90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
Size

184KB
MD5

b6c6f4765503b036282d5895512ba151
SHA1

73579d89a60727378cdc7a01ce5215d1d180a760
SHA256

90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937
SHA512

1259db130c91c8137ef5cc72b49ce677fcdb1acaf7c4a5a77668b086bbb92b7399872994570926fc456988cc849465e11d628891ee7ce5353a39c9d6d49c4099
SSDEEP

3072:UOb3axoTKaODdj4WrJDVRKsThGnViF7n3:UOwo25j4SVYsThGnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-57386.exeUnicorn-56726.exeUnicorn-33696.exeUnicorn-20481.exeUnicorn-2691.exeUnicorn-9307.exeUnicorn-4636.exeUnicorn-12332.exeUnicorn-53674.exeUnicorn-18650.exeUnicorn-20727.exeUnicorn-3585.exeUnicorn-15147.exeUnicorn-29324.exeUnicorn-62895.exeUnicorn-37545.exeUnicorn-49190.exeUnicorn-43029.exeUnicorn-46185.exeUnicorn-10416.exeUnicorn-43150.exeUnicorn-35570.exeUnicorn-51968.exeUnicorn-57360.exeUnicorn-1916.exeUnicorn-17013.exeUnicorn-17013.exeUnicorn-12793.exeUnicorn-62617.exeUnicorn-62617.exeUnicorn-61360.exeUnicorn-20389.exeUnicorn-21013.exeUnicorn-15200.exeUnicorn-8724.exeUnicorn-57572.exeUnicorn-6179.exeUnicorn-32608.exeUnicorn-29833.exeUnicorn-52998.exeUnicorn-52998.exeUnicorn-52998.exeUnicorn-35680.exeUnicorn-55546.exeUnicorn-102.exeUnicorn-19968.exeUnicorn-56719.exeUnicorn-23916.exeUnicorn-23916.exeUnicorn-542.exeUnicorn-14787.exeUnicorn-47361.exeUnicorn-1689.exeUnicorn-11819.exeUnicorn-16288.exeUnicorn-38248.exeUnicorn-25608.exeUnicorn-16392.exeUnicorn-14315.exeUnicorn-1555.exeUnicorn-29437.exeUnicorn-52375.exeUnicorn-52375.exeUnicorn-33133.exe

pid	process
1728	Unicorn-57386.exe
2540	Unicorn-56726.exe
2524	Unicorn-33696.exe
2996	Unicorn-20481.exe
2768	Unicorn-2691.exe
2544	Unicorn-9307.exe
2692	Unicorn-4636.exe
2420	Unicorn-12332.exe
2812	Unicorn-53674.exe
1596	Unicorn-18650.exe
1696	Unicorn-20727.exe
2900	Unicorn-3585.exe
640	Unicorn-15147.exe
2280	Unicorn-29324.exe
2304	Unicorn-62895.exe
1312	Unicorn-37545.exe
1156	Unicorn-49190.exe
2844	Unicorn-43029.exe
576	Unicorn-46185.exe
3024	Unicorn-10416.exe
1752	Unicorn-43150.exe
2144	Unicorn-35570.exe
1600	Unicorn-51968.exe
1028	Unicorn-57360.exe
912	Unicorn-1916.exe
2976	Unicorn-17013.exe
1768	Unicorn-17013.exe
1196	Unicorn-12793.exe
2232	Unicorn-62617.exe
2028	Unicorn-62617.exe
1724	Unicorn-61360.exe
1704	Unicorn-20389.exe
2368	Unicorn-21013.exe
2836	Unicorn-15200.exe
2592	Unicorn-8724.exe
2480	Unicorn-57572.exe
2428	Unicorn-6179.exe
2596	Unicorn-32608.exe
2936	Unicorn-29833.exe
2608	Unicorn-52998.exe
1940	Unicorn-52998.exe
2764	Unicorn-52998.exe
2776	Unicorn-35680.exe
2704	Unicorn-55546.exe
1976	Unicorn-102.exe
760	Unicorn-19968.exe
1960	Unicorn-56719.exe
304	Unicorn-23916.exe
2408	Unicorn-23916.exe
2128	Unicorn-542.exe
2172	Unicorn-14787.exe
2804	Unicorn-47361.exe
1488	Unicorn-1689.exe
1648	Unicorn-11819.exe
1352	Unicorn-16288.exe
2092	Unicorn-38248.exe
2864	Unicorn-25608.exe
1748	Unicorn-16392.exe
1232	Unicorn-14315.exe
2820	Unicorn-1555.exe
2956	Unicorn-29437.exe
2064	Unicorn-52375.exe
2748	Unicorn-52375.exe
2200	Unicorn-33133.exe

Loads dropped DLL 64 IoCs

Processes:

90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exeUnicorn-57386.exeUnicorn-56726.exeUnicorn-33696.exeWerFault.exeUnicorn-20481.exeUnicorn-2691.exeUnicorn-9307.exeWerFault.exeWerFault.exeUnicorn-4636.exeUnicorn-12332.exeUnicorn-53674.exeUnicorn-18650.exeUnicorn-20727.exeWerFault.exeWerFault.exeUnicorn-3585.exe

pid	process
1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
1728	Unicorn-57386.exe
1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
1728	Unicorn-57386.exe
2540	Unicorn-56726.exe
2540	Unicorn-56726.exe
2524	Unicorn-33696.exe
2524	Unicorn-33696.exe
1728	Unicorn-57386.exe
1728	Unicorn-57386.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2996	Unicorn-20481.exe
2540	Unicorn-56726.exe
2540	Unicorn-56726.exe
2996	Unicorn-20481.exe
2768	Unicorn-2691.exe
2768	Unicorn-2691.exe
2524	Unicorn-33696.exe
2524	Unicorn-33696.exe
2544	Unicorn-9307.exe
2544	Unicorn-9307.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1568	WerFault.exe
1668	WerFault.exe
2692	Unicorn-4636.exe
2692	Unicorn-4636.exe
2420	Unicorn-12332.exe
2420	Unicorn-12332.exe
2996	Unicorn-20481.exe
2812	Unicorn-53674.exe
2996	Unicorn-20481.exe
2812	Unicorn-53674.exe
1596	Unicorn-18650.exe
1596	Unicorn-18650.exe
2768	Unicorn-2691.exe
2768	Unicorn-2691.exe
1696	Unicorn-20727.exe
1696	Unicorn-20727.exe
2544	Unicorn-9307.exe
2544	Unicorn-9307.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
2900	Unicorn-3585.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2588	1096	WerFault.exe	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
2916	1728	WerFault.exe	Unicorn-57386.exe
1568	2540	WerFault.exe	Unicorn-56726.exe
1668	2524	WerFault.exe	Unicorn-33696.exe
1612	2768	WerFault.exe	Unicorn-2691.exe
452	2544	WerFault.exe	Unicorn-9307.exe
876	2692	WerFault.exe	Unicorn-4636.exe
2620	2420	WerFault.exe	Unicorn-12332.exe
1656	2812	WerFault.exe	Unicorn-53674.exe
3060	1596	WerFault.exe	Unicorn-18650.exe
2904	1696	WerFault.exe	Unicorn-20727.exe
1604	2900	WerFault.exe	Unicorn-3585.exe
2852	1156	WerFault.exe	Unicorn-49190.exe
1820	1312	WerFault.exe	Unicorn-37545.exe
1864	2280	WerFault.exe	Unicorn-29324.exe
2628	640	WerFault.exe	Unicorn-15147.exe
960	2304	WerFault.exe	Unicorn-62895.exe
1360	576	WerFault.exe	Unicorn-46185.exe
1532	2844	WerFault.exe	Unicorn-43029.exe
2056	3024	WerFault.exe	Unicorn-10416.exe
2796	1752	WerFault.exe	Unicorn-43150.exe
2104	2144	WerFault.exe	Unicorn-35570.exe
2640	1028	WerFault.exe	Unicorn-57360.exe
2960	912	WerFault.exe	Unicorn-1916.exe
2752	2028	WerFault.exe	Unicorn-62617.exe
2652	1600	WerFault.exe	Unicorn-51968.exe
2308	1196	WerFault.exe	Unicorn-12793.exe
1980	2976	WerFault.exe	Unicorn-17013.exe
1296	1768	WerFault.exe	Unicorn-17013.exe
1564	2232	WerFault.exe	Unicorn-62617.exe
1780	1724	WerFault.exe	Unicorn-61360.exe
1268	2368	WerFault.exe	Unicorn-21013.exe
2244	1704	WerFault.exe	Unicorn-20389.exe
3412	2428	WerFault.exe	Unicorn-6179.exe
3436	2936	WerFault.exe	Unicorn-29833.exe
3472	304	WerFault.exe	Unicorn-23916.exe
3488	2764	WerFault.exe	Unicorn-52998.exe
3524	2776	WerFault.exe	Unicorn-35680.exe
3536	2480	WerFault.exe	Unicorn-57572.exe
3576	2704	WerFault.exe	Unicorn-55546.exe
3604	1940	WerFault.exe	Unicorn-52998.exe
3728	1960	WerFault.exe	Unicorn-56719.exe
3736	760	WerFault.exe	Unicorn-19968.exe
3768	1976	WerFault.exe	Unicorn-102.exe
3776	2592	WerFault.exe	Unicorn-8724.exe
3832	2836	WerFault.exe	Unicorn-15200.exe
3852	1352	WerFault.exe	Unicorn-16288.exe
3860	1648	WerFault.exe	Unicorn-11819.exe
3884	2092	WerFault.exe	Unicorn-38248.exe
3916	1232	WerFault.exe	Unicorn-14315.exe
3908	1748	WerFault.exe	Unicorn-16392.exe
3948	2864	WerFault.exe	Unicorn-25608.exe
3964	2172	WerFault.exe	Unicorn-14787.exe
4040	2820	WerFault.exe	Unicorn-1555.exe
4072	2956	WerFault.exe	Unicorn-29437.exe
3320	2408	WerFault.exe	Unicorn-23916.exe
3388	2748	WerFault.exe	Unicorn-52375.exe
3468	2608	WerFault.exe	Unicorn-52998.exe
3408	2064	WerFault.exe	Unicorn-52375.exe
3792	2700	WerFault.exe	Unicorn-6127.exe
4056	2200	WerFault.exe	Unicorn-33133.exe
3264	1488	WerFault.exe	Unicorn-1689.exe
3340	1700	WerFault.exe	Unicorn-1503.exe
4016	1164	WerFault.exe	Unicorn-44325.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exeUnicorn-57386.exeUnicorn-56726.exeUnicorn-33696.exeUnicorn-20481.exeUnicorn-2691.exeUnicorn-9307.exeUnicorn-4636.exeUnicorn-12332.exeUnicorn-18650.exeUnicorn-53674.exeUnicorn-20727.exeUnicorn-3585.exeUnicorn-15147.exeUnicorn-62895.exeUnicorn-29324.exeUnicorn-49190.exeUnicorn-37545.exeUnicorn-43029.exeUnicorn-46185.exeUnicorn-10416.exeUnicorn-43150.exeUnicorn-35570.exeUnicorn-51968.exeUnicorn-57360.exeUnicorn-17013.exeUnicorn-1916.exeUnicorn-17013.exeUnicorn-12793.exeUnicorn-62617.exeUnicorn-62617.exeUnicorn-20389.exeUnicorn-21013.exeUnicorn-15200.exeUnicorn-8724.exeUnicorn-57572.exeUnicorn-6179.exeUnicorn-32608.exeUnicorn-29833.exeUnicorn-52998.exeUnicorn-52998.exeUnicorn-52998.exeUnicorn-35680.exeUnicorn-55546.exeUnicorn-102.exeUnicorn-19968.exeUnicorn-56719.exeUnicorn-23916.exeUnicorn-23916.exeUnicorn-64154.exeUnicorn-542.exeUnicorn-14787.exeUnicorn-47361.exeUnicorn-1689.exeUnicorn-11819.exeUnicorn-16288.exeUnicorn-38248.exeUnicorn-25608.exeUnicorn-16392.exeUnicorn-14315.exeUnicorn-1555.exeUnicorn-29437.exeUnicorn-52375.exeUnicorn-52375.exe

