8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
Size

184KB
MD5

513feb7e2f2c9bad8373957d0f5ea156
SHA1

5e4e6db092ca4fa035e65e9c46822afc06757332
SHA256

8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc
SHA512

7f6956dbae4b2f8ae4b28accbe1d5e6869e0ff06aaaae4c4f57a569721a8dde380a620af71646a17565f0f922d30e0c3c39eba259cfa01ae49a4c35e4317a12c
SSDEEP

1536:w7S/6jZlu+KRotx1KPxAl/wMH2IyvhclTmd8qSfx2VzUt+hl5hj5nizpvV:+da+KRoTkPx6dHtWW+SfxKS+hlnViF9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-48810.exeUnicorn-21023.exeUnicorn-1157.exeUnicorn-17722.exeUnicorn-42775.exeUnicorn-62641.exeUnicorn-9114.exeUnicorn-46255.exeUnicorn-19207.exeUnicorn-39073.exeUnicorn-41080.exeUnicorn-33808.exeUnicorn-43901.exeUnicorn-63766.exeUnicorn-18410.exeUnicorn-5769.exeUnicorn-42905.exeUnicorn-2344.exeUnicorn-22210.exeUnicorn-23735.exeUnicorn-60849.exeUnicorn-65317.exeUnicorn-12333.exeUnicorn-35363.exeUnicorn-58005.exeUnicorn-569.exeUnicorn-51633.exeUnicorn-6578.exeUnicorn-26444.exeUnicorn-11970.exeUnicorn-48789.exeUnicorn-42787.exeUnicorn-5900.exeUnicorn-14364.exeUnicorn-14229.exeUnicorn-19622.exeUnicorn-41613.exeUnicorn-903.exeUnicorn-20769.exeUnicorn-2735.exeUnicorn-23841.exeUnicorn-23841.exeUnicorn-29849.exeUnicorn-33182.exeUnicorn-39190.exeUnicorn-59056.exeUnicorn-27562.exeUnicorn-59527.exeUnicorn-29272.exeUnicorn-49138.exeUnicorn-63248.exeUnicorn-60020.exeUnicorn-18817.exeUnicorn-783.exeUnicorn-46455.exeUnicorn-31230.exeUnicorn-41619.exeUnicorn-43525.exeUnicorn-25753.exeUnicorn-19287.exeUnicorn-39624.exeUnicorn-53801.exeUnicorn-8129.exeUnicorn-1969.exe

pid	process
2084	Unicorn-48810.exe
2336	Unicorn-21023.exe
2776	Unicorn-1157.exe
2616	Unicorn-17722.exe
2528	Unicorn-42775.exe
2612	Unicorn-62641.exe
1612	Unicorn-9114.exe
1512	Unicorn-46255.exe
2680	Unicorn-19207.exe
1916	Unicorn-39073.exe
1656	Unicorn-41080.exe
1324	Unicorn-33808.exe
1308	Unicorn-43901.exe
2252	Unicorn-63766.exe
2056	Unicorn-18410.exe
1156	Unicorn-5769.exe
776	Unicorn-42905.exe
652	Unicorn-2344.exe
1492	Unicorn-22210.exe
1776	Unicorn-23735.exe
948	Unicorn-60849.exe
1688	Unicorn-65317.exe
1320	Unicorn-12333.exe
2360	Unicorn-35363.exe
1944	Unicorn-58005.exe
580	Unicorn-569.exe
2144	Unicorn-51633.exe
1712	Unicorn-6578.exe
2420	Unicorn-26444.exe
2096	Unicorn-11970.exe
1564	Unicorn-48789.exe
2624	Unicorn-42787.exe
2588	Unicorn-5900.exe
2520	Unicorn-14364.exe
2516	Unicorn-14229.exe
1708	Unicorn-19622.exe
1668	Unicorn-41613.exe
2784	Unicorn-903.exe
1516	Unicorn-20769.exe
1792	Unicorn-2735.exe
328	Unicorn-23841.exe
1536	Unicorn-23841.exe
2976	Unicorn-29849.exe
2432	Unicorn-33182.exe
836	Unicorn-39190.exe
2272	Unicorn-59056.exe
2124	Unicorn-27562.exe
596	Unicorn-59527.exe
448	Unicorn-29272.exe
1032	Unicorn-49138.exe
1560	Unicorn-63248.exe
2004	Unicorn-60020.exe
2900	Unicorn-18817.exe
3044	Unicorn-783.exe
3056	Unicorn-46455.exe
2068	Unicorn-31230.exe
2536	Unicorn-41619.exe
2512	Unicorn-43525.exe
2744	Unicorn-25753.exe
1068	Unicorn-19287.exe
1300	Unicorn-39624.exe
1568	Unicorn-53801.exe
2828	Unicorn-8129.exe
1844	Unicorn-1969.exe

