aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
Size

184KB
MD5

948e380618a97a0e5d43a3bfc135dbd7
SHA1

bb89825e2d2c52ddbf5497756f53bf12de9522a1
SHA256

aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0
SHA512

aa4590a4288c92153acc0857ad5a15d351f1280e6257ed2c46c8f916aad70efecc31b99fc6ce3335a0d39934876befec6c2893afb10a293d46d8d8384722c1eb
SSDEEP

3072:kI6AmxoTb4OTjFnWeRNfDA4DhlnViFRn5:kI2odHFnRfk4DhlnViFR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-35240.exeUnicorn-17541.exeUnicorn-39353.exeUnicorn-60007.exeUnicorn-40141.exeUnicorn-9187.exeUnicorn-46850.exeUnicorn-60555.exeUnicorn-51401.exeUnicorn-51915.exeUnicorn-51209.exeUnicorn-19839.exeUnicorn-39705.exeUnicorn-7800.exeUnicorn-22518.exeUnicorn-2652.exeUnicorn-3228.exeUnicorn-55958.exeUnicorn-55766.exeUnicorn-14557.exeUnicorn-13187.exeUnicorn-8397.exeUnicorn-10883.exeUnicorn-6093.exeUnicorn-44765.exeUnicorn-12284.exeUnicorn-57764.exeUnicorn-48548.exeUnicorn-48548.exeUnicorn-28490.exeUnicorn-48356.exeUnicorn-65157.exeUnicorn-42795.exeUnicorn-14913.exeUnicorn-42987.exeUnicorn-47970.exeUnicorn-15682.exeUnicorn-31944.exeUnicorn-51810.exeUnicorn-19522.exeUnicorn-12785.exeUnicorn-65385.exeUnicorn-20290.exeUnicorn-17986.exeUnicorn-11249.exeUnicorn-31691.exeUnicorn-48904.exeUnicorn-29038.exeUnicorn-29614.exeUnicorn-49480.exeUnicorn-59958.exeUnicorn-40991.exeUnicorn-38914.exeUnicorn-44831.exeUnicorn-29180.exeUnicorn-29180.exeUnicorn-64566.exeUnicorn-12158.exeUnicorn-25541.exeUnicorn-25541.exeUnicorn-25541.exeUnicorn-63196.exeUnicorn-63196.exeUnicorn-63196.exe

pid	process
1456	Unicorn-35240.exe
1152	Unicorn-17541.exe
1244	Unicorn-39353.exe
2864	Unicorn-60007.exe
2828	Unicorn-40141.exe
2484	Unicorn-9187.exe
2232	Unicorn-46850.exe
2784	Unicorn-60555.exe
2816	Unicorn-51401.exe
2952	Unicorn-51915.exe
1744	Unicorn-51209.exe
1572	Unicorn-19839.exe
1664	Unicorn-39705.exe
2088	Unicorn-7800.exe
2080	Unicorn-22518.exe
2524	Unicorn-2652.exe
324	Unicorn-3228.exe
992	Unicorn-55958.exe
1288	Unicorn-55766.exe
2252	Unicorn-14557.exe
1388	Unicorn-13187.exe
956	Unicorn-8397.exe
1032	Unicorn-10883.exe
2872	Unicorn-6093.exe
1368	Unicorn-44765.exe
1944	Unicorn-12284.exe
2116	Unicorn-57764.exe
1992	Unicorn-48548.exe
2044	Unicorn-48548.exe
1964	Unicorn-28490.exe
1588	Unicorn-48356.exe
2328	Unicorn-65157.exe
2052	Unicorn-42795.exe
2708	Unicorn-14913.exe
2564	Unicorn-42987.exe
1000	Unicorn-47970.exe
2428	Unicorn-15682.exe
3032	Unicorn-31944.exe
2776	Unicorn-51810.exe
2240	Unicorn-19522.exe
2772	Unicorn-12785.exe
1448	Unicorn-65385.exe
2644	Unicorn-20290.exe
2604	Unicorn-17986.exe
1692	Unicorn-11249.exe
1540	Unicorn-31691.exe
1672	Unicorn-48904.exe
2988	Unicorn-29038.exe
1276	Unicorn-29614.exe
2092	Unicorn-49480.exe
908	Unicorn-59958.exe
2156	Unicorn-40991.exe
852	Unicorn-38914.exe
1564	Unicorn-44831.exe
1932	Unicorn-29180.exe
1996	Unicorn-29180.exe
1592	Unicorn-64566.exe
2332	Unicorn-12158.exe
2576	Unicorn-25541.exe
2748	Unicorn-25541.exe
2568	Unicorn-25541.exe
2744	Unicorn-63196.exe
2688	Unicorn-63196.exe
2596	Unicorn-63196.exe

