92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
Size

184KB
MD5

2a94b6a2ef7ba4260de026283a230cd1
SHA1

ce1313bb74678cbf1f9075b2a6e86fc29ba171d9
SHA256

92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb
SHA512

6e308b302a7621eb3e8e1b2b23660b97913f62c13dcf715e283d002eef128ba33afd11f4b3ae70ca827d3557527fe59e3c650a00233c6e7a51dffb156b6a08e7
SSDEEP

3072:5xH+U8CqZbg4dFtWWUSfHW9TVlnViFtn3:5xiCZkFt9f29TVlnViFt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-51660.exeUnicorn-15351.exeUnicorn-35217.exeUnicorn-9243.exeUnicorn-9243.exeUnicorn-11251.exeUnicorn-21804.exeUnicorn-40064.exeUnicorn-54310.exeUnicorn-54310.exeUnicorn-58259.exeUnicorn-7511.exeUnicorn-11460.exeUnicorn-31326.exeUnicorn-11756.exeUnicorn-49883.exeUnicorn-64356.exeUnicorn-44491.exeUnicorn-41442.exeUnicorn-20368.exeUnicorn-63263.exeUnicorn-43397.exeUnicorn-43397.exeUnicorn-274.exeUnicorn-4223.exeUnicorn-41110.exeUnicorn-18277.exeUnicorn-5531.exeUnicorn-51203.exeUnicorn-33678.exeUnicorn-30065.exeUnicorn-51610.exeUnicorn-51610.exeUnicorn-48522.exeUnicorn-12959.exeUnicorn-9347.exeUnicorn-42918.exeUnicorn-59171.exeUnicorn-59695.exeUnicorn-25600.exeUnicorn-16032.exeUnicorn-12419.exeUnicorn-32285.exeUnicorn-45990.exeUnicorn-26124.exeUnicorn-42377.exeUnicorn-54095.exeUnicorn-8895.exeUnicorn-64188.exeUnicorn-57167.exeUnicorn-49471.exeUnicorn-1723.exeUnicorn-21589.exeUnicorn-203.exeUnicorn-33234.exeUnicorn-49352.exeUnicorn-36711.exeUnicorn-63073.exeUnicorn-57925.exeUnicorn-48356.exeUnicorn-58449.exeUnicorn-30567.exeUnicorn-22870.exeUnicorn-60525.exe

pid	process
1940	Unicorn-51660.exe
3008	Unicorn-15351.exe
3016	Unicorn-35217.exe
2860	Unicorn-9243.exe
2688	Unicorn-9243.exe
3024	Unicorn-11251.exe
2556	Unicorn-21804.exe
1676	Unicorn-40064.exe
3040	Unicorn-54310.exe
2720	Unicorn-54310.exe
2040	Unicorn-58259.exe
1408	Unicorn-7511.exe
1088	Unicorn-11460.exe
764	Unicorn-31326.exe
1736	Unicorn-11756.exe
2228	Unicorn-49883.exe
2272	Unicorn-64356.exe
684	Unicorn-44491.exe
2400	Unicorn-41442.exe
2396	Unicorn-20368.exe
2880	Unicorn-63263.exe
1980	Unicorn-43397.exe
2868	Unicorn-43397.exe
2028	Unicorn-274.exe
1824	Unicorn-4223.exe
2368	Unicorn-41110.exe
984	Unicorn-18277.exe
1052	Unicorn-5531.exe
1916	Unicorn-51203.exe
1712	Unicorn-33678.exe
1624	Unicorn-30065.exe
3044	Unicorn-51610.exe
2840	Unicorn-51610.exe
2072	Unicorn-48522.exe
3028	Unicorn-12959.exe
2576	Unicorn-9347.exe
2704	Unicorn-42918.exe
2444	Unicorn-59171.exe
3060	Unicorn-59695.exe
2440	Unicorn-25600.exe
2792	Unicorn-16032.exe
2496	Unicorn-12419.exe
1804	Unicorn-32285.exe
2752	Unicorn-45990.exe
2768	Unicorn-26124.exe
2832	Unicorn-42377.exe
1144	Unicorn-54095.exe
392	Unicorn-8895.exe
1544	Unicorn-64188.exe
356	Unicorn-57167.exe
1828	Unicorn-49471.exe
660	Unicorn-1723.exe
1324	Unicorn-21589.exe
3064	Unicorn-203.exe
2928	Unicorn-33234.exe
3052	Unicorn-49352.exe
1900	Unicorn-36711.exe
1592	Unicorn-63073.exe
2544	Unicorn-57925.exe
2588	Unicorn-48356.exe
2728	Unicorn-58449.exe
2872	Unicorn-30567.exe
2492	Unicorn-22870.exe
2604	Unicorn-60525.exe

Loads dropped DLL 64 IoCs

Processes:

92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exeUnicorn-51660.exeUnicorn-15351.exeUnicorn-35217.exeWerFault.exeUnicorn-9243.exeUnicorn-11251.exeUnicorn-9243.exeWerFault.exeWerFault.exeUnicorn-21804.exeUnicorn-40064.exeUnicorn-54310.exeUnicorn-54310.exeUnicorn-58259.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
1940	Unicorn-51660.exe
1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
1940	Unicorn-51660.exe
3008	Unicorn-15351.exe
3016	Unicorn-35217.exe
3008	Unicorn-15351.exe
1940	Unicorn-51660.exe
3016	Unicorn-35217.exe
1940	Unicorn-51660.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2860	Unicorn-9243.exe
2860	Unicorn-9243.exe
3008	Unicorn-15351.exe
3008	Unicorn-15351.exe
3024	Unicorn-11251.exe
2688	Unicorn-9243.exe
3024	Unicorn-11251.exe
2688	Unicorn-9243.exe
3016	Unicorn-35217.exe
3016	Unicorn-35217.exe
2160	WerFault.exe
2740	WerFault.exe
2160	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2740	WerFault.exe
2160	WerFault.exe
2740	WerFault.exe
2556	Unicorn-21804.exe
2556	Unicorn-21804.exe
2860	Unicorn-9243.exe
1676	Unicorn-40064.exe
2860	Unicorn-9243.exe
1676	Unicorn-40064.exe
2720	Unicorn-54310.exe
2720	Unicorn-54310.exe
3040	Unicorn-54310.exe
2040	Unicorn-58259.exe
3040	Unicorn-54310.exe
2040	Unicorn-58259.exe
3024	Unicorn-11251.exe
3024	Unicorn-11251.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2564	1908	WerFault.exe	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
2652	1940	WerFault.exe	Unicorn-51660.exe
2740	3008	WerFault.exe	Unicorn-15351.exe
2160	3016	WerFault.exe	Unicorn-35217.exe
1648	2860	WerFault.exe	Unicorn-9243.exe
112	2688	WerFault.exe	Unicorn-9243.exe
572	3024	WerFault.exe	Unicorn-11251.exe
1760	2556	WerFault.exe	Unicorn-21804.exe
900	1676	WerFault.exe	Unicorn-40064.exe
2908	2720	WerFault.exe	Unicorn-54310.exe
2912	3040	WerFault.exe	Unicorn-54310.exe
1608	2040	WerFault.exe	Unicorn-58259.exe
1524	2028	WerFault.exe	Unicorn-274.exe
1584	1088	WerFault.exe	Unicorn-11460.exe
944	764	WerFault.exe	Unicorn-31326.exe
1880	1408	WerFault.exe	Unicorn-7511.exe
2716	1736	WerFault.exe	Unicorn-11756.exe
1864	684	WerFault.exe	Unicorn-44491.exe
588	2272	WerFault.exe	Unicorn-64356.exe
1972	2228	WerFault.exe	Unicorn-49883.exe
1876	2400	WerFault.exe	Unicorn-41442.exe
624	2396	WerFault.exe	Unicorn-20368.exe
1048	1980	WerFault.exe	Unicorn-43397.exe
1400	2880	WerFault.exe	Unicorn-63263.exe
1548	2868	WerFault.exe	Unicorn-43397.exe
980	1824	WerFault.exe	Unicorn-4223.exe
960	984	WerFault.exe	Unicorn-18277.exe
108	2368	WerFault.exe	Unicorn-41110.exe
2968	1916	WerFault.exe	Unicorn-51203.exe
1580	1052	WerFault.exe	Unicorn-5531.exe
2836	2828	WerFault.exe	Unicorn-7157.exe
2712	3064	WerFault.exe	Unicorn-203.exe
1472	1712	WerFault.exe	Unicorn-33678.exe
1772	1624	WerFault.exe	Unicorn-30065.exe
1820	3044	WerFault.exe	Unicorn-51610.exe
2136	2072	WerFault.exe	Unicorn-48522.exe
1096	3028	WerFault.exe	Unicorn-12959.exe
3076	2840	WerFault.exe	Unicorn-51610.exe
3116	2576	WerFault.exe	Unicorn-9347.exe
3148	2444	WerFault.exe	Unicorn-59171.exe
3140	2768	WerFault.exe	Unicorn-26124.exe
3196	3060	WerFault.exe	Unicorn-59695.exe
3188	2752	WerFault.exe	Unicorn-45990.exe
3220	2704	WerFault.exe	Unicorn-42918.exe
3252	1804	WerFault.exe	Unicorn-32285.exe
3268	2496	WerFault.exe	Unicorn-12419.exe
3284	2832	WerFault.exe	Unicorn-42377.exe
3300	2792	WerFault.exe	Unicorn-16032.exe
3312	2440	WerFault.exe	Unicorn-25600.exe
3908	1544	WerFault.exe	Unicorn-64188.exe
3084	2928	WerFault.exe	Unicorn-33234.exe
3436	1828	WerFault.exe	Unicorn-49471.exe
3472	3052	WerFault.exe	Unicorn-49352.exe
3380	2796	WerFault.exe	Unicorn-52043.exe
3636	1324	WerFault.exe	Unicorn-21589.exe
3728	356	WerFault.exe	Unicorn-57167.exe
4016	2728	WerFault.exe	Unicorn-58449.exe
4076	1144	WerFault.exe	Unicorn-54095.exe
3688	2736	WerFault.exe	Unicorn-52829.exe
3784	2588	WerFault.exe	Unicorn-48356.exe
4112	1900	WerFault.exe	Unicorn-36711.exe
4128	2872	WerFault.exe	Unicorn-30567.exe
4144	2492	WerFault.exe	Unicorn-22870.exe
4184	1476	WerFault.exe	Unicorn-24947.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exeUnicorn-51660.exeUnicorn-15351.exeUnicorn-35217.exeUnicorn-9243.exeUnicorn-9243.exeUnicorn-11251.exeUnicorn-21804.exeUnicorn-40064.exeUnicorn-54310.exeUnicorn-54310.exeUnicorn-58259.exeUnicorn-7511.exeUnicorn-31326.exeUnicorn-11460.exeUnicorn-11756.exeUnicorn-49883.exeUnicorn-64356.exeUnicorn-44491.exeUnicorn-41442.exeUnicorn-20368.exeUnicorn-63263.exeUnicorn-43397.exeUnicorn-43397.exeUnicorn-274.exeUnicorn-4223.exeUnicorn-41110.exeUnicorn-18277.exeUnicorn-5531.exeUnicorn-51203.exeUnicorn-33678.exeUnicorn-30065.exeUnicorn-51610.exeUnicorn-51610.exeUnicorn-48522.exeUnicorn-12959.exeUnicorn-9347.exeUnicorn-59171.exeUnicorn-42918.exeUnicorn-59695.exeUnicorn-12419.exeUnicorn-25600.exeUnicorn-16032.exeUnicorn-32285.exeUnicorn-45990.exeUnicorn-26124.exeUnicorn-42377.exeUnicorn-54095.exeUnicorn-8895.exeUnicorn-64188.exeUnicorn-57167.exeUnicorn-49471.exeUnicorn-1723.exeUnicorn-21589.exeUnicorn-203.exeUnicorn-33234.exeUnicorn-49352.exeUnicorn-36711.exeUnicorn-63073.exeUnicorn-57925.exeUnicorn-48356.exeUnicorn-58449.exeUnicorn-30567.exeUnicorn-60525.exe