Loads dropped DLL 64 IoCs

Processes:

8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exeUnicorn-48810.exeUnicorn-21023.exeUnicorn-1157.exeWerFault.exeUnicorn-42775.exeUnicorn-62641.exeUnicorn-17722.exeWerFault.exeWerFault.exeUnicorn-9114.exeUnicorn-46255.exeUnicorn-19207.exeUnicorn-39073.exeUnicorn-41080.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
2084	Unicorn-48810.exe
2084	Unicorn-48810.exe
1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
2336	Unicorn-21023.exe
2336	Unicorn-21023.exe
2084	Unicorn-48810.exe
2084	Unicorn-48810.exe
2776	Unicorn-1157.exe
2776	Unicorn-1157.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2528	Unicorn-42775.exe
2528	Unicorn-42775.exe
2612	Unicorn-62641.exe
2612	Unicorn-62641.exe
2776	Unicorn-1157.exe
2776	Unicorn-1157.exe
2616	Unicorn-17722.exe
2616	Unicorn-17722.exe
2336	Unicorn-21023.exe
2336	Unicorn-21023.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2436	WerFault.exe
1612	Unicorn-9114.exe
1612	Unicorn-9114.exe
2612	Unicorn-62641.exe
1512	Unicorn-46255.exe
2612	Unicorn-62641.exe
1512	Unicorn-46255.exe
2528	Unicorn-42775.exe
2528	Unicorn-42775.exe
2680	Unicorn-19207.exe
2680	Unicorn-19207.exe
1916	Unicorn-39073.exe
1916	Unicorn-39073.exe
2616	Unicorn-17722.exe
1656	Unicorn-41080.exe
1656	Unicorn-41080.exe
2616	Unicorn-17722.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
708	WerFault.exe
708	WerFault.exe
708	WerFault.exe
708	WerFault.exe
708	WerFault.exe
1136	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2724	1952	WerFault.exe	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
2924	2084	WerFault.exe	Unicorn-48810.exe
2436	2336	WerFault.exe	Unicorn-21023.exe
2816	2776	WerFault.exe	Unicorn-1157.exe
284	1656	WerFault.exe	Unicorn-41080.exe
708	2528	WerFault.exe	Unicorn-42775.exe
1136	2612	WerFault.exe	Unicorn-62641.exe
3020	2616	WerFault.exe	Unicorn-17722.exe
2212	1492	WerFault.exe	Unicorn-22210.exe
2168	1612	WerFault.exe	Unicorn-9114.exe
2712	1512	WerFault.exe	Unicorn-46255.exe
2684	2680	WerFault.exe	Unicorn-19207.exe
2696	1916	WerFault.exe	Unicorn-39073.exe
1580	1688	WerFault.exe	Unicorn-65317.exe
2324	580	WerFault.exe	Unicorn-569.exe
548	1308	WerFault.exe	Unicorn-43901.exe
1260	2056	WerFault.exe	Unicorn-18410.exe
1108	1324	WerFault.exe	Unicorn-33808.exe
2300	2252	WerFault.exe	Unicorn-63766.exe
976	776	WerFault.exe	Unicorn-42905.exe
2880	652	WerFault.exe	Unicorn-2344.exe
608	1156	WerFault.exe	Unicorn-5769.exe
1372	2272	WerFault.exe	Unicorn-59056.exe
2132	1776	WerFault.exe	Unicorn-23735.exe
2052	948	WerFault.exe	Unicorn-60849.exe
1340	1320	WerFault.exe	Unicorn-12333.exe
1984	2360	WerFault.exe	Unicorn-35363.exe
2888	1944	WerFault.exe	Unicorn-58005.exe
2260	1564	WerFault.exe	Unicorn-48789.exe
848	2096	WerFault.exe	Unicorn-11970.exe
2700	2420	WerFault.exe	Unicorn-26444.exe
1784	2144	WerFault.exe	Unicorn-51633.exe
2288	1712	WerFault.exe	Unicorn-6578.exe
1292	2520	WerFault.exe	Unicorn-14364.exe
2944	2860	WerFault.exe	Unicorn-4450.exe
1532	2624	WerFault.exe	Unicorn-42787.exe
2928	1856	WerFault.exe	Unicorn-32682.exe
2516	1792	WerFault.exe	Unicorn-2735.exe
1528	2432	WerFault.exe	Unicorn-33182.exe
3104	2976	WerFault.exe	Unicorn-29849.exe
3140	2784	WerFault.exe	Unicorn-903.exe
3200	2124	WerFault.exe	Unicorn-27562.exe
3396	1668	WerFault.exe	Unicorn-41613.exe
3528	1516	WerFault.exe	Unicorn-20769.exe
3544	2588	WerFault.exe	Unicorn-5900.exe
3560	836	WerFault.exe	Unicorn-39190.exe
3644	328	WerFault.exe	Unicorn-23841.exe
3700	1536	WerFault.exe	Unicorn-23841.exe
3608	2900	WerFault.exe	Unicorn-18817.exe
3744	2004	WerFault.exe	Unicorn-60020.exe
3944	1032	WerFault.exe	Unicorn-49138.exe
4040	3056	WerFault.exe	Unicorn-46455.exe
3124	2536	WerFault.exe	Unicorn-41619.exe
3128	448	WerFault.exe	Unicorn-29272.exe
3184	1664	WerFault.exe	Unicorn-55877.exe
3228	2068	WerFault.exe	Unicorn-31230.exe
3452	2828	WerFault.exe	Unicorn-8129.exe
3460	2744	WerFault.exe	Unicorn-25753.exe
3692	1568	WerFault.exe	Unicorn-53801.exe
3816	1352	WerFault.exe	Unicorn-44585.exe
3916	2176	WerFault.exe	Unicorn-55877.exe
3876	1312	WerFault.exe	Unicorn-44113.exe
3372	2940	WerFault.exe	Unicorn-36384.exe
3712	1560	WerFault.exe	Unicorn-63248.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exeUnicorn-48810.exeUnicorn-21023.exeUnicorn-1157.exeUnicorn-17722.exeUnicorn-62641.exeUnicorn-42775.exeUnicorn-9114.exeUnicorn-46255.exeUnicorn-19207.exeUnicorn-39073.exeUnicorn-41080.exeUnicorn-43901.exeUnicorn-33808.exeUnicorn-18410.exeUnicorn-63766.exeUnicorn-42905.exeUnicorn-5769.exeUnicorn-2344.exeUnicorn-22210.exeUnicorn-23735.exeUnicorn-60849.exeUnicorn-65317.exeUnicorn-12333.exeUnicorn-35363.exeUnicorn-58005.exeUnicorn-569.exeUnicorn-51633.exeUnicorn-6578.exeUnicorn-26444.exeUnicorn-48789.exeUnicorn-42787.exeUnicorn-5900.exeUnicorn-14364.exeUnicorn-14229.exeUnicorn-19622.exeUnicorn-41613.exeUnicorn-20769.exeUnicorn-903.exeUnicorn-2735.exeUnicorn-23841.exeUnicorn-23841.exeUnicorn-29849.exeUnicorn-33182.exeUnicorn-39190.exeUnicorn-59056.exeUnicorn-27562.exeUnicorn-59527.exeUnicorn-49138.exeUnicorn-29272.exeUnicorn-63248.exeUnicorn-60020.exeUnicorn-18817.exeUnicorn-783.exeUnicorn-46455.exeUnicorn-31230.exeUnicorn-41619.exeUnicorn-43525.exeUnicorn-25753.exeUnicorn-19287.exeUnicorn-8129.exeUnicorn-39624.exeUnicorn-53801.exeUnicorn-1969.exe