Loads dropped DLL 64 IoCs

Processes:

aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exeUnicorn-35240.exeUnicorn-39353.exeUnicorn-17541.exeWerFault.exeUnicorn-40141.exeUnicorn-60007.exeUnicorn-9187.exeWerFault.exeWerFault.exeUnicorn-46850.exeUnicorn-60555.exeUnicorn-51915.exeUnicorn-51209.exeUnicorn-51401.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
1456	Unicorn-35240.exe
2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
1456	Unicorn-35240.exe
1244	Unicorn-39353.exe
1244	Unicorn-39353.exe
1456	Unicorn-35240.exe
1456	Unicorn-35240.exe
1152	Unicorn-17541.exe
1152	Unicorn-17541.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2828	Unicorn-40141.exe
2828	Unicorn-40141.exe
2864	Unicorn-60007.exe
2864	Unicorn-60007.exe
1244	Unicorn-39353.exe
1244	Unicorn-39353.exe
2484	Unicorn-9187.exe
2484	Unicorn-9187.exe
1152	Unicorn-17541.exe
1152	Unicorn-17541.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2828	Unicorn-40141.exe
2232	Unicorn-46850.exe
2828	Unicorn-40141.exe
2232	Unicorn-46850.exe
2784	Unicorn-60555.exe
2784	Unicorn-60555.exe
2952	Unicorn-51915.exe
2952	Unicorn-51915.exe
2864	Unicorn-60007.exe
2864	Unicorn-60007.exe
2484	Unicorn-9187.exe
2484	Unicorn-9187.exe
1744	Unicorn-51209.exe
1744	Unicorn-51209.exe
2816	Unicorn-51401.exe
2816	Unicorn-51401.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
684	WerFault.exe
684	WerFault.exe
684	WerFault.exe
684	WerFault.exe
684	WerFault.exe
2236	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2580	2512	WerFault.exe	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
2976	1456	WerFault.exe	Unicorn-35240.exe
1788	1244	WerFault.exe	Unicorn-39353.exe
2652	1152	WerFault.exe	Unicorn-17541.exe
2380	2828	WerFault.exe	Unicorn-40141.exe
684	2864	WerFault.exe	Unicorn-60007.exe
2236	2484	WerFault.exe	Unicorn-9187.exe
1984	2232	WerFault.exe	Unicorn-46850.exe
2340	2784	WerFault.exe	Unicorn-60555.exe
2732	2952	WerFault.exe	Unicorn-51915.exe
2712	1744	WerFault.exe	Unicorn-51209.exe
2296	2816	WerFault.exe	Unicorn-51401.exe
1484	1572	WerFault.exe	Unicorn-19839.exe
2132	1664	WerFault.exe	Unicorn-39705.exe
2960	2088	WerFault.exe	Unicorn-7800.exe
448	2524	WerFault.exe	Unicorn-2652.exe
1852	2080	WerFault.exe	Unicorn-22518.exe
1548	992	WerFault.exe	Unicorn-55958.exe
2036	1288	WerFault.exe	Unicorn-55766.exe
1604	324	WerFault.exe	Unicorn-3228.exe
760	2252	WerFault.exe	Unicorn-14557.exe
920	1388	WerFault.exe	Unicorn-13187.exe
2184	1032	WerFault.exe	Unicorn-10883.exe
2164	2872	WerFault.exe	Unicorn-6093.exe
3060	1368	WerFault.exe	Unicorn-44765.exe
892	1944	WerFault.exe	Unicorn-12284.exe
2768	1992	WerFault.exe	Unicorn-48548.exe