pid	process
1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
1940	Unicorn-51660.exe
3008	Unicorn-15351.exe
3016	Unicorn-35217.exe
2860	Unicorn-9243.exe
2688	Unicorn-9243.exe
3024	Unicorn-11251.exe
2556	Unicorn-21804.exe
1676	Unicorn-40064.exe
2720	Unicorn-54310.exe
3040	Unicorn-54310.exe
2040	Unicorn-58259.exe
1408	Unicorn-7511.exe
764	Unicorn-31326.exe
1088	Unicorn-11460.exe
1736	Unicorn-11756.exe
2228	Unicorn-49883.exe
2272	Unicorn-64356.exe
684	Unicorn-44491.exe
2400	Unicorn-41442.exe
2396	Unicorn-20368.exe
2880	Unicorn-63263.exe
2868	Unicorn-43397.exe
1980	Unicorn-43397.exe
2028	Unicorn-274.exe
1824	Unicorn-4223.exe
2368	Unicorn-41110.exe
984	Unicorn-18277.exe
1052	Unicorn-5531.exe
1916	Unicorn-51203.exe
1712	Unicorn-33678.exe
1624	Unicorn-30065.exe
3044	Unicorn-51610.exe
2840	Unicorn-51610.exe
2072	Unicorn-48522.exe
3028	Unicorn-12959.exe
2576	Unicorn-9347.exe
2444	Unicorn-59171.exe
2704	Unicorn-42918.exe
3060	Unicorn-59695.exe
2496	Unicorn-12419.exe
2440	Unicorn-25600.exe
2792	Unicorn-16032.exe
1804	Unicorn-32285.exe
2752	Unicorn-45990.exe
2768	Unicorn-26124.exe
2832	Unicorn-42377.exe
1144	Unicorn-54095.exe
392	Unicorn-8895.exe
1544	Unicorn-64188.exe
356	Unicorn-57167.exe
1828	Unicorn-49471.exe
660	Unicorn-1723.exe
1324	Unicorn-21589.exe
3064	Unicorn-203.exe
2928	Unicorn-33234.exe
3052	Unicorn-49352.exe
1900	Unicorn-36711.exe
1592	Unicorn-63073.exe
2544	Unicorn-57925.exe
2588	Unicorn-48356.exe
2728	Unicorn-58449.exe
2872	Unicorn-30567.exe
2604	Unicorn-60525.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exeUnicorn-51660.exeUnicorn-15351.exeUnicorn-35217.exeUnicorn-9243.exeUnicorn-11251.exeUnicorn-9243.exeUnicorn-21804.exe