pid	process
1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
2084	Unicorn-48810.exe
2336	Unicorn-21023.exe
2776	Unicorn-1157.exe
2616	Unicorn-17722.exe
2612	Unicorn-62641.exe
2528	Unicorn-42775.exe
1612	Unicorn-9114.exe
1512	Unicorn-46255.exe
2680	Unicorn-19207.exe
1916	Unicorn-39073.exe
1656	Unicorn-41080.exe
1308	Unicorn-43901.exe
1324	Unicorn-33808.exe
2056	Unicorn-18410.exe
2252	Unicorn-63766.exe
776	Unicorn-42905.exe
1156	Unicorn-5769.exe
652	Unicorn-2344.exe
1492	Unicorn-22210.exe
1776	Unicorn-23735.exe
948	Unicorn-60849.exe
1688	Unicorn-65317.exe
1320	Unicorn-12333.exe
2360	Unicorn-35363.exe
1944	Unicorn-58005.exe
580	Unicorn-569.exe
2144	Unicorn-51633.exe
1712	Unicorn-6578.exe
2420	Unicorn-26444.exe
1564	Unicorn-48789.exe
2624	Unicorn-42787.exe
2588	Unicorn-5900.exe
2520	Unicorn-14364.exe
2516	Unicorn-14229.exe
1708	Unicorn-19622.exe
1668	Unicorn-41613.exe
1516	Unicorn-20769.exe
2784	Unicorn-903.exe
1792	Unicorn-2735.exe
328	Unicorn-23841.exe
1536	Unicorn-23841.exe
2976	Unicorn-29849.exe
2432	Unicorn-33182.exe
836	Unicorn-39190.exe
2272	Unicorn-59056.exe
2124	Unicorn-27562.exe
596	Unicorn-59527.exe
1032	Unicorn-49138.exe
448	Unicorn-29272.exe
1560	Unicorn-63248.exe
2004	Unicorn-60020.exe
2900	Unicorn-18817.exe
3044	Unicorn-783.exe
3056	Unicorn-46455.exe
2068	Unicorn-31230.exe
2536	Unicorn-41619.exe
2512	Unicorn-43525.exe
2744	Unicorn-25753.exe
1068	Unicorn-19287.exe
2828	Unicorn-8129.exe
1300	Unicorn-39624.exe
1568	Unicorn-53801.exe
1844	Unicorn-1969.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exeUnicorn-48810.exeUnicorn-21023.exeUnicorn-1157.exeUnicorn-42775.exeUnicorn-62641.exeUnicorn-17722.exeUnicorn-9114.exe