2224	1588	WerFault.exe	Unicorn-48356.exe
1196	1964	WerFault.exe	Unicorn-28490.exe
1064	2052	WerFault.exe	Unicorn-42795.exe
2788	2708	WerFault.exe	Unicorn-14913.exe
2800	2240	WerFault.exe	Unicorn-19522.exe
2684	1672	WerFault.exe	Unicorn-48904.exe
2352	3032	WerFault.exe	Unicorn-31944.exe
1872	2776	WerFault.exe	Unicorn-51810.exe
3600	2328	WerFault.exe	Unicorn-65157.exe
3624	2092	WerFault.exe	Unicorn-49480.exe
3632	2988	WerFault.exe	Unicorn-29038.exe
3708	1448	WerFault.exe	Unicorn-65385.exe
3716	2428	WerFault.exe	Unicorn-15682.exe
3772	2156	WerFault.exe	Unicorn-40991.exe
3844	852	WerFault.exe	Unicorn-38914.exe
3888	2644	WerFault.exe	Unicorn-20290.exe
3896	1004	WerFault.exe	Unicorn-27528.exe
4000	1000	WerFault.exe	Unicorn-47970.exe
4040	1276	WerFault.exe	Unicorn-29614.exe
3284	2812	WerFault.exe	Unicorn-61084.exe
3332	812	WerFault.exe	Unicorn-9122.exe
3376	1996	WerFault.exe	Unicorn-29180.exe
3420	2664	WerFault.exe	Unicorn-8354.exe
3468	804	WerFault.exe	Unicorn-25589.exe
3476	2744	WerFault.exe	Unicorn-63196.exe
3552	1564	WerFault.exe	Unicorn-44831.exe
3868	2456	WerFault.exe	Unicorn-63196.exe
3988	2564	WerFault.exe	Unicorn-42987.exe
3200	908	WerFault.exe	Unicorn-59958.exe
3680	2504	WerFault.exe	Unicorn-45384.exe
3724	2000	WerFault.exe	Unicorn-28988.exe
3136	2452	WerFault.exe	Unicorn-27616.exe
3176	1932	WerFault.exe	Unicorn-29180.exe
3260	2416	WerFault.exe	Unicorn-33153.exe
3308	1072	WerFault.exe	Unicorn-58453.exe
3576	3028	WerFault.exe	Unicorn-63196.exe
4068	3976	WerFault.exe	Unicorn-45191.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exeUnicorn-35240.exeUnicorn-39353.exeUnicorn-17541.exeUnicorn-60007.exeUnicorn-40141.exeUnicorn-9187.exeUnicorn-46850.exeUnicorn-60555.exeUnicorn-51401.exeUnicorn-51915.exeUnicorn-51209.exeUnicorn-19839.exeUnicorn-39705.exeUnicorn-7800.exeUnicorn-22518.exeUnicorn-2652.exeUnicorn-3228.exeUnicorn-55958.exeUnicorn-55766.exeUnicorn-14557.exeUnicorn-13187.exeUnicorn-8397.exeUnicorn-10883.exeUnicorn-6093.exeUnicorn-44765.exeUnicorn-12284.exeUnicorn-57764.exeUnicorn-48548.exeUnicorn-48356.exeUnicorn-28490.exeUnicorn-65157.exeUnicorn-42795.exeUnicorn-14913.exeUnicorn-42987.exeUnicorn-47970.exeUnicorn-15682.exeUnicorn-31944.exeUnicorn-51810.exeUnicorn-19522.exeUnicorn-12785.exeUnicorn-65385.exeUnicorn-20290.exeUnicorn-17986.exeUnicorn-31691.exeUnicorn-11249.exeUnicorn-48904.exeUnicorn-29038.exeUnicorn-49480.exeUnicorn-29614.exeUnicorn-59958.exeUnicorn-40991.exeUnicorn-38914.exeUnicorn-44831.exeUnicorn-12158.exeUnicorn-29180.exeUnicorn-29180.exeUnicorn-25541.exeUnicorn-64566.exeUnicorn-25541.exeUnicorn-25541.exeUnicorn-63196.exeUnicorn-63196.exeUnicorn-63196.exe

