496	Unicorn-47869.exe
2940	Unicorn-13961.exe
1492	Unicorn-2197.exe
348	Unicorn-58196.exe
2672	Unicorn-392.exe
2632	Unicorn-34605.exe
2232	Unicorn-48327.exe
2796	Unicorn-54824.exe
2228	Unicorn-56189.exe
1924	Unicorn-29131.exe
2760	Unicorn-43901.exe
2872	Unicorn-7536.exe
2016	Unicorn-9461.exe
2768	Unicorn-29327.exe
2164	Unicorn-40567.exe
2004	Unicorn-4988.exe
1960	Unicorn-47064.exe
1664	Unicorn-3940.exe
1516	Unicorn-14557.exe
2108	Unicorn-34423.exe
1936	Unicorn-36971.exe
2412	Unicorn-17105.exe
664	Unicorn-46374.exe
1468	Unicorn-702.exe
1628	Unicorn-58904.exe
2332	Unicorn-40119.exe
864	Unicorn-33875.exe
2444	Unicorn-15781.exe
2308	Unicorn-36523.exe
2808	Unicorn-30279.exe
2512	Unicorn-8946.exe
2592	Unicorn-58072.exe
2296	Unicorn-30562.exe
1728	Unicorn-62021.exe
2400	Unicorn-56858.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exeUnicorn-8289.exeUnicorn-19551.exeUnicorn-39417.exeUnicorn-20877.exeUnicorn-37737.exeUnicorn-55998.exeUnicorn-36218.exe