description	pid	process	target process
PID 1908 wrote to memory of 1940	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-51660.exe
PID 1908 wrote to memory of 1940	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-51660.exe
PID 1908 wrote to memory of 1940	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-51660.exe
PID 1908 wrote to memory of 1940	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-51660.exe
PID 1908 wrote to memory of 3008	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-15351.exe
PID 1908 wrote to memory of 3008	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-15351.exe
PID 1908 wrote to memory of 3008	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-15351.exe
PID 1908 wrote to memory of 3008	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	Unicorn-15351.exe
PID 1940 wrote to memory of 3016	1940	Unicorn-51660.exe	Unicorn-35217.exe
PID 1940 wrote to memory of 3016	1940	Unicorn-51660.exe	Unicorn-35217.exe
PID 1940 wrote to memory of 3016	1940	Unicorn-51660.exe	Unicorn-35217.exe
PID 1940 wrote to memory of 3016	1940	Unicorn-51660.exe	Unicorn-35217.exe
PID 1908 wrote to memory of 2564	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	WerFault.exe
PID 1908 wrote to memory of 2564	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	WerFault.exe
PID 1908 wrote to memory of 2564	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	WerFault.exe
PID 1908 wrote to memory of 2564	1908	92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe	WerFault.exe
PID 3008 wrote to memory of 2860	3008	Unicorn-15351.exe	Unicorn-9243.exe
PID 3008 wrote to memory of 2860	3008	Unicorn-15351.exe	Unicorn-9243.exe
PID 3008 wrote to memory of 2860	3008	Unicorn-15351.exe	Unicorn-9243.exe
PID 3008 wrote to memory of 2860	3008	Unicorn-15351.exe	Unicorn-9243.exe
PID 3016 wrote to memory of 2688	3016	Unicorn-35217.exe	Unicorn-9243.exe
PID 3016 wrote to memory of 2688	3016	Unicorn-35217.exe	Unicorn-9243.exe
PID 3016 wrote to memory of 2688	3016	Unicorn-35217.exe	Unicorn-9243.exe
PID 3016 wrote to memory of 2688	3016	Unicorn-35217.exe	Unicorn-9243.exe
PID 1940 wrote to memory of 3024	1940	Unicorn-51660.exe	Unicorn-11251.exe
PID 1940 wrote to memory of 3024	1940	Unicorn-51660.exe	Unicorn-11251.exe
PID 1940 wrote to memory of 3024	1940	Unicorn-51660.exe	Unicorn-11251.exe
PID 1940 wrote to memory of 3024	1940	Unicorn-51660.exe	Unicorn-11251.exe
PID 1940 wrote to memory of 2652	1940	Unicorn-51660.exe	WerFault.exe
PID 1940 wrote to memory of 2652	1940	Unicorn-51660.exe	WerFault.exe
PID 1940 wrote to memory of 2652	1940	Unicorn-51660.exe	WerFault.exe
PID 1940 wrote to memory of 2652	1940	Unicorn-51660.exe	WerFault.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-9243.exe	Unicorn-21804.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-9243.exe	Unicorn-21804.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-9243.exe	Unicorn-21804.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-9243.exe	Unicorn-21804.exe
PID 3008 wrote to memory of 1676	3008	Unicorn-15351.exe	Unicorn-40064.exe
PID 3008 wrote to memory of 1676	3008	Unicorn-15351.exe	Unicorn-40064.exe
PID 3008 wrote to memory of 1676	3008	Unicorn-15351.exe	Unicorn-40064.exe
PID 3008 wrote to memory of 1676	3008	Unicorn-15351.exe	Unicorn-40064.exe
PID 3024 wrote to memory of 2720	3024	Unicorn-11251.exe	Unicorn-54310.exe
PID 3024 wrote to memory of 2720	3024	Unicorn-11251.exe	Unicorn-54310.exe
PID 3024 wrote to memory of 2720	3024	Unicorn-11251.exe	Unicorn-54310.exe
PID 3024 wrote to memory of 2720	3024	Unicorn-11251.exe	Unicorn-54310.exe
PID 2688 wrote to memory of 3040	2688	Unicorn-9243.exe	Unicorn-54310.exe
PID 2688 wrote to memory of 3040	2688	Unicorn-9243.exe	Unicorn-54310.exe
PID 2688 wrote to memory of 3040	2688	Unicorn-9243.exe	Unicorn-54310.exe
PID 2688 wrote to memory of 3040	2688	Unicorn-9243.exe	Unicorn-54310.exe
PID 3016 wrote to memory of 2040	3016	Unicorn-35217.exe	Unicorn-58259.exe
PID 3016 wrote to memory of 2040	3016	Unicorn-35217.exe	Unicorn-58259.exe
PID 3016 wrote to memory of 2040	3016	Unicorn-35217.exe	Unicorn-58259.exe
PID 3016 wrote to memory of 2040	3016	Unicorn-35217.exe	Unicorn-58259.exe
PID 3008 wrote to memory of 2740	3008	Unicorn-15351.exe	WerFault.exe
PID 3008 wrote to memory of 2740	3008	Unicorn-15351.exe	WerFault.exe
PID 3008 wrote to memory of 2740	3008	Unicorn-15351.exe	WerFault.exe
PID 3008 wrote to memory of 2740	3008	Unicorn-15351.exe	WerFault.exe
PID 3016 wrote to memory of 2160	3016	Unicorn-35217.exe	WerFault.exe
PID 3016 wrote to memory of 2160	3016	Unicorn-35217.exe	WerFault.exe
PID 3016 wrote to memory of 2160	3016	Unicorn-35217.exe	WerFault.exe
PID 3016 wrote to memory of 2160	3016	Unicorn-35217.exe	WerFault.exe
PID 2556 wrote to memory of 1408	2556	Unicorn-21804.exe	Unicorn-7511.exe
PID 2556 wrote to memory of 1408	2556	Unicorn-21804.exe	Unicorn-7511.exe
PID 2556 wrote to memory of 1408	2556	Unicorn-21804.exe	Unicorn-7511.exe
PID 2556 wrote to memory of 1408	2556	Unicorn-21804.exe	Unicorn-7511.exe