pid	process
2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
1456	Unicorn-35240.exe
1244	Unicorn-39353.exe
1152	Unicorn-17541.exe
2864	Unicorn-60007.exe
2828	Unicorn-40141.exe
2484	Unicorn-9187.exe
2232	Unicorn-46850.exe
2784	Unicorn-60555.exe
2816	Unicorn-51401.exe
2952	Unicorn-51915.exe
1744	Unicorn-51209.exe
1572	Unicorn-19839.exe
1664	Unicorn-39705.exe
2088	Unicorn-7800.exe
2080	Unicorn-22518.exe
2524	Unicorn-2652.exe
324	Unicorn-3228.exe
992	Unicorn-55958.exe
1288	Unicorn-55766.exe
2252	Unicorn-14557.exe
1388	Unicorn-13187.exe
956	Unicorn-8397.exe
1032	Unicorn-10883.exe
2872	Unicorn-6093.exe
1368	Unicorn-44765.exe
1944	Unicorn-12284.exe
2116	Unicorn-57764.exe
1992	Unicorn-48548.exe
1588	Unicorn-48356.exe
1964	Unicorn-28490.exe
2328	Unicorn-65157.exe
2052	Unicorn-42795.exe
2708	Unicorn-14913.exe
2564	Unicorn-42987.exe
1000	Unicorn-47970.exe
2428	Unicorn-15682.exe
3032	Unicorn-31944.exe
2776	Unicorn-51810.exe
2240	Unicorn-19522.exe
2772	Unicorn-12785.exe
1448	Unicorn-65385.exe
2644	Unicorn-20290.exe
2604	Unicorn-17986.exe
1540	Unicorn-31691.exe
1692	Unicorn-11249.exe
1672	Unicorn-48904.exe
2988	Unicorn-29038.exe
2092	Unicorn-49480.exe
1276	Unicorn-29614.exe
908	Unicorn-59958.exe
2156	Unicorn-40991.exe
852	Unicorn-38914.exe
1564	Unicorn-44831.exe
2332	Unicorn-12158.exe
1996	Unicorn-29180.exe
1932	Unicorn-29180.exe
2576	Unicorn-25541.exe
1592	Unicorn-64566.exe
2568	Unicorn-25541.exe
2748	Unicorn-25541.exe
2744	Unicorn-63196.exe
2456	Unicorn-63196.exe
2596	Unicorn-63196.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exeUnicorn-35240.exeUnicorn-39353.exeUnicorn-17541.exeUnicorn-40141.exeUnicorn-60007.exeUnicorn-9187.exe