description	pid	process	target process
PID 1952 wrote to memory of 2084	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-48810.exe
PID 1952 wrote to memory of 2084	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-48810.exe
PID 1952 wrote to memory of 2084	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-48810.exe
PID 1952 wrote to memory of 2084	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-48810.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-48810.exe	Unicorn-21023.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-48810.exe	Unicorn-21023.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-48810.exe	Unicorn-21023.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-48810.exe	Unicorn-21023.exe
PID 1952 wrote to memory of 2776	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-1157.exe
PID 1952 wrote to memory of 2776	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-1157.exe
PID 1952 wrote to memory of 2776	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-1157.exe
PID 1952 wrote to memory of 2776	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	Unicorn-1157.exe
PID 1952 wrote to memory of 2724	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	WerFault.exe
PID 1952 wrote to memory of 2724	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	WerFault.exe
PID 1952 wrote to memory of 2724	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	WerFault.exe
PID 1952 wrote to memory of 2724	1952	8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe	WerFault.exe
PID 2336 wrote to memory of 2616	2336	Unicorn-21023.exe	Unicorn-17722.exe
PID 2336 wrote to memory of 2616	2336	Unicorn-21023.exe	Unicorn-17722.exe
PID 2336 wrote to memory of 2616	2336	Unicorn-21023.exe	Unicorn-17722.exe
PID 2336 wrote to memory of 2616	2336	Unicorn-21023.exe	Unicorn-17722.exe
PID 2084 wrote to memory of 2528	2084	Unicorn-48810.exe	Unicorn-42775.exe
PID 2084 wrote to memory of 2528	2084	Unicorn-48810.exe	Unicorn-42775.exe
PID 2084 wrote to memory of 2528	2084	Unicorn-48810.exe	Unicorn-42775.exe
PID 2084 wrote to memory of 2528	2084	Unicorn-48810.exe	Unicorn-42775.exe
PID 2776 wrote to memory of 2612	2776	Unicorn-1157.exe	Unicorn-62641.exe
PID 2776 wrote to memory of 2612	2776	Unicorn-1157.exe	Unicorn-62641.exe
PID 2776 wrote to memory of 2612	2776	Unicorn-1157.exe	Unicorn-62641.exe
PID 2776 wrote to memory of 2612	2776	Unicorn-1157.exe	Unicorn-62641.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-48810.exe	WerFault.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-48810.exe	WerFault.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-48810.exe	WerFault.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-48810.exe	WerFault.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-42775.exe	Unicorn-9114.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-42775.exe	Unicorn-9114.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-42775.exe	Unicorn-9114.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-42775.exe	Unicorn-9114.exe
PID 2612 wrote to memory of 1512	2612	Unicorn-62641.exe	Unicorn-46255.exe
PID 2612 wrote to memory of 1512	2612	Unicorn-62641.exe	Unicorn-46255.exe
PID 2612 wrote to memory of 1512	2612	Unicorn-62641.exe	Unicorn-46255.exe
PID 2612 wrote to memory of 1512	2612	Unicorn-62641.exe	Unicorn-46255.exe
PID 2776 wrote to memory of 2680	2776	Unicorn-1157.exe	Unicorn-19207.exe
PID 2776 wrote to memory of 2680	2776	Unicorn-1157.exe	Unicorn-19207.exe
PID 2776 wrote to memory of 2680	2776	Unicorn-1157.exe	Unicorn-19207.exe
PID 2776 wrote to memory of 2680	2776	Unicorn-1157.exe	Unicorn-19207.exe
PID 2616 wrote to memory of 1916	2616	Unicorn-17722.exe	Unicorn-39073.exe
PID 2616 wrote to memory of 1916	2616	Unicorn-17722.exe	Unicorn-39073.exe
PID 2616 wrote to memory of 1916	2616	Unicorn-17722.exe	Unicorn-39073.exe
PID 2616 wrote to memory of 1916	2616	Unicorn-17722.exe	Unicorn-39073.exe
PID 2336 wrote to memory of 1656	2336	Unicorn-21023.exe	Unicorn-41080.exe
PID 2336 wrote to memory of 1656	2336	Unicorn-21023.exe	Unicorn-41080.exe
PID 2336 wrote to memory of 1656	2336	Unicorn-21023.exe	Unicorn-41080.exe
PID 2336 wrote to memory of 1656	2336	Unicorn-21023.exe	Unicorn-41080.exe
PID 2336 wrote to memory of 2436	2336	Unicorn-21023.exe	WerFault.exe
PID 2336 wrote to memory of 2436	2336	Unicorn-21023.exe	WerFault.exe
PID 2336 wrote to memory of 2436	2336	Unicorn-21023.exe	WerFault.exe
PID 2336 wrote to memory of 2436	2336	Unicorn-21023.exe	WerFault.exe
PID 2776 wrote to memory of 2816	2776	Unicorn-1157.exe	WerFault.exe
PID 2776 wrote to memory of 2816	2776	Unicorn-1157.exe	WerFault.exe
PID 2776 wrote to memory of 2816	2776	Unicorn-1157.exe	WerFault.exe
PID 2776 wrote to memory of 2816	2776	Unicorn-1157.exe	WerFault.exe
PID 1612 wrote to memory of 1324	1612	Unicorn-9114.exe	Unicorn-33808.exe
PID 1612 wrote to memory of 1324	1612	Unicorn-9114.exe	Unicorn-33808.exe
PID 1612 wrote to memory of 1324	1612	Unicorn-9114.exe	Unicorn-33808.exe
PID 1612 wrote to memory of 1324	1612	Unicorn-9114.exe	Unicorn-33808.exe