C:\Users\Admin\AppData\Local\Temp\92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe
"C:\Users\Admin\AppData\Local\Temp\92fd5d105e670d418ba0701f2d2936a7418845c182586fb1fd4f5e177bb43cbb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
10⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
11⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
12⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
13⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
14⤵
PID:11316

C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
15⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 236
14⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
13⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
12⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
11⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
12⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 220
13⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
11⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
10⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
9⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
10⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
11⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
12⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
13⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
14⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
14⤵
PID:13784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
12⤵
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
10⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
9⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 236
8⤵
- Program crash
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
9⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
10⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
11⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
12⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
13⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
14⤵
PID:13152

C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
15⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 220
13⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
12⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
11⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
11⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
12⤵
PID:11280

C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
13⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 236
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
8⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10659.exe
10⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-4556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4556.exe
11⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
12⤵
PID:10520

C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
13⤵
PID:13040

C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
14⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 216
13⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 220
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
11⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
9⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
7⤵
- Program crash
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
9⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
11⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
12⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
13⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
14⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 220
14⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
13⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
12⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
11⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
11⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
12⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
13⤵
PID:12936

C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
14⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
13⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
11⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
8⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
9⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 220
10⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
8⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
7⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
9⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
11⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
12⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
13⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
10⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 204
12⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 220
11⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
10⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
7⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
6⤵
- Program crash
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
8⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
12⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
13⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
12⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
8⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
8⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
11⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
12⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 216
13⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
11⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
12⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 220
8⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
7⤵
- Program crash
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
7⤵
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
8⤵
- Program crash
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
7⤵
- Program crash
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
6⤵
- Program crash
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
5⤵
- Program crash
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
7⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
10⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52432.exe
11⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
12⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
13⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
13⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
11⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
10⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
11⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
12⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
8⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
7⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
12⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
9⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
6⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
7⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
10⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
11⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-49413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49413.exe
12⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 236
11⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 216
8⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
7⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
11⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 236
12⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 236
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
9⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
10⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
11⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 220
11⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
10⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
9⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
8⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
9⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
10⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
11⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 220
11⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
10⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
9⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
6⤵
- Program crash
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
5⤵
- Program crash
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
7⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
8⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
10⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
11⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
12⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
13⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
13⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 220
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
11⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
11⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
12⤵
PID:12748