description	pid	process	target process
PID 2420 wrote to memory of 2188	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-8289.exe
PID 2420 wrote to memory of 2188	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-8289.exe
PID 2420 wrote to memory of 2188	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-8289.exe
PID 2420 wrote to memory of 2188	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-8289.exe
PID 2188 wrote to memory of 2388	2188	Unicorn-8289.exe	Unicorn-39417.exe
PID 2188 wrote to memory of 2388	2188	Unicorn-8289.exe	Unicorn-39417.exe
PID 2188 wrote to memory of 2388	2188	Unicorn-8289.exe	Unicorn-39417.exe
PID 2188 wrote to memory of 2388	2188	Unicorn-8289.exe	Unicorn-39417.exe
PID 2420 wrote to memory of 2644	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-19551.exe
PID 2420 wrote to memory of 2644	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-19551.exe
PID 2420 wrote to memory of 2644	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-19551.exe
PID 2420 wrote to memory of 2644	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	Unicorn-19551.exe
PID 2420 wrote to memory of 2640	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	WerFault.exe
PID 2420 wrote to memory of 2640	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	WerFault.exe
PID 2420 wrote to memory of 2640	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	WerFault.exe
PID 2420 wrote to memory of 2640	2420	8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe	WerFault.exe
PID 2644 wrote to memory of 3068	2644	Unicorn-19551.exe	Unicorn-20877.exe
PID 2644 wrote to memory of 3068	2644	Unicorn-19551.exe	Unicorn-20877.exe
PID 2644 wrote to memory of 3068	2644	Unicorn-19551.exe	Unicorn-20877.exe
PID 2644 wrote to memory of 3068	2644	Unicorn-19551.exe	Unicorn-20877.exe
PID 2388 wrote to memory of 2540	2388	Unicorn-39417.exe	Unicorn-37737.exe
PID 2388 wrote to memory of 2540	2388	Unicorn-39417.exe	Unicorn-37737.exe
PID 2388 wrote to memory of 2540	2388	Unicorn-39417.exe	Unicorn-37737.exe
PID 2388 wrote to memory of 2540	2388	Unicorn-39417.exe	Unicorn-37737.exe
PID 2188 wrote to memory of 2680	2188	Unicorn-8289.exe	Unicorn-55998.exe
PID 2188 wrote to memory of 2680	2188	Unicorn-8289.exe	Unicorn-55998.exe
PID 2188 wrote to memory of 2680	2188	Unicorn-8289.exe	Unicorn-55998.exe
PID 2188 wrote to memory of 2680	2188	Unicorn-8289.exe	Unicorn-55998.exe
PID 2188 wrote to memory of 3032	2188	Unicorn-8289.exe	WerFault.exe
PID 2188 wrote to memory of 3032	2188	Unicorn-8289.exe	WerFault.exe
PID 2188 wrote to memory of 3032	2188	Unicorn-8289.exe	WerFault.exe
PID 2188 wrote to memory of 3032	2188	Unicorn-8289.exe	WerFault.exe
PID 3068 wrote to memory of 2244	3068	Unicorn-20877.exe	Unicorn-36218.exe
PID 3068 wrote to memory of 2244	3068	Unicorn-20877.exe	Unicorn-36218.exe
PID 3068 wrote to memory of 2244	3068	Unicorn-20877.exe	Unicorn-36218.exe
PID 3068 wrote to memory of 2244	3068	Unicorn-20877.exe	Unicorn-36218.exe
PID 2644 wrote to memory of 2692	2644	Unicorn-19551.exe	Unicorn-10732.exe
PID 2644 wrote to memory of 2692	2644	Unicorn-19551.exe	Unicorn-10732.exe
PID 2644 wrote to memory of 2692	2644	Unicorn-19551.exe	Unicorn-10732.exe
PID 2644 wrote to memory of 2692	2644	Unicorn-19551.exe	Unicorn-10732.exe
PID 2540 wrote to memory of 3000	2540	Unicorn-37737.exe	Unicorn-30598.exe
PID 2540 wrote to memory of 3000	2540	Unicorn-37737.exe	Unicorn-30598.exe
PID 2540 wrote to memory of 3000	2540	Unicorn-37737.exe	Unicorn-30598.exe
PID 2540 wrote to memory of 3000	2540	Unicorn-37737.exe	Unicorn-30598.exe
PID 2680 wrote to memory of 884	2680	Unicorn-55998.exe	Unicorn-12995.exe
PID 2680 wrote to memory of 884	2680	Unicorn-55998.exe	Unicorn-12995.exe
PID 2680 wrote to memory of 884	2680	Unicorn-55998.exe	Unicorn-12995.exe
PID 2680 wrote to memory of 884	2680	Unicorn-55998.exe	Unicorn-12995.exe
PID 2388 wrote to memory of 2172	2388	Unicorn-39417.exe	Unicorn-58667.exe
PID 2388 wrote to memory of 2172	2388	Unicorn-39417.exe	Unicorn-58667.exe
PID 2388 wrote to memory of 2172	2388	Unicorn-39417.exe	Unicorn-58667.exe
PID 2388 wrote to memory of 2172	2388	Unicorn-39417.exe	Unicorn-58667.exe
PID 2644 wrote to memory of 564	2644	Unicorn-19551.exe	WerFault.exe
PID 2644 wrote to memory of 564	2644	Unicorn-19551.exe	WerFault.exe
PID 2644 wrote to memory of 564	2644	Unicorn-19551.exe	WerFault.exe
PID 2644 wrote to memory of 564	2644	Unicorn-19551.exe	WerFault.exe
PID 2388 wrote to memory of 2312	2388	Unicorn-39417.exe	WerFault.exe
PID 2388 wrote to memory of 2312	2388	Unicorn-39417.exe	WerFault.exe
PID 2388 wrote to memory of 2312	2388	Unicorn-39417.exe	WerFault.exe
PID 2388 wrote to memory of 2312	2388	Unicorn-39417.exe	WerFault.exe
PID 2244 wrote to memory of 868	2244	Unicorn-36218.exe	Unicorn-54961.exe
PID 2244 wrote to memory of 868	2244	Unicorn-36218.exe	Unicorn-54961.exe
PID 2244 wrote to memory of 868	2244	Unicorn-36218.exe	Unicorn-54961.exe
PID 2244 wrote to memory of 868	2244	Unicorn-36218.exe	Unicorn-54961.exe

C:\Users\Admin\AppData\Local\Temp\8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe
"C:\Users\Admin\AppData\Local\Temp\8cb67c8dda5133edade0b607c6c20aa62db4a43013fe28ad75bd90a6d7fa2dc7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
9⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
10⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
11⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
12⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
13⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
14⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
15⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
15⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 236
14⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
13⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
12⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
11⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
10⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
10⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
12⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
13⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
14⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
14⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
13⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
12⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
11⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
9⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
8⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
10⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
11⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
12⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
13⤵
PID:9640

C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
14⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 220
14⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
13⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
9⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 220
8⤵
- Program crash
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
11⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
12⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
13⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
14⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
14⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
13⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 220
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
10⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
9⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-43514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43514.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
11⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
12⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
11⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 236
10⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
9⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
8⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
- Program crash
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
8⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
9⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
10⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
11⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
12⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
13⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
14⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 236
14⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
13⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
12⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
11⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
10⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
9⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
11⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
12⤵
PID:12120