C:\Users\Admin\AppData\Local\Temp\8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe
"C:\Users\Admin\AppData\Local\Temp\8f1a1a4ee9be15ae6f5a20c977a3ed1d73ace256ce64daa64c75d9fbe56181bc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
10⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
11⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
12⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
13⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
14⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
15⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
15⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
13⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
12⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
11⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-29665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29665.exe
10⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
11⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
12⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
13⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
14⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
15⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
14⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
13⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
11⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
9⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
10⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
11⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
12⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
13⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
14⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
15⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
14⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
13⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
12⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
11⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
10⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
9⤵
- Program crash
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
9⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
10⤵
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
10⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
9⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
12⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
13⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
12⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
11⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
10⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
9⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
8⤵
- Program crash
PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
7⤵
- Program crash
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
8⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
11⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
12⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
13⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
14⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
13⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
12⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
11⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
9⤵
- Program crash
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
10⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
11⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
12⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
13⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 236
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
12⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
11⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
9⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
8⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
7⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
8⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
10⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
11⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
12⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
13⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
12⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
9⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
8⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
7⤵
- Program crash
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
6⤵
- Program crash
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
7⤵
- Program crash
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
8⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
10⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
11⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
13⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
12⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
11⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
9⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
10⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
11⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
12⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 236
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
8⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
7⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
6⤵
- Program crash
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
5⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
9⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
11⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
12⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
13⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
14⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
15⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
14⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
13⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
12⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
11⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
10⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
9⤵
- Program crash
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
8⤵
- Program crash
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
7⤵
- Program crash
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
6⤵
- Program crash
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
8⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
9⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
7⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
11⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
12⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
13⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
12⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
8⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
6⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
8⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
9⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
11⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
12⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
13⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
10⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
10⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
11⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
12⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
10⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
8⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
7⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
7⤵
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
8⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
10⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
11⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
12⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
10⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
9⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 216
8⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
7⤵
- Program crash
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
6⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
5⤵
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
8⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
10⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
11⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
12⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
13⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
14⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
13⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 236
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
9⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
11⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
12⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
13⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 236
12⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
9⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
8⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
11⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
12⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 220
13⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
12⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
11⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
8⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
7⤵
- Program crash
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
10⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
12⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
13⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
11⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
9⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
11⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
12⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
12⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
8⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
7⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
9⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
10⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
11⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
12⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 236
12⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
11⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
10⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
8⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
7⤵
- Program crash
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
6⤵
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
11⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
12⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 236
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
12⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
11⤵
PID:9680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
12⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 236
12⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
11⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
7⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
9⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
11⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
11⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
8⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
7⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
6⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
10⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
11⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
12⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 236
11⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
7⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
5⤵
- Program crash
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
9⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
10⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
11⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
12⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
13⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
14⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 236
14⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 236
13⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
12⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
11⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 216
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
10⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
11⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
12⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
13⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
13⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
12⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
11⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
8⤵
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
9⤵
- Program crash
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-46455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46455.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
8⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
10⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
11⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
12⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
12⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
11⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
9⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
8⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
7⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
11⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
12⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
13⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
12⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
9⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
8⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
7⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
11⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
10⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
8⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
7⤵
- Program crash
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-33716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33716.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
13⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 236
12⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
8⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
11⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
12⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
10⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
8⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
7⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
7⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-50183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50183.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exe
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
11⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
8⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
7⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
8⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
9⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
10⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
11⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
10⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
9⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
8⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
7⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
6⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
5⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
8⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
12⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 220
13⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
11⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 236
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
10⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 224
11⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-13952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13952.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
10⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
11⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
12⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
11⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
10⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
9⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
7⤵
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21076.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
11⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
10⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
8⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
7⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
9⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
10⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
11⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
10⤵
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
8⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
7⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
6⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
7⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
9⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
10⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
11⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
11⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
10⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
9⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
8⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
7⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
6⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
5⤵
- Program crash
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
5⤵
- Executes dropped EXE
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
8⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
9⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
10⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
11⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
12⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
13⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 236
13⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
12⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
11⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
9⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
8⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
7⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-43507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43507.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
10⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
11⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
12⤵
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
11⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
8⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 220
7⤵
- Program crash
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
6⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
7⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
10⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
11⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
12⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
13⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
10⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
7⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
9⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
10⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
12⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
10⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
9⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
7⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
6⤵
- Program crash
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
6⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 220
7⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
6⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
7⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
8⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
9⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
10⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
11⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
10⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
9⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
8⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
7⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
6⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
5⤵
- Program crash
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-48789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48789.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
6⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
7⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
11⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
12⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
10⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
11⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
10⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
9⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
7⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
6⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
7⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
8⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
9⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
10⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
11⤵
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
10⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
8⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
7⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
6⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
5⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
6⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
7⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
9⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
10⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
11⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
11⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
10⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
9⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
7⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
6⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
7⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
8⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
9⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
10⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
10⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 220
9⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
8⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
7⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
6⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 220
5⤵
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
2⤵
- Program crash
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe

Filesize
184KB

MD5
3dbd39c041d49b3bbc51baa00ed3116a

SHA1
1f3be69a1590ad557b37669f60fbfda561fff709

SHA256
39bed0048e820bbb8b0f255a0f13e73f3767b7101853dcf5c9da62415e308c3e

SHA512
d05da063b25ae4b690b63e683fdb527528c0778bd0cbf8418c0196382888c02f4f92b10427d8a149c44584c2c561817b5a65492e132c2c58a6caacb14c640ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe

Filesize
184KB

MD5
94c1366824533041381b6a9ecbca2360

SHA1
547ba217c9c3587dc02f6ea1ad13d9700bcd7180

SHA256
08daddffb9e0d98aec0421c7151d0f6d06c36187c8fd919f3c7bdaff07952e51

SHA512
02b2a9dee5e120c299b1f57cb403a36dfb683f1afc762d2005c886279997643a0b517cece8f2e94cd1000037f24b4d5abdf82aedffb310c28a7f34d599fe1ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe

Filesize
184KB

MD5
ba26a201a8e4d66aed8d6ddc7102be9b

SHA1
680fd20e0f4bb1ecbe6e86cedbbb98781927a203

SHA256
87eef3bb060de114a6a03bd0924f7e9c1f2f000f383102e3009f9e2e28971172

SHA512
02933f471a32c6fe227f2b27c51a2be3858c9960b1c0ce3e166286c5dd99f0932a1e8418f064b0efea0a1134f197c30e73ee59a336bb793bd3cf45390aeee990

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe

Filesize
184KB

MD5
687ae09711d7499118a1647cf0bf226b

SHA1
bb069a938c7742198d7a35c5b3396ca89c4db888

SHA256
71eb4f23b24ca20ae8771cb9b8d9f83b728f1580ff72f88cdbbb72c993decacf

SHA512
0d4d41cf4ada4d53a84418567c90a8d26e3916a4e2600273a63f2bbcc6c15ceb66ad01cbf8f25bda8dd781a62c14064f30006ee936d19d1448cfe72c3f9d424c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe

Filesize
184KB

MD5
ed5d4405a0af54707832b732d5cd17e5

SHA1
a4679c3e532bfb4e8568e4e5d4fd018c2293f4d4

SHA256
d0eb3b3cff43ff180f1b4c628557258985578fceb3560f490ee7a39cacf509f9

SHA512
3502ee0bc2303cca0ee59bdbc7def4d4070b8f7d029220f8d46d78398d18c2459f0924926780ac680fcaf6445b423e19c7a193407e414e85c8e977f8ffc12a36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe

Filesize
184KB

MD5
1bcb545b034f267c7f4fb8f234eecd96

SHA1
01d481997c92eca493b8e43c44e1299ea3411c85

SHA256
776bbd3292ad7008f74c28258149961bc1f9857fab84bf39229e75be15c7d568

SHA512
dd59a98e04cd5ca514c191ad42b0e2cc993f6a1306480cba6250aed377da0eec30cf95359b3be1c03f11983d7668f4093e6c1fbe93695fe5a0e1a899c229fee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe

Filesize
184KB

MD5
b69834716c598fc579f2808521196601

SHA1
586aa80c3b811da8d6d7635d958fe62f76ec05d5

SHA256
40d5300a91259e538cbdef8a05c66140b9521904c6d79dbd33053088df439585

SHA512
96fb7829c59b10bd99dde9a0fe2783d5a16146d16e1de2dd7716eff82c1642637887b11e7912815b1ed05ff861e52a1ead4c98daa7e2c520e5c7547845ea968a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe

Filesize
184KB

MD5
374afb3d3a841ddfc54644215a82778c

SHA1
a33f0bc470e8b6fc5de75b06a1e28f7b67816450

SHA256
c9dbadd78598fa16f440fd23f2aa0eb3bba05d0168a6e3bc8fc6b71c394eddce

SHA512
4e25963198bf3c6b3b673da6af8e3eb55bf609fe00fc12b9da60ef65c962ca7221c4c753dde7d354bc197a5465a9e61f1ab452ba0c6840b8d20ae1ce187542df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe

Filesize
184KB

MD5
9bb2f30594568b3ca16c7f01387307b8

SHA1
ecb7140284c248c3dd27828a93089f8f8b324732

SHA256
a0af94615dd1504f5dea157972c0c422a0dd16cc510bcff10e170f219eb09c4f

SHA512
b943199fbea3c554af5d1af6ee7acf6bc31ecd405c5ad8223348f046bac0dac5bb90ba918fdb08b1afea67f0386ccfbefb7d71376ea9f8856210688b66c555cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe

Filesize
184KB

MD5
654360d4a8c0e6f6322543b53c870389

SHA1
6939d270e77c64288be910209b140949d212293a

SHA256
52df83fbae3f949261e3d30cf22caf81323bdbd6e177790178d80ece3e769f81

SHA512
6cd6b38d9602187ae1732bd64a8fc95ca3529d187601209dd0c11719ed73bdf5f22b5e2320c94732ab924838c566d38468bfde5b46674cd76b08b7c6adf45011

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe

Filesize
184KB

MD5
b3844e8efc4584c7537b851d7765c388

SHA1
f2c1c4e23cfc53facd872c78998b290caa2aca09

SHA256
3c2ba3d872ef2ffcdf339a066d8bd68ecaa3f274503bac8fb14a687b849ab2e6

SHA512
8a3c9e25cca13c946c381dddcbf2553ca941683ca9967e3e59abf3d2119b3c1cc90cc870a4996332a2fe67782febf042c15cb40e2a3feb3eca17bbcea1973a2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe

Filesize
184KB

MD5
8f399364f8aada418cad1c27e5455a41

SHA1
4fc2c6a5c333c21616a548012e75dce58fc20605

SHA256
35bedaf0cfff079466568243d67c5fb43206eb21a91f8599e050b4590ea6e7d1

SHA512
812aa8c949350d7f0a302210db03a64082c7ae45b38b1671bb464042dc52407c2cd8e4c3acedec6c8fbd13fe3ea4f504ee99a4ae7ca6f93df65b69afb8157d0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe

Filesize
184KB

MD5
0cca00670b0dc6c867cd14d5b863bd32

SHA1
5f18563d2f3ec83aea3337345082f0a161dd39e6

SHA256
0dd146a507e190313ef6a263199609a98a067d6855510374392750465c5859e2

SHA512
96612dadac2b6fd79c8f58cfdc897a18c9011a302959d91c987d879fb5ca589eb3924fae46917a1dacd1c55b335e440f6bdf1ec75bc6c2b9e084bb1532fe139d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe

Filesize
184KB

MD5
2baea1a26180b2a0ab6b7286bb8cc041

SHA1
757a209f3cbbbb12ad8daeed2561af184740cba9

SHA256
d8c458d35cb5dff45b80be3461216d12da75172715eb7a4f39702c19910e81af

SHA512
83735c88fd511b97e274b543f87237fb9ca2120cb531a6bf458b954373852ec1100ad669464a32425cae241841d09416483e20f57abb30f17f4a75aaaa273a80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe

Filesize
184KB

MD5
ec7034f85050b01f71c5b860fba49bb7

SHA1
4c4484b211fa1f972f6ece5e3fcd7c95caeb18d4

SHA256
f5c1634794e288703b73eac2f8b1f785be4bad60cc9aa5fa58abb5daf7033d44

SHA512
65b5a1012fbcf427e420cfcf19b7c61d5efae2f8da4dcede311a5ba3d5d06128ee223ac0a8ade46c48695b7b9e71a68c790de986645b9128ca27bfb86f63b1b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe

Filesize
184KB

MD5
d4839e9ac458a072439ea2529da7c490

SHA1
da6939e1914132c56a5744785cb77b4ff11cd980

SHA256
7999df4de7cccb2c7fad7fce4dada2c861b1f00e2a86f0b5fbb6a362d2fa5fb3

SHA512
43388526077f620fc20756e1ede5f3717f69971e91078710037c3f7f78341caca61dc9d19c97bd610fce87a30819a7421bdcdc6af71f13a6f3fcfd4291c4168f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe

Filesize
184KB

MD5
31b9f1e6d600042f8966e4cdd3706414

SHA1
a4cb17dbc487d539f035588251e00d787c47594c

SHA256
b28b5aa4621afc7467b67255f948cefa5f61eeb625b1d1b19622788ac54cd7e7

SHA512
4663279e4daafc87712c854a11cc56aa79f89ef1e89d67976dd791d8375ef43ea88d6e91520944081c31c594cb568b9513e39ed0e22227a8ed67c51850ae6fb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe

Filesize
184KB

MD5
59bf91b520760f59210bfbb0e79bed62

SHA1
97e57addb3ad2ca9e923e8c98bb67655a430c1e0

SHA256
f1be2155e93dd84b382fee20926fa4cb3f18df65d14c6ffe2dfe89c4a06b9faf

SHA512
10329f88fea4d12eec4247d03afb9483e1cb833b7a9634eb5d0238865d95d0efcc576a7c50a163f7d8cd4886edf4cd68345818a53298db513ee440d937f98382

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe

Filesize
184KB

MD5
7b179c94721a24db2cc87202a9573395

SHA1
9e843c60153392f839e33c6fd89d6c5a8002e887

SHA256
016078404d945eb163d7d94880e6ec9ad9d6ca6c3b409452c12829067ae9397d

SHA512
9d5dd6ada637dbb342a0a03d235b104a8655a67e2091076ca634ef9343a0ffe791258e5902683061cbd1b3806090460449832c048366dd9dc153a4eec5b8b14b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe

Filesize
184KB

MD5
07b58122fcf61c854a407a4ed7744a00

SHA1
2e48ec798f0b8c7d4ac6666411dbf8669cfa59c5

SHA256
2f5c3db24cdc29a82997e83eaf59b27a8d6eb4f0ddb28e2a17d7556258d920f4

SHA512
4b1ca55385161f5e414ff8fd6787843eaa29950e86fda82c543df30e5632d9b180c3cc8375ce859be66ac7eaaad95c00b17e7bcaa0c16a7cde7a7a43b44d84d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe

Filesize
184KB

MD5
d211515aa48c12145b137346ef372891

SHA1
43e0e7a6cca0743048cd81260c6ba6c3d907c794

SHA256
dd59f78e982926f434ccd448b834ec003efae1325a8d5b008be4881e015c06ab

SHA512
1ddc359217ab4dc1d05561a477a8c25ff39048e472ad600aee50b8c5585ec924adf8b215783b13995da01c4070b533b51b98e6bcf9c73c692def182348da3730

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe

Filesize
184KB

MD5
b80c9790603f161cd0af4e5cf96f5ce1

SHA1
8d1bdbed824ed5fb0660e903caa758f04f77c9b8

SHA256
40c273d3a14f9bdbea38678669568768fee53e26ceb6f990dd0020ffd8aa99bb

SHA512
419ff022e4cd0a0bc56314128b5aea74a5bb0a04a2953dcb1e3f19c0e169fb18fb7de6fe50bd806ae0a7033054305e9c7dad6a5b1200660b9988ee16e86a5a8e

Download Submit
memory/2096-725-0x0000000002840000-0x000000000299C000-memory.dmp

Filesize
1.4MB

Download