description	pid	process	target process
PID 2512 wrote to memory of 1456	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-35240.exe
PID 2512 wrote to memory of 1456	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-35240.exe
PID 2512 wrote to memory of 1456	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-35240.exe
PID 2512 wrote to memory of 1456	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-35240.exe
PID 2512 wrote to memory of 1152	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-17541.exe
PID 2512 wrote to memory of 1152	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-17541.exe
PID 2512 wrote to memory of 1152	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-17541.exe
PID 2512 wrote to memory of 1152	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	Unicorn-17541.exe
PID 1456 wrote to memory of 1244	1456	Unicorn-35240.exe	Unicorn-39353.exe
PID 1456 wrote to memory of 1244	1456	Unicorn-35240.exe	Unicorn-39353.exe
PID 1456 wrote to memory of 1244	1456	Unicorn-35240.exe	Unicorn-39353.exe
PID 1456 wrote to memory of 1244	1456	Unicorn-35240.exe	Unicorn-39353.exe
PID 2512 wrote to memory of 2580	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	WerFault.exe
PID 2512 wrote to memory of 2580	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	WerFault.exe
PID 2512 wrote to memory of 2580	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	WerFault.exe
PID 2512 wrote to memory of 2580	2512	aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe	WerFault.exe
PID 1244 wrote to memory of 2864	1244	Unicorn-39353.exe	Unicorn-60007.exe
PID 1244 wrote to memory of 2864	1244	Unicorn-39353.exe	Unicorn-60007.exe
PID 1244 wrote to memory of 2864	1244	Unicorn-39353.exe	Unicorn-60007.exe
PID 1244 wrote to memory of 2864	1244	Unicorn-39353.exe	Unicorn-60007.exe
PID 1456 wrote to memory of 2828	1456	Unicorn-35240.exe	Unicorn-40141.exe
PID 1456 wrote to memory of 2828	1456	Unicorn-35240.exe	Unicorn-40141.exe
PID 1456 wrote to memory of 2828	1456	Unicorn-35240.exe	Unicorn-40141.exe
PID 1456 wrote to memory of 2828	1456	Unicorn-35240.exe	Unicorn-40141.exe
PID 1152 wrote to memory of 2484	1152	Unicorn-17541.exe	Unicorn-9187.exe
PID 1152 wrote to memory of 2484	1152	Unicorn-17541.exe	Unicorn-9187.exe
PID 1152 wrote to memory of 2484	1152	Unicorn-17541.exe	Unicorn-9187.exe
PID 1152 wrote to memory of 2484	1152	Unicorn-17541.exe	Unicorn-9187.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-35240.exe	WerFault.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-35240.exe	WerFault.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-35240.exe	WerFault.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-35240.exe	WerFault.exe
PID 2828 wrote to memory of 2232	2828	Unicorn-40141.exe	Unicorn-46850.exe
PID 2828 wrote to memory of 2232	2828	Unicorn-40141.exe	Unicorn-46850.exe
PID 2828 wrote to memory of 2232	2828	Unicorn-40141.exe	Unicorn-46850.exe
PID 2828 wrote to memory of 2232	2828	Unicorn-40141.exe	Unicorn-46850.exe
PID 2864 wrote to memory of 2784	2864	Unicorn-60007.exe	Unicorn-60555.exe
PID 2864 wrote to memory of 2784	2864	Unicorn-60007.exe	Unicorn-60555.exe
PID 2864 wrote to memory of 2784	2864	Unicorn-60007.exe	Unicorn-60555.exe
PID 2864 wrote to memory of 2784	2864	Unicorn-60007.exe	Unicorn-60555.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-39353.exe	Unicorn-51401.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-39353.exe	Unicorn-51401.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-39353.exe	Unicorn-51401.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-39353.exe	Unicorn-51401.exe
PID 2484 wrote to memory of 2952	2484	Unicorn-9187.exe	Unicorn-51915.exe
PID 2484 wrote to memory of 2952	2484	Unicorn-9187.exe	Unicorn-51915.exe
PID 2484 wrote to memory of 2952	2484	Unicorn-9187.exe	Unicorn-51915.exe
PID 2484 wrote to memory of 2952	2484	Unicorn-9187.exe	Unicorn-51915.exe
PID 1152 wrote to memory of 1744	1152	Unicorn-17541.exe	Unicorn-51209.exe
PID 1152 wrote to memory of 1744	1152	Unicorn-17541.exe	Unicorn-51209.exe
PID 1152 wrote to memory of 1744	1152	Unicorn-17541.exe	Unicorn-51209.exe
PID 1152 wrote to memory of 1744	1152	Unicorn-17541.exe	Unicorn-51209.exe
PID 1244 wrote to memory of 1788	1244	Unicorn-39353.exe	WerFault.exe
PID 1244 wrote to memory of 1788	1244	Unicorn-39353.exe	WerFault.exe
PID 1244 wrote to memory of 1788	1244	Unicorn-39353.exe	WerFault.exe
PID 1244 wrote to memory of 1788	1244	Unicorn-39353.exe	WerFault.exe
PID 1152 wrote to memory of 2652	1152	Unicorn-17541.exe	WerFault.exe
PID 1152 wrote to memory of 2652	1152	Unicorn-17541.exe	WerFault.exe
PID 1152 wrote to memory of 2652	1152	Unicorn-17541.exe	WerFault.exe
PID 1152 wrote to memory of 2652	1152	Unicorn-17541.exe	WerFault.exe
PID 2828 wrote to memory of 1572	2828	Unicorn-40141.exe	Unicorn-19839.exe
PID 2828 wrote to memory of 1572	2828	Unicorn-40141.exe	Unicorn-19839.exe
PID 2828 wrote to memory of 1572	2828	Unicorn-40141.exe	Unicorn-19839.exe
PID 2828 wrote to memory of 1572	2828	Unicorn-40141.exe	Unicorn-19839.exe