pid	process
1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
1728	Unicorn-57386.exe
2540	Unicorn-56726.exe
2524	Unicorn-33696.exe
2996	Unicorn-20481.exe
2768	Unicorn-2691.exe
2544	Unicorn-9307.exe
2692	Unicorn-4636.exe
2420	Unicorn-12332.exe
1596	Unicorn-18650.exe
2812	Unicorn-53674.exe
1696	Unicorn-20727.exe
2900	Unicorn-3585.exe
640	Unicorn-15147.exe
2304	Unicorn-62895.exe
2280	Unicorn-29324.exe
1156	Unicorn-49190.exe
1312	Unicorn-37545.exe
2844	Unicorn-43029.exe
576	Unicorn-46185.exe
3024	Unicorn-10416.exe
1752	Unicorn-43150.exe
2144	Unicorn-35570.exe
1600	Unicorn-51968.exe
1028	Unicorn-57360.exe
2976	Unicorn-17013.exe
912	Unicorn-1916.exe
1768	Unicorn-17013.exe
1196	Unicorn-12793.exe
2232	Unicorn-62617.exe
2028	Unicorn-62617.exe
1704	Unicorn-20389.exe
2368	Unicorn-21013.exe
2836	Unicorn-15200.exe
2592	Unicorn-8724.exe
2480	Unicorn-57572.exe
2428	Unicorn-6179.exe
2596	Unicorn-32608.exe
2936	Unicorn-29833.exe
2608	Unicorn-52998.exe
2764	Unicorn-52998.exe
1940	Unicorn-52998.exe
2776	Unicorn-35680.exe
2704	Unicorn-55546.exe
1976	Unicorn-102.exe
760	Unicorn-19968.exe
1960	Unicorn-56719.exe
304	Unicorn-23916.exe
2408	Unicorn-23916.exe
1428	Unicorn-64154.exe
2128	Unicorn-542.exe
2172	Unicorn-14787.exe
2804	Unicorn-47361.exe
1488	Unicorn-1689.exe
1648	Unicorn-11819.exe
1352	Unicorn-16288.exe
2092	Unicorn-38248.exe
2864	Unicorn-25608.exe
1748	Unicorn-16392.exe
1232	Unicorn-14315.exe
2820	Unicorn-1555.exe
2956	Unicorn-29437.exe
2064	Unicorn-52375.exe
2748	Unicorn-52375.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exeUnicorn-57386.exeUnicorn-56726.exeUnicorn-33696.exeUnicorn-20481.exeUnicorn-2691.exeUnicorn-9307.exeUnicorn-4636.exe