C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 220
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 236
11⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
7⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 188
8⤵
- Program crash
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
7⤵
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
6⤵
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
8⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
10⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
11⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
12⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
13⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
14⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
14⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
13⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
12⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
11⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
10⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
11⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
7⤵
PID:524

C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
8⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
10⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
11⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
12⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
13⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
12⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
10⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exe
11⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
12⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 236
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
11⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
10⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 240
8⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
7⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
7⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
8⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
12⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
13⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 236
13⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 236
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
7⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
8⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
10⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
11⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
12⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 220
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
11⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
10⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
9⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 216
8⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
7⤵
- Program crash
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
6⤵
- Program crash
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:732

C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
11⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
12⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
13⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
14⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
14⤵
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
13⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 236
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
10⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
9⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
9⤵
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 188
10⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 220
8⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
7⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
11⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
12⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
13⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
13⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
12⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
11⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
8⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
7⤵
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
7⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
8⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
10⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
11⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
12⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
13⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 216
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 236
11⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
7⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
8⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
10⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
11⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 220
12⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
9⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
7⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
6⤵
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
7⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
10⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
11⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
12⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
13⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 236
13⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 236
11⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
9⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
7⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
11⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 236
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
11⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
9⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
8⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
7⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
6⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
10⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
7⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
6⤵
- Program crash
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
5⤵
- Program crash
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-12995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12995.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
9⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
10⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
11⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
12⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
13⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
14⤵
PID:11644

C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
15⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
14⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
13⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
12⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
11⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
12⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
13⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
14⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
14⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
13⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
12⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
11⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 220
9⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
8⤵
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 200
9⤵
- Program crash
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
8⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
7⤵
- Program crash
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
10⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 240
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-35251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35251.exe
11⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
12⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 236
12⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
7⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-25501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25501.exe
9⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-61915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61915.exe
11⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
12⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
13⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 236
13⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
12⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
11⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
10⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
8⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
7⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
6⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
8⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
11⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
12⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
13⤵
PID:11392

C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
14⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11392 -s 236
14⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
12⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
9⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
10⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
12⤵
PID:11468

C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11468 -s 236
13⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
11⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
10⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
7⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
11⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
12⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
13⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
12⤵
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
8⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
7⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
6⤵
- Executes dropped EXE
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
9⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
10⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
11⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
12⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
12⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
7⤵
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
6⤵
- Program crash
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
5⤵
- Program crash
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
8⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
11⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
12⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 220
12⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 220
11⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
8⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-64724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64724.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
11⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
12⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 220
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
7⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
7⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
9⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
11⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
12⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
9⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
8⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
7⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
6⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
6⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
11⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
10⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
9⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
6⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
7⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
8⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
9⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
10⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
11⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
10⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
9⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
8⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
7⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
6⤵
- Program crash
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
5⤵
- Program crash
PID:600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
9⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
10⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-57097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57097.exe
11⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
12⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
13⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
14⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
15⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
14⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
13⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
12⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
11⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
10⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
10⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
11⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
12⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3701.exe
13⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
14⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 236
14⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 236
13⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 236
12⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
11⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
11⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
12⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
13⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
14⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
14⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
13⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
11⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
9⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 200
8⤵
- Program crash
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
8⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
11⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
12⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
13⤵
PID:11796

C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
14⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
13⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
12⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-52479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52479.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
10⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
11⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
12⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
13⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 236
13⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
12⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
11⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 236
13⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 236
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
7⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
6⤵
- Program crash
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
8⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
11⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
12⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
13⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 220
13⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
11⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
- Program crash
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
7⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
10⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
11⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
12⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
12⤵
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 212
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
11⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
7⤵
- Program crash
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
6⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
11⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
11⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 236
10⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
8⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
7⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
6⤵
- Program crash
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
5⤵
- Program crash
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
7⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
11⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 236
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
11⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 236
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
9⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
10⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
11⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
11⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
10⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
9⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
7⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
6⤵
- Program crash
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
6⤵
- Program crash
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
5⤵
- Program crash
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
8⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
10⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
11⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
12⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
13⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
13⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 216
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
8⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
9⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
10⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 236
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
10⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
9⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
8⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
7⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
6⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
7⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
10⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
11⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
12⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
12⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
11⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
10⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 236
9⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
8⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
7⤵
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
6⤵
- Program crash
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
6⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
7⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
10⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
11⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
12⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
11⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
7⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
6⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
7⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
8⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
9⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
10⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
11⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
10⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 220
9⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
8⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
6⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
5⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
6⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
8⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
9⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
10⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
11⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 220
11⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
10⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
9⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
8⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
7⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
6⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
5⤵
- Program crash
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
4⤵
- Program crash
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
2⤵
- Program crash
PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe

Filesize
184KB

MD5
fb603ed316bd722e528effe2dbd479ca

SHA1
b2aa181441bc987c3b63ba53f01acf3525bad530

SHA256
565247a50bc3a59a8c9634a6f1ebf98d3307b95d01e8d0f1d7ca00589090985a

SHA512
df4ec5092156cb2867f0e1bbd87af6d3709b2c716cbf632b4be714411f10e459a3dca345738fea6cffea442d5e78dd79283cde729a967f5d2d549e8d102d2d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe

Filesize
184KB

MD5
f386774a69feec16ad8945f2f308a083

SHA1
b7252085c26250a542180dc5266abcf327c18d7e

SHA256
363dcee6cce7540287fe788873be25724b2d1ad3816d05478777c5372c01d018

SHA512
1097fbed1b5e9d325fed6c40cbd7867f1e634f6787e7a8e7f313cf93927ecfbd315dca006a6f8edd155c4fa0dbd7b6cbd87e79f33586c6d5af6c8d7871622913

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe

Filesize
184KB

MD5
37df27ed75cbc9709bfb507f49eaf8fc

SHA1
f71ca8c243396ed1068097aaf8f0408c93d36d01

SHA256
3b45bd42f6f565f8b5f55ca06349e9b48db285273ca1bb389ed9528f61e8c609

SHA512
25bc3a5642f4cbbdf95a89909e91a5e2d33f37a646c112fbfe140e73de9e09820c43eb2202edaa47dfa40444cfb219d31d5ef84e598d689c77e8466f0a399a2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe

Filesize
184KB

MD5
ede2f087d6129dee05c3b689ca52f43a

SHA1
153b41bfee7118f6a28f02cdbb1a7a6a217b83a8

SHA256
8813b21de31103020f0f531f6058de140a1ae735dff19d6289cb015134884530

SHA512
f631acd2c3c13365c55c5f1380f5b77f9bb04c17ed2ba86f594619a78bd7352e076d2218db06c4492591ee1eacdeda097ad4e42db43cc84b60ef4d8784a9f0a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe

Filesize
184KB

MD5
9d2e327bcb30e217da1c5c9bd0878f36

SHA1
ab5367765f4ddcd754ad32a040923454bce2f4ce

SHA256
5dc10377ce5bfba612f3c88a628c44d2f09941571594997323631202b19b9bde

SHA512
560f39fd271157a2ffdc7a74d5cb0c682c8211a54815d33aca8988225b40abf01de20f1af8b9607e13c1d7e4d79ad9eebfd403dd3c78efc693422bfe2a554a9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe

Filesize
184KB

MD5
e5d75864589e3cc1b5611b485b5654e3

SHA1
b687dc9237fa92390a555f3d7548011119a28a64

SHA256
c5eafe94e989725d519a2760dae34f74aa516096b0cd4d313b25283c0d0e6e89

SHA512
0eb6090d81b9f116b8e46e6ae825f8100afb11305b10a3491c34688f25f863bb0c79e81c2c29ab960a700ac33d8bc2e5d6e7212ff560be5e2d781cb5a6754c68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12995.exe

Filesize
184KB

MD5
264166af806c2669ca9455ef461f6bdb

SHA1
aa6832cd9b5c9aa53c71f367db8e843c32a862d5

SHA256
9a6ffd38aaf2fb1b006311164a94fda1b8d49e49644b7b4ade05708a1db43287

SHA512
b0962ab99c6d1693be5f4089fe5208ab960c32b19c852cbcd128ca61ee3e09e24f3a5dafc3ebfa3efc99ad459e392170e8e19e96fc7d650eb83957adf4f88a54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe

Filesize
184KB

MD5
61b7820f1177c91e4f11fa4bca5273cd

SHA1
a8a8113ad94d2e9cadc63f354410f5bacc41f097

SHA256
8ac423464bdc2bb7188260fce2affbc789e2a02e748a88648e5c54cb2bb4f35f

SHA512
e75dfa9199efe1e2ccc0742a0878568d456163714da52f136096a0528c7e6a9a313798dedc2070e0fd6cd38e5dd53635bd6efd50744f9130887cf0b0d12ab6a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe

Filesize
184KB

MD5
763fa8ed7fc8275df6e6371ea25584c4

SHA1
761874639d299b0cccf7437ddd8b796564a93a69

SHA256
80e19bf3a5fe5ba1a95da8bc41a8d65e29ac066962356f71cf75235fa0787d7c

SHA512
5d072f8cb1968ce1078ce3f1976ac80d61c3af60d0ee987aaf4a8bebafd546d0ddd2d90fd35eaa6695d75a0af301eb8bcafd88fdd920a9075d359f5556f58117

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe

Filesize
184KB

MD5
683edc2b8489b344bffd6606b21ed384

SHA1
6e62cda6de5c5b9c6632e6f9aca9e54c4c2eb98c

SHA256
3aa0dba8e166209f0bab5ac65726c8a14c69c1e09884ae9656a5a54378db7104

SHA512
853be2f472da21129fcbab47056e6f32d910fc1f071479933e3e3ccd9ba755cab67b7a9f13e3daf3bfe9bd917f1e38df575de33d4fdf4a0b52d4fecfad6d490d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe

Filesize
184KB

MD5
deed5ac99a18726c426b3c3c28ab43d8

SHA1
40b0791d5e1560cb73f77f1d55543dee70ccee6c

SHA256
00c23cc6b5338979a16df67413e9ddeba0ac6e8678d3869af431cab83a430e83

SHA512
cc323f64c06d0fa930aa1bb3f459648f0696a2322cb43ea42c32c299a6a4c2e5fdb2d4049b54f9ae900eac989f583c3da7609e6727958cc8217e4fb3cad26099

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe

Filesize
184KB

MD5
9a11d5718110068393cefb7e9513ee09

SHA1
e311893f447e3808aa7552ca0c7096776d111bfb

SHA256
02702bf719ec66d4bb92bd585709fcd19b3b677f5f62b9c906a5f5ab0b173079

SHA512
1af41ef3cba5edebda88c5005ca8f5d2bd9035e47c97a750f708aa4f02eec94a5baaf9506a3dc3a24d8062cb9f33f6183f7897b6178da773871bb17e7f551834

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe

Filesize
184KB

MD5
9434e9423a814d84c93d903b3366310e

SHA1
ef69466df44cf70bec2a6c35bca5485e9af2e726

SHA256
cec42c1dc97908d6aea08d6a142cf381db043d0f86ddc2b47c51ac7aff93b2f0

SHA512
04fcac54590c8855781c99d4dcc28643231b7ebde7949403d156c36acdc956e103598bd2f7e24b3978d623673a543c6f10fb9a278d1c7a991e3bf46045f31917

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe

Filesize
184KB

MD5
38a4726371db3bc7a6d3725e5fbb448d

SHA1
f343aadb7cb264166b2b589de48f7cbc04951c38

SHA256
bff553692c76d84a90736d48b0afab08efe56cc290780bd8a8bef89fd3c2072b

SHA512
2f91a0187335f90d9492d2f57cb6ffe0967c3e933373afacbf94fa0336f6fa7520ec410ea81154366875e37e0df92f4e40f779c2b279f1a6292a95d1d0801c13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe

Filesize
184KB

MD5
c744f3e9758945847b5f71f711dd23f3

SHA1
bc5dd65d7c5f8ddbca0ea4cf25e968ad37d254de

SHA256
03316cfd94f6dcac88445e65592fe233a9a69a344e700f00db821b68f74fbcbf

SHA512
2508952cfc28d3e600b2637bdac0dd6dcef50e3dc51e7653d17925e3de1af6b10f01b5ae9bb06994acfdabf4659b966457b80ad39f355d7c1cbb96e6a16cb5d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe

Filesize
184KB

MD5
77a3ffb42ea42034561c7454fd616e69

SHA1
1a1118b584825e2833eb00b2997fb7b61705128c

SHA256
21f0c8e23e0b7783e3ff9fa37100168385c133709d34a71eb739c5685138409a

SHA512
5b0c7804548ca0f5fcd83f1d8a8ff87232afcfd938fc4e37d3fbf9da88b08dfb370d91356b3c0246cb43218e2bc44c45096beb9670ab55c9594a9d4bae553a0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe

Filesize
184KB

MD5
91d19abb20c8e92b065f24e649aa6b12

SHA1
658f8c3f9a9f798ae0fbcc7cb56521c6c565d80c

SHA256
b5993fa6511fa0318d497925946780f9fa3c3e265b1584b26e30136f27bf1e88

SHA512
813a064c50958a1fadb4997eea164d2577314b7f2c85c8fc62ac605aba3833f0b5ecb5ab11488e04c64d3be04f79f6afe2b4f65d8e50126a2eae06696e129ad1

Download Submit