C:\Users\Admin\AppData\Local\Temp\aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe
"C:\Users\Admin\AppData\Local\Temp\aa1b04502189ef47160c750fd3d813e53f90f79c85d598ce24f5c728c88fecb0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
10⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
11⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
12⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
13⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
14⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
15⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 220
15⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
14⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
13⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
12⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
11⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
10⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
9⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
10⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
12⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
13⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
14⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
13⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
12⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
11⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 220
9⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
9⤵
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
11⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
12⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
13⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
14⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
14⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
13⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
12⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
11⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
10⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
9⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
8⤵
- Program crash
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
9⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
11⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
12⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
13⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
14⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 236
14⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
13⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
12⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
11⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
10⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
9⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
8⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
10⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
11⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
12⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
13⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 236
13⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
12⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
9⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
8⤵
- Program crash
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
7⤵
- Program crash
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
9⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
11⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
12⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
13⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 212
14⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
13⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
12⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
11⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17331.exe
11⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
12⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
13⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 236
13⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
12⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
11⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
8⤵
PID:400

C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
11⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
12⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
12⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
11⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 236
9⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
8⤵
- Program crash
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
8⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
11⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
12⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
12⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-57676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57676.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
12⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
13⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 236
13⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
8⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
7⤵
- Program crash
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
6⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
8⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
11⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
12⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
13⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 220
14⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
13⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
9⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
8⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
8⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
11⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
12⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
13⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
12⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
10⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
11⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
12⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 216
12⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 220
8⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
7⤵
- Program crash
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
10⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
11⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 236
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
11⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
7⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
9⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16794.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 236
10⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
8⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 220
7⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
6⤵
- Program crash
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
9⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
11⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
12⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
13⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
14⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
14⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
13⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
12⤵
PID:308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
9⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
8⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
11⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
12⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
13⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
13⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
11⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
10⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-53913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53913.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
10⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
11⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 236
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 220
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
8⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
7⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
8⤵
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
9⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64318.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
11⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
12⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
11⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
8⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
7⤵
- Program crash
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
7⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
11⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
12⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
13⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 220
13⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
9⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
8⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
7⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
11⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 220
12⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 220
11⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
8⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
7⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
6⤵
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
5⤵
- Program crash
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
9⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
10⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
11⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
12⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
13⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
14⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 236
14⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
13⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
12⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
11⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
10⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
9⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
9⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
8⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
10⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
11⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
12⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
13⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
13⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
12⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
11⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
9⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
8⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
9⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
11⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
12⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
13⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
14⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
14⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
13⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
12⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
11⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
11⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
12⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
13⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 236
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
12⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
8⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
8⤵
- Program crash
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
7⤵
- Program crash
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
11⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
12⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
12⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
9⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
7⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
8⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
10⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
11⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
7⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
6⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
7⤵
- Executes dropped EXE
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
8⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
11⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
12⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
13⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
13⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
12⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
9⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64542.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
9⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
10⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
11⤵
PID:9244