description	pid	process	target process
PID 1096 wrote to memory of 1728	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-57386.exe
PID 1096 wrote to memory of 1728	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-57386.exe
PID 1096 wrote to memory of 1728	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-57386.exe
PID 1096 wrote to memory of 1728	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-57386.exe
PID 1096 wrote to memory of 2540	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-56726.exe
PID 1096 wrote to memory of 2540	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-56726.exe
PID 1096 wrote to memory of 2540	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-56726.exe
PID 1096 wrote to memory of 2540	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	Unicorn-56726.exe
PID 1728 wrote to memory of 2524	1728	Unicorn-57386.exe	Unicorn-33696.exe
PID 1728 wrote to memory of 2524	1728	Unicorn-57386.exe	Unicorn-33696.exe
PID 1728 wrote to memory of 2524	1728	Unicorn-57386.exe	Unicorn-33696.exe
PID 1728 wrote to memory of 2524	1728	Unicorn-57386.exe	Unicorn-33696.exe
PID 1096 wrote to memory of 2588	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	WerFault.exe
PID 1096 wrote to memory of 2588	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	WerFault.exe
PID 1096 wrote to memory of 2588	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	WerFault.exe
PID 1096 wrote to memory of 2588	1096	90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe	WerFault.exe
PID 2540 wrote to memory of 2996	2540	Unicorn-56726.exe	Unicorn-20481.exe
PID 2540 wrote to memory of 2996	2540	Unicorn-56726.exe	Unicorn-20481.exe
PID 2540 wrote to memory of 2996	2540	Unicorn-56726.exe	Unicorn-20481.exe
PID 2540 wrote to memory of 2996	2540	Unicorn-56726.exe	Unicorn-20481.exe
PID 2524 wrote to memory of 2768	2524	Unicorn-33696.exe	Unicorn-2691.exe
PID 2524 wrote to memory of 2768	2524	Unicorn-33696.exe	Unicorn-2691.exe
PID 2524 wrote to memory of 2768	2524	Unicorn-33696.exe	Unicorn-2691.exe
PID 2524 wrote to memory of 2768	2524	Unicorn-33696.exe	Unicorn-2691.exe
PID 1728 wrote to memory of 2544	1728	Unicorn-57386.exe	Unicorn-9307.exe
PID 1728 wrote to memory of 2544	1728	Unicorn-57386.exe	Unicorn-9307.exe
PID 1728 wrote to memory of 2544	1728	Unicorn-57386.exe	Unicorn-9307.exe
PID 1728 wrote to memory of 2544	1728	Unicorn-57386.exe	Unicorn-9307.exe
PID 1728 wrote to memory of 2916	1728	Unicorn-57386.exe	WerFault.exe
PID 1728 wrote to memory of 2916	1728	Unicorn-57386.exe	WerFault.exe
PID 1728 wrote to memory of 2916	1728	Unicorn-57386.exe	WerFault.exe
PID 1728 wrote to memory of 2916	1728	Unicorn-57386.exe	WerFault.exe
PID 2540 wrote to memory of 2692	2540	Unicorn-56726.exe	Unicorn-4636.exe
PID 2540 wrote to memory of 2692	2540	Unicorn-56726.exe	Unicorn-4636.exe
PID 2540 wrote to memory of 2692	2540	Unicorn-56726.exe	Unicorn-4636.exe
PID 2540 wrote to memory of 2692	2540	Unicorn-56726.exe	Unicorn-4636.exe
PID 2996 wrote to memory of 2420	2996	Unicorn-20481.exe	Unicorn-12332.exe
PID 2996 wrote to memory of 2420	2996	Unicorn-20481.exe	Unicorn-12332.exe
PID 2996 wrote to memory of 2420	2996	Unicorn-20481.exe	Unicorn-12332.exe
PID 2996 wrote to memory of 2420	2996	Unicorn-20481.exe	Unicorn-12332.exe
PID 2768 wrote to memory of 2812	2768	Unicorn-2691.exe	Unicorn-53674.exe
PID 2768 wrote to memory of 2812	2768	Unicorn-2691.exe	Unicorn-53674.exe
PID 2768 wrote to memory of 2812	2768	Unicorn-2691.exe	Unicorn-53674.exe
PID 2768 wrote to memory of 2812	2768	Unicorn-2691.exe	Unicorn-53674.exe
PID 2524 wrote to memory of 1596	2524	Unicorn-33696.exe	Unicorn-18650.exe
PID 2524 wrote to memory of 1596	2524	Unicorn-33696.exe	Unicorn-18650.exe
PID 2524 wrote to memory of 1596	2524	Unicorn-33696.exe	Unicorn-18650.exe
PID 2524 wrote to memory of 1596	2524	Unicorn-33696.exe	Unicorn-18650.exe
PID 2544 wrote to memory of 1696	2544	Unicorn-9307.exe	Unicorn-20727.exe
PID 2544 wrote to memory of 1696	2544	Unicorn-9307.exe	Unicorn-20727.exe
PID 2544 wrote to memory of 1696	2544	Unicorn-9307.exe	Unicorn-20727.exe
PID 2544 wrote to memory of 1696	2544	Unicorn-9307.exe	Unicorn-20727.exe
PID 2540 wrote to memory of 1568	2540	Unicorn-56726.exe	WerFault.exe
PID 2540 wrote to memory of 1568	2540	Unicorn-56726.exe	WerFault.exe
PID 2540 wrote to memory of 1568	2540	Unicorn-56726.exe	WerFault.exe
PID 2540 wrote to memory of 1568	2540	Unicorn-56726.exe	WerFault.exe
PID 2524 wrote to memory of 1668	2524	Unicorn-33696.exe	WerFault.exe
PID 2524 wrote to memory of 1668	2524	Unicorn-33696.exe	WerFault.exe
PID 2524 wrote to memory of 1668	2524	Unicorn-33696.exe	WerFault.exe
PID 2524 wrote to memory of 1668	2524	Unicorn-33696.exe	WerFault.exe
PID 2692 wrote to memory of 2900	2692	Unicorn-4636.exe	Unicorn-3585.exe
PID 2692 wrote to memory of 2900	2692	Unicorn-4636.exe	Unicorn-3585.exe
PID 2692 wrote to memory of 2900	2692	Unicorn-4636.exe	Unicorn-3585.exe
PID 2692 wrote to memory of 2900	2692	Unicorn-4636.exe	Unicorn-3585.exe