C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
13⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
12⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
8⤵
- Program crash
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
7⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
10⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
11⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
12⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
10⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
6⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
7⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
10⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
11⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
12⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 236
11⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
10⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
9⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
7⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
7⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
10⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
11⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
12⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 220
10⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
8⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
7⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
9⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
10⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
11⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 220
11⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
10⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
9⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
8⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
7⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
6⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
9⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
10⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
11⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
10⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
9⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
8⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
7⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
6⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
5⤵
- Program crash
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
9⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
10⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
11⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 220
12⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
11⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
10⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
9⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
10⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
11⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
12⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
13⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
13⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 220
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
9⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
8⤵
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
8⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
11⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
12⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
13⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
10⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
9⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
8⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
8⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
11⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
12⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
13⤵
PID:13092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
14⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
10⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
11⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
12⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 220
11⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 220
10⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
9⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
11⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 220
12⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
11⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
8⤵
- Program crash
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
7⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
10⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
11⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
12⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
11⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
10⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
9⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
10⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
11⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
10⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
9⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
8⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
7⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
6⤵
- Program crash
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
8⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
11⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
10⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
11⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
12⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
8⤵
- Program crash
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
7⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
10⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
11⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
12⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
12⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 236
11⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
8⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
6⤵
- Executes dropped EXE
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
9⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
11⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
12⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 236
12⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
10⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
8⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
7⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
8⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
9⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
10⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
11⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
11⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
10⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
9⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
- Program crash
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
6⤵
- Program crash
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
5⤵
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
8⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
11⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
13⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 236
13⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-56888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56888.exe
10⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
11⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 220
12⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
11⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
10⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
8⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
12⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
13⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
11⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
10⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
11⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
12⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
12⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
10⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
7⤵
- Program crash
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
7⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
11⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
12⤵
PID:12216

C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
13⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 236
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
11⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
9⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
10⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
11⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
12⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 236
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
10⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
8⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
7⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
10⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 200
11⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
8⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
6⤵
- Program crash
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
7⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
10⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
11⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
12⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 216
12⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 236
11⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
7⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
9⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
10⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
11⤵
PID:12804

C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
12⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 220
11⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
10⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
9⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
8⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 240
7⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
6⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
7⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
10⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
11⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
12⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 220
12⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 220
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
10⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
8⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
8⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
9⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
10⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
10⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
9⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
8⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
7⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
5⤵
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
8⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
11⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
12⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
13⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
12⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
11⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
12⤵
PID:13120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
13⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
11⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
12⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
8⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
7⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
11⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
12⤵
PID:12784

C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
13⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
9⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
8⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
7⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:660

C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
7⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
11⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
12⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
12⤵
PID:14128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
9⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
10⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
11⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 220
11⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 220
10⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
9⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 240
7⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 220
6⤵
- Program crash
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
7⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
11⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
12⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 200
13⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
11⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
9⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
9⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
10⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
11⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-6681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6681.exe
12⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 236
11⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
9⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
8⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
7⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
6⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
7⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
10⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
11⤵
PID:11556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 236
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
10⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
8⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-24574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24574.exe
8⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
10⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
11⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 220
11⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 236
9⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
8⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
9⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
10⤵
PID:12944

C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
10⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 236
9⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 220
8⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
7⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
6⤵
- Program crash
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
5⤵
- Program crash
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
7⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
10⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
11⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
12⤵
PID:13200

C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
13⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 220
12⤵
PID:13356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
8⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
9⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
10⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
11⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
11⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
10⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
9⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
8⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
7⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
6⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
7⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
8⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
9⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-58860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58860.exe
10⤵
PID:11276

C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
10⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
9⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
8⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
7⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
6⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
6⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
9⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
10⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
11⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
11⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
10⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
8⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
7⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-63300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63300.exe
8⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
9⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
10⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
10⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
9⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
8⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
7⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
6⤵
- Program crash
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
5⤵
- Program crash
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
4⤵
- Program crash
PID:900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
2⤵
- Program crash
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe

Filesize
184KB

MD5
31810bd9d6a87a4e2a1d8f2b5eef200e

SHA1
44fb51d5df9fe7e04fd360b280a0adcab3c1e30e

SHA256
0ccb1109dec4302ba6fbd3d85993189a15457e64f1c31d6e6f8b89a9201afc69

SHA512
d5efcf37c27f660b578228db74ad2edeb3a32657de988a68a9377df12010aa622197f104cce88d28d7846e5f51350bf443187aa79c21e1780b654350d9d41681

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe

Filesize
184KB

MD5
68347319ceb38ac895c6fb0a5fdef0ec

SHA1
5101a0eb1de75800dd1b93c46a671edc256b575e

SHA256
a35e74e35840413e5e7d6279ab3ca1f7263e5033496697ccd66fef036e9249b3

SHA512
eb75f9764d279bedf89a86638755f6b39ec494bf2724c644078c492fa3e38e83d53237f8e96fe37240881ac84f62576e24cbffc23949f9314556e1dfe20b5723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe

Filesize
184KB

MD5
46536291b9b6068aa3e2f110dd1849b1

SHA1
13e2682a5ce5f7735c582e8f0f76a7c49326ee99

SHA256
4c18f19c98df9a4177cbd73c0189f1e671e6c4575cc6020f49f401b0827995fd

SHA512
152521381127d561fe3ac2e693f22adfa59e48602fb283eebbd014231d1386436e37bb6746f10503be3b8f273eff0d81b958a0feca14a28cb6c175897d1c1856

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe

Filesize
184KB

MD5
a621c686ec0b6df1241c0de603ac0d1a

SHA1
a26bd4a8e23f1fe7cfc16beab0cc0e256d29d9b8

SHA256
4e1874bd0e90d75eef4b6f8f3ad2724751bb8457e96ba3873ac99df4b42bf9c9

SHA512
b2a561976f5dbae60611b2fb94511edd6ccb9cec50090e1eb6b4f75be3dd9e3a544561e664c88b733dbb07f87b23be6a9f577053dc2663c10b8a23c0aeae7668

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe

Filesize
184KB

MD5
fedcde15ffb404029f683fde45765550

SHA1
3b5ac039ed88988e223bdc0d19df68e3d9a72dfc

SHA256
2cf0e7c0c120db64d227a4417810323743e51d0573289a834a251a5c366d6c9d

SHA512
6940b2b42c7f66b8f7e1cd2ad0a5e5c9f9dd0da03cc8edce525169f5a616b3b20af1d1600ce9274ad4f1a8311e701e3822f2ee6782dc80ddc1f46ccdcbb61325

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe

Filesize
184KB

MD5
309fa5f1ef77a2955081bbfa20fbb49f

SHA1
7f3c08df9889b5feab0f683f12afcec39cdb3da8

SHA256
f6434441f54a97e7a7437b7c46df13980bd9161c8d32740800912eeaa2e9b548

SHA512
8315c9bb494d0ae68713d32540c1d55c5d1735ace4050eec1b9295714603deb5d093b973c4064bed5b5ff9f98cdcb5289b6bed3ae16851856b739e3d8fbeb65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe

Filesize
184KB

MD5
d5b26658605f4ab5a9dadfa9639602cd

SHA1
69cf497b52be55127317645d6051c65a1ba3a663

SHA256
5239d1e34f3179af45765525a2bc539f21cbec81bf977eb177777d8b8c5cfc74

SHA512
10c61351687dc45474118b1e5942aa0e546e8590602a22f5c83337e8386398755e63041da6b968c6ead07e92915339259258f91c36648975779e6b16e55d4240

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe

Filesize
184KB

MD5
71f0b5973b74d061b47d33a5bf55a8e5

SHA1
ca404080b354dbf45244f73337e46413bf383b4c

SHA256
51bc049b3975ac3a595b9cb0814b8f4862d3193e3d8e73c4902868a4c3a0f5e8

SHA512
075cb742b1f60ac229e97e13f6e1f4396d9b049b0681514553662970b840b94bd0e75ce09585ca3134137f15dfc83898552c0934bc0da14ad056b3af3ac541fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe

Filesize
184KB

MD5
c57403d57810524483b5fbc7d467a6eb

SHA1
9196ec6c2b258d76e4dc61817826eaf2146330ad

SHA256
c1687732abeaf6f63e560aa89cf644a3b2670715ccb39b043b162931040cdd91

SHA512
b338ed38d89cabd252e8a95eb799c7337489405572d119248758d300d010e819a7363787a47026e29e42d54e7425dc7767f20d0ddab03a0e6affd979e6ad4333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe

Filesize
184KB

MD5
03a64fa819e38b096f0ca03a53453bb8

SHA1
e164bd3c98a15d99ad9b59e19306dc8b0686b9b4

SHA256
c6869d99fa2d7aebc8723099498befb6c6fba4d37dc0693434420961c4f501ec

SHA512
5acddf8ac13f379433225187a8fb7ede1226c76ddb52c00243ff0b1683a0f67964711927094209be9a45b11f9ce832a2583b459cebb95a3ba37d06b8981fdf3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe

Filesize
184KB

MD5
6ff1ed858907da5f3770f77351e1242b

SHA1
fef567385137906435f583a430905ee5480e4f83

SHA256
056fb287c59c2a563c422e09a73a2fc3ae369658d3c4c0a9173c03b099bdffe4

SHA512
efc3c42c4f71b172b6160d3766597fedc1d7f8748788518127fd720ee32b7f2a5d13f783079d05a82cdf09c20a55377354b4a7aa37c2aa4d8c30bc5728fd5b89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe

Filesize
184KB

MD5
7e96e27a98d3c0ae161f72c1208961d4

SHA1
e14cc4d159b527a006b7790eac74d283a15411a7

SHA256
fa28d818c95de0f8fcb30a5e1ee221a6c5d5b4f494d8889198fa9644f97dd905

SHA512
94bc3efda8e4766e9294745b88bcf2d8f913942c36a84e5550288fa4e19df59c065946d75f2dc7a8f343a6dde4349abdcda12fae059a31c3331ace8e621a4fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe

Filesize
184KB

MD5
da79c12e569e8e1b65afbd07e796b059

SHA1
3b4f501b439937d42e435488fdbb2c41109ffad2

SHA256
09ece70487f9fb325022b23645db924119ce90306fd19ad5cdfa1c4923e29aba

SHA512
1d9056740df6a2ca0bfecfffcd0d8bddb662effdd77f05868fca3dd743216c39f2510cf7f80da1c5a8eca5760d8e4bf22578ac88445d529afb3f2f19b17d8759

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe

Filesize
184KB

MD5
f4f31ac7154fd6a1cb36de0373f4f4e2

SHA1
7b43b7c90c0cbec4646c6b5df346220a3d445155

SHA256
1a006de69c01522002b30a1d2c5d17ae8644373b9b85b2306603410205491e42

SHA512
a3bf9da5ae29d90d23327bb2a04604e44f5f8f20545ba0e42714b965b6f90a54646bd2de8a257ff3c97fef72ce1029f9322c3e96bee95072f7bb2d1c3b19ec8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe

Filesize
184KB

MD5
d21e647394638615b39c967759286d9a

SHA1
07348c70d46fe05030a0159fe9bf3a8333e12ee1

SHA256
446762ebaa70edd44caaa5b03747a10d931c4e4e380a7def60734b0df703b5d4

SHA512
9ebada17e903e6da8986d178a41be15dd14d462378746911799f94990f43160b275a410671ef322caca2027d21784a8c6cef80a307888fc493a75d369538a76e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe

Filesize
184KB

MD5
8fd5be4002b3382df8b9664bdbbc1a2e

SHA1
78ad8888fdc599227f99dad4530d1e798934d8f0

SHA256
bee390283fea60eea0cb115efdbd474a1e9c49b1d71ba062eb51b23d27a29514

SHA512
ceabfd20bf38d5278b60238160aed1de43c887fdfaaea6d742b14ecef94e53dbedb94ea9cbaa8c080162b099f95e741802072891695174d89e355d7f591518bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe

Filesize
184KB

MD5
2f8feea2f78dc020bb7e41c141ea0aac

SHA1
a81117db4cf607d82bc146edd77139def4019380

SHA256
b7ba04e32fddde02ff1b22f878eefc151e1ec3c0245c1f9ff6e2fdf610a1d859

SHA512
d4ccd36a3ca4c12c775cf87c43a02e4fc1aa391459842d64ded306434cfc6bbe8f9b52833665aaa319d85043be1097af2023d9e91e3d7d6f9002ccf156e6a759

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe

Filesize
184KB

MD5
d1a7856266fb595fd2ac5dd07518a81e

SHA1
707ae4ec74fbd265da389784f55c709df57e449d

SHA256
065bf46ba95b93344eecef48c2a4b5c65b5d31ea04a08c5ff31433a8b2299f29

SHA512
15ef1cbd9d9b2bcaa034d225e5ccf7a7c4ce66cbe0f11b2afbd0b700e7d3367ef003682b19323473727d8f64a049fa9c738eb90a3a81144205e7924105bf7d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe

Filesize
184KB

MD5
0abecd06fe3dc635fa11fcd97c4981ff

SHA1
6cf59c99793b71be01cdacc90f2bdf8f019b12a7

SHA256
a1940587ccdef87298499b4b3399c2571bb28669c1cd9b043fe60dbe6f1e9189

SHA512
394f19188de7f6325faba9ea2830e9d69f98418adae1ff5ecdec59be8a1cebee4ee18bef3b0acf0e4253faa3c90e3aac777bd3c60d7918d4b502e9bf2c4f4f38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe

Filesize
184KB

MD5
7b1d8c2a7fbd7e8a13e0eee2821b0fe6

SHA1
1981f2202b3cdf1f8259812a8408e28cb6368536

SHA256
3014f92d47bdabce0f73ac64bd5c210e969bc60c128f2c4430e5c786db50d670

SHA512
54f3442185ab3be9d9f6698e24297d8bb777c13455b20545469635b6f66c44ece3c8610ccbe463d760ce26b6ea7d862900fe5a552e375ed106c8c6dd027ce437

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe

Filesize
184KB

MD5
93406a07a0591b04f222660df36f7c60

SHA1
75d6c4fd5a618ba137dfafa0f914ceb17d5f87ff

SHA256
624b52f32a3f872751a42192780f48f2e3fb66dcfc6467727341f1d8b19c2d15

SHA512
02e44d40c96e6cf920d30605a9522c22eae02381f767d3b86e3273c090dc5a7a003c0caec199a6571ddd37dea038d55ed10318be3ac4f5d8669e51730281703b

Download Submit