C:\Users\Admin\AppData\Local\Temp\90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe
"C:\Users\Admin\AppData\Local\Temp\90d219105ed46dd2e65628f5de283cbda874d647d2cee4ef00db755248cb2937.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
10⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
11⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
12⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
13⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-48304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48304.exe
14⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
15⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
15⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 236
14⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
13⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
12⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
11⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
10⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
9⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
10⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
11⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
12⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
13⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
14⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
14⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
13⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
12⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
11⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
10⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
9⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
10⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
11⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
12⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
13⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
14⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 220
14⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
13⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
12⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
11⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
10⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
9⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
8⤵
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
9⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
11⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
12⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
13⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
14⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
14⤵
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
13⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 236
12⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
9⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
8⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
10⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
11⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
12⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
13⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
8⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
7⤵
- Program crash
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
9⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
11⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
12⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
13⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
14⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 236
14⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
13⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 236
12⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
11⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
10⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
8⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
11⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
12⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
12⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 220
11⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
9⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 220
8⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
7⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
8⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
11⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
12⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
13⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 216
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
10⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
8⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
7⤵
- Program crash
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
6⤵
- Program crash
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
8⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
11⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
12⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
13⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
13⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
8⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
8⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
11⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
12⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
13⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
13⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
12⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 216
9⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
7⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
8⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
11⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
12⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
13⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
13⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
12⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
11⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
9⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
8⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
7⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
10⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
8⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
7⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
6⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
8⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
9⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
12⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
13⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
14⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
14⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 220
13⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
12⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
11⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
10⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
10⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
11⤵
PID:8028

C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
12⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
13⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
13⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
11⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
8⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
11⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-48304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48304.exe
12⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
13⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
13⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 220
12⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 220
11⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
8⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
7⤵
- Program crash
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
7⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
11⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
12⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
13⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 220
12⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
10⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
11⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
12⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
11⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
7⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
10⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
11⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 220
10⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 216
8⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
6⤵
- Program crash
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
5⤵
- Program crash
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
8⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
11⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
12⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
12⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
13⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 236
13⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 212
12⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 220
11⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
9⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
8⤵
- Program crash
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
7⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
9⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
11⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
12⤵
PID:11592

C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
13⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 236
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
7⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
6⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
10⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
11⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
12⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 236
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
10⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
8⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
7⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
8⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
9⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
11⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 220
10⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
8⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
7⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
7⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
9⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
12⤵
PID:11448

C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
13⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
10⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
8⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
7⤵
- Program crash
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
6⤵
- Program crash
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
5⤵
- Program crash
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
7⤵
- Executes dropped EXE
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
8⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
11⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
12⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
13⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
12⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
9⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
7⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
11⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 240
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
11⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 216
8⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
7⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
6⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
10⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
11⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-16882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16882.exe
12⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
12⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 220
11⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
7⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
6⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
6⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
7⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-21910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21910.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
11⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
12⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
11⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
8⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
7⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
6⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
7⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
8⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
9⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
10⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
11⤵
PID:12020

C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
12⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 220
11⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
10⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
9⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
8⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 216
7⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
6⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
5⤵
- Program crash
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
9⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
10⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
11⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
12⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
13⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
14⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 220
14⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 220
13⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 220
12⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
11⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
10⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
9⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
8⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
12⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
13⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 236
13⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
12⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
11⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
9⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
8⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
8⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
10⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
11⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
- Program crash
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-35797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35797.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
10⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
11⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
12⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
12⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
11⤵
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 236
10⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
7⤵
- Program crash
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
6⤵
- Program crash
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
7⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
11⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
12⤵
PID:9704

C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
13⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
13⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
12⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
10⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
9⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
8⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
7⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-8812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8812.exe
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
11⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
12⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
11⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
8⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
7⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
6⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
7⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
7⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
9⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
10⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
11⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 236
11⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
10⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
9⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
8⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
7⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 220
6⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
5⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
8⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
11⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
12⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
13⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
13⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
8⤵
- Program crash
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
7⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
10⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
11⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
11⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
10⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
7⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
7⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
10⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
11⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
12⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
7⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
6⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
5⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-3585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3585.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-61360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61360.exe
6⤵
- Executes dropped EXE
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-44325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44325.exe
8⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
9⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
10⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
11⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
12⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
13⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
14⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 220
14⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 220
13⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
12⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
11⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
10⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 236
9⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
10⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
11⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 236
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
11⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
10⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
7⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
11⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-21946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21946.exe
12⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
13⤵
PID:11828

C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
14⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 216
13⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 220
11⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
8⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
7⤵
- Program crash
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
7⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
7⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
9⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
10⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
11⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
10⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
9⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
8⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
7⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
6⤵
- Program crash
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
7⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
11⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
12⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 200
13⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 236
11⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
10⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
11⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 220
12⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
11⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 220
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 220
7⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
6⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
7⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
8⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
10⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
11⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
12⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
9⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
8⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
7⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
6⤵
- Program crash
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
5⤵
- Program crash
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
7⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
12⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
13⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
12⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
11⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
10⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
11⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 220
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
10⤵
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
8⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
6⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
9⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
11⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
12⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
10⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
8⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
7⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
6⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
11⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
12⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
7⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
6⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
7⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
8⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
9⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
10⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 236
11⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
10⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
9⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
8⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
7⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
6⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
5⤵
- Program crash
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
4⤵
- Program crash
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
2⤵
- Program crash
PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe

Filesize
184KB

MD5
da79551ed3370734b0280709028cf981

SHA1
c19cdd61000de44523296039b23b737c747189ad

SHA256
886fa64084616c3fcdc1d358c593dfd1645617c96f12f703693420c298d23223

SHA512
a1588d570670e174008723f12e3c09429eb3c33324674d17511c881ac7a1bee1f067345f3a37b05bb52a8eb9238c352e2073a157d5f46ea9d905c8c339eeeaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe

Filesize
184KB

MD5
997215722f6d7a36812492e101603cf5

SHA1
48263bafbdc8430d636ae6f954a138898d3de5bc

SHA256
65c91ded623f826bc4729909b6a8100628ca4f972b2b375d217e5aa6f53cb3a5

SHA512
f65bd43133a0c66e0741ff6be0a88026a8cd7b895aacf9eb5ddd9b216f2e5e72bd7c273450c7ab4cd35b90b485d85578bf6dfd88bf638ccc842144686c811bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe

Filesize
184KB

MD5
b4ebce0022c39c704d7e77eb8a924778

SHA1
5dd3a3043e819ffd0c7eab22d045e2c6352b3930

SHA256
ec47146bff8ec1fc2eedabd8c7521fe82fed0f1a4eb0a457b14418c7e2a26166

SHA512
fa8d769b368800a69100fad9b339daa7248975f77e8d13c1d73bedec16b9d5cc778102b66018d56b1b32bf785a8fdddba4aaf9eb24e65e90db921220e9a4b854

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe

Filesize
184KB

MD5
00670178261a6b7aeac0e0f5263c8589

SHA1
ce6dd190ec6960b02700106441094469c489f5cb

SHA256
e6282600508d2e4c1a127cd7d87c716d52c85c2d2131b7c07f49dcd58be2d2cc

SHA512
e4edaac258f7a0b144c551f0561d36de4c741c8c8eae161cd60c6956f86d064f977e9135b10198053b13bee76bc092167e2f8789b850bbae366a091526c5d59c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe

Filesize
184KB

MD5
a09ac6c5994987ea8d723c8e944c10d2

SHA1
893cbf353cf9a8536168ed29831d2f8a2e5325f4

SHA256
493d0f40bb14f094a228b7e91c3a69e883438dc3fb35b55db1692be541974d12

SHA512
5ae68b55c3b43245942cd4c645b7004e9f4a7b5c413812e04808c66d32b8df581683d1d63130f710bafd3c3803656c1ac5a13a20c1926fd540b120884700616f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe

Filesize
184KB

MD5
f68b009ea1dc3d10f0338b61a458ac37

SHA1
9a6b34e602df457b33d4be46da26b1ef04ee7e6f

SHA256
007402d203c37535666a082429d9f7b93d19c0c25d4e90d44869d849d7f6cb56

SHA512
1b4259b9c216a32bd0effebb88297045311bfe1bf51ba3e0a85b1a216b6c59fea585c5116b08ab724f55d2ee9631e96043e638f497d96a9c6b0afe5ec76a9a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe

Filesize
184KB

MD5
53b34284fb354ae7a1a92723c40d8146

SHA1
fa238e361c22edc05fdd663dfe3c8da4840ad78d

SHA256
f0edec3a68300c5635c676061be94a665643c573943c4e90659721aadcccf07b

SHA512
a0c38feb1ededb1cdbde5c4f4fa6b86c9cbefc383faa481c9ec9aff81831508b4df3dee63dbdb247f378827072d5122c4e8d176bb72611b1fc42ed86659a2046

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe

Filesize
184KB

MD5
432cca748d1a896eabad923df65f9856

SHA1
07c60d576e6c89babde02b7e81bbec1287ad4058

SHA256
cb5b3066eada74eda51103ae0e1101fd3a8cfa37aa684e7f6d6f8d1809d7d564

SHA512
ad4ce4a76b81ef978ae716a7bb2860c77e7ce7e3dae270ea559d74d1dd7cfc30f6cfd9fd4a736ea4bafe39b734440a3bd32ba84f9f00bf9899da870b8342f2aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe

Filesize
184KB

MD5
897e95830692027ad92a086897de7043

SHA1
0af8807a9b13734d5fb5aaa489c9d35f5f834056

SHA256
d0622ca24c4e0f6e863c124a17d6294f16e10553d5d82724a3f61d62c9ce6097

SHA512
26de6ce7edba21333438d667e08816c6860677c835dd8892283c417a40c7c1909c97766f0343da1460b5fdb9806100b475c35221ec527873654ca82b56de246b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe

Filesize
184KB

MD5
744a2b4fb88de238622b24db97372cb1

SHA1
9eed497bab18224deaf869ef767c22b4a638cd0e

SHA256
b841d164d89ab06e61c5c27fea7afd51519d7f0e91f4e7daa9187d7517ff3205

SHA512
36836f0f30e9952047e5674ec30308afd7cd5e52ceb6bfcf877a73ae35e78fd2d3e5f7eee2eab7fd53c4be1d082ab8cc274097bacb3abef221437d6e9f1fff72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe

Filesize
184KB

MD5
1f607e960c8ca72ce719152388f9f9a5

SHA1
8094ffe8742b936aa143f962984ffca613f3beb8

SHA256
46d2fd5573745b5837724526c4c0b2586ee4950b2bba2747b6cc96deeba05946

SHA512
b97ae42767aa4a69a37bda05f1b44b6e005e7b296e6354cae968222c211e5ac16135bba3de94413d028efda49493f368f6370ae28c5d1ccbf8e0c50a567c4e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe

Filesize
184KB

MD5
fecb583326d6354fd97479c7bddaa2e6

SHA1
e2540e5f025300d2a64de0be3d6a933ff875051a

SHA256
2974a166c268fdcb8bbe2f4dd8f21d112fbf98710b6e15772f37dc1c6238d1eb

SHA512
26bf43ef38c0f0cd043796ac3a62da4eade42fdcf8e13489f2399ca9e7a9acc9c711a7b352f75c6aac621e654ffbc5aa2707966b1792a1a9aa0037c4826d84ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe

Filesize
184KB

MD5
4fdce52ae8b9cf4babf58071fdd409e4

SHA1
276cbfd609e1bb6bd55f5e80a678149d293713f2

SHA256
c2474c129c48e90a45afa9e3d8f562bc8dc9aee89997a12280dff6598f1dbf92

SHA512
ae1c7db77fab4be195782964926b9e4bd47da9bb54a23acbb3fa7279a47b08c48d9457fd772f12205dbebde7220381b59040379b80ca2214827a840bcad3f140

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe

Filesize
184KB

MD5
31ea3de167f3c00367d2fc713ee28f80

SHA1
e295d2c7b89f57ff0c00e0bfb5345683d9326cd4

SHA256
d617f23d50e19f8b8c75f746dfd7b72e637272ac9a4e653d091cb078d12258d2

SHA512
2f2fca78f948be4b62083a00bdaf280b08e1656da8af74a0f0a8f7a11b8ed2261b63af63171e03ade076b4e641904964b56e7f060693f3acb059f99c7a4c6b49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe

Filesize
184KB

MD5
746ea3ab756cbe06667e5473a5c7dc9c

SHA1
540f3269aba1504740a4a92a283450c546d44b5c

SHA256
e5d710487ba3d685c9226596d5a3c6a8ce90e16988fd75328ed13c209b557f75

SHA512
f258986384ba5496d1494614933ada6068e26fbf46ba938f1adfe425be47b235f24228ba5d10efded61689cc6f643bd9829ec02d755f32cea5c1cbfa1c852c73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe

Filesize
184KB

MD5
50caf26c75f7eac994d9163902131b3a

SHA1
1a869ca7920a63cfa2f75d927d3cf9de537ff2eb

SHA256
efe220587489bc4f660e72dd241dea91f0b41fb3dfb84dc50bede7d21b6cf676

SHA512
965f7a92933494560ba9e2294233db3457b5bbb5ba1bd654de6500fb5a8c8515de2151598bbf82b6a983846c500b379ff1d077abefbf6e78cfe3da8a8481440d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe

Filesize
184KB

MD5
a4b1fd942dbb57b619daf970a1f7abd4

SHA1
383efc527812ce9a0d98439e3e4dd5c193e7ef36

SHA256
6de46ed5b9facd56fb55ccb080b1306f46644fe6330f00413b69963875d6fbc2

SHA512
8d944333d7ce4168b522d7d8492b1b230236bb72ac691105ea4a988aafb6df5ed7b040f2a19f283bf360c78c204beaee4fcb21e12259ed40412071724c8700c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe

Filesize
184KB

MD5
440e8aded3c9b398190a0edee4d3b3bb

SHA1
aebb337b7898c78155da46369ababd1124a9539b

SHA256
df37aca93ca61aa9a6f4f8363953377ff3a70cb7c7d656e9251fbd6aafa07db1

SHA512
d01d90eb099eb9e5ef77536cca87c86df11a1a5c0310ffcd2ba64c1bed39d5bf4610484b2a7771929f49478f04273463b866d1c5cf72cb4b20a485f12e09a616

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe

Filesize
184KB

MD5
e71f36dc603c6d7d7ae980b942eeca4b

SHA1
ca068b90a876444fc009f547e133e87a7e41b20b

SHA256
78561081321a139a8dc6fd3c1dc74b6861867336d290ee34e1b44dd297c48473

SHA512
31a62869d71cc219f48ab3f2b85996089e7bb0d743685e3c408d10079324dd9eb744c17169aac4e9a330e058848266196d11aa6991dfb4f6aae8444cce27d533

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3585.exe

Filesize
184KB

MD5
c24427c9299a5331f690d275d463f56e

SHA1
cc423e3fb55300802dac113981fc909bf949f36b

SHA256
619805440937854be1b3d9e7d0394acd1a8c8928911032a7f46875c076ae2f7c

SHA512
2b496e418945c99388039a3214a180276b328c9eaf5b04cdc3a3e4a30c203d4b5646d8be6209dbea6414716826b656f60c69f673cb5000959349c87ba1e50395

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe

Filesize
184KB

MD5
3414a989f96541f8c5fedf7b2cc96f29

SHA1
d4ecddb9155ceff0de24b2e3cb0e8226f8d4df95

SHA256
f9c6e8748b079dce120e72aa7c1b1b770b683cdc34fd5d262696a66517e28bce

SHA512
8e5c47faac2d9cd9b96909c33d06fb604b82c59da3847f235d24a6fd0a1fc569d292ec569a4803bfc07844b314f46f9c5c0b68f6c22694ba2749f60499b06ef7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe

Filesize
184KB

MD5
3628b162eb2669bbeb48facd599ae1c9

SHA1
7b986d01ccd87137e1c80dcf38c0a7a4ece5e106

SHA256
525c9de0d7abf59087850bad3c7264754192e97531ccb3649e33c0caf8cf1f9f

SHA512
861fe6dc597ec6754387b71f1c80baab429f674a79a6cf20afbec07b12e0d6fd72751dc1b140ceea31fadea6e6c048efa1d5ef5556839133bd4349a55d8fa67e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe

Filesize
184KB

MD5
340a7acf4357deade03a30c380bb4e7e

SHA1
d161c90c60a6aa367b87f03f4fe0004eb8c161ef

SHA256
6ea3174e0f76393b9ec483994e30ab6b421837a5bb4aef41f8967a578c93e532

SHA512
e60609c869b38b5cac991721afa125d645ac20356c9fd828bd8e3d9b78d50eee44649c40450fe838b73014371bb04071a635e365edf912926c9eee239b0c931c

Download Submit