C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
12⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
10⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
8⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 220
7⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
6⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
7⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
7⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
9⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
10⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
10⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
8⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
7⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
5⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
8⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
10⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
12⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 236
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
12⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
9⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
8⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
7⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
10⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
11⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
12⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
10⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
9⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
8⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
7⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
6⤵
- Program crash
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
11⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
12⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 236
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
10⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
9⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
7⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 240
8⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
7⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
6⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
7⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
9⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
10⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
11⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
11⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
10⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
8⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
7⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
6⤵
- Program crash
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
5⤵
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
9⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
10⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
11⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
12⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
13⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
13⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
12⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
11⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 216
10⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
9⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
8⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
10⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
11⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
10⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
8⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
12⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
13⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
13⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
10⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
12⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
13⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
11⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
8⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
7⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
7⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
11⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
12⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 236
13⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
9⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
11⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
12⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 220
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
7⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
9⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
10⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
11⤵
PID:11780

C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11780 -s 236
12⤵
PID:11640

C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
11⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 220
11⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 236
10⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
9⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 216
8⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
7⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
6⤵
- Program crash
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
8⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
11⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
12⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
13⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
13⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
12⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
10⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
9⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
8⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
7⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
11⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
12⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
10⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
8⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 220
7⤵
- Program crash
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
7⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
8⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
10⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe
11⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
12⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 220
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
11⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
10⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 216
8⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
7⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
5⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
8⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
11⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
12⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
13⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
12⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
11⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
9⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
10⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
11⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
12⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
11⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 236
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
9⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
7⤵
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 220
7⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
6⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-29614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29614.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
6⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
7⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
8⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
11⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
12⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 236
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 216
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
7⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
10⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-47223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47223.exe
11⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
11⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 236
10⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
9⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
8⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
7⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
6⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
7⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 188
8⤵
- Program crash
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
7⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
6⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
5⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
5⤵
- Executes dropped EXE
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
6⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
10⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
11⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
8⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
7⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
6⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
7⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
8⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
9⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
10⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
11⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
10⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
9⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
8⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
7⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
6⤵
- Program crash
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 220
5⤵
- Program crash
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
6⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
7⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
9⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 236
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
10⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
9⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
8⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 216
7⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
6⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
7⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
9⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
10⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
11⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 220
10⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
9⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
8⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
7⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
6⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
5⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
6⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
7⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
8⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
9⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
10⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 220
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
10⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
9⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
8⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
7⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
6⤵
- Program crash
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
5⤵
- Program crash
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
4⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
2⤵
- Program crash
PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe

Filesize
184KB

MD5
8a7444a050fd48b9eb7b01b94d59e5de

SHA1
13efa98a92f4bad40c33a6624dba4edb935440c2

SHA256
94b15648b6dc19d2036e4012f1c0903f703873b85219e9d53d745089a8273422

SHA512
4f0ed955e539e8439b8ab7474ce10b9ac412d98fb350e7b04731335382c866d1fbe102b0d73563fac9a576f96f49aaaf5398c9fa7bda3f36e63f20e357b85da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe

Filesize
184KB

MD5
f956b32b5cdb98f5e8ae4ccf60373dad

SHA1
30d48c07101059605bae81510466bee4260c83b1

SHA256
900f84eefd02e3e1126d4b0117f51861510ba507de86b836c62f01da125fd0dc

SHA512
e996ca9a3612e586cd6dbefd4e6801a8078cb41b496c23451f6dba2771555bea87fef0bbb8a1b9b70b1e4176bab1d9495d0a0f766e4c9d0baf87ad665ab1c9a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe

Filesize
184KB

MD5
0279f9bdb0bee7260589fd96680a334d

SHA1
079de46b8dafca024007ddda3375502edca4eb4e

SHA256
b949c272487b64c7dfdafd693e3adc164fc44336c70007ffad1ec7151ce48272

SHA512
15f9486474a3f414f10453faec9569c3c39b683bc3cee4bee2a671663278087f3073c725133891d0792f52acac6d0e6ddded7641326b6f5cc50922abc6c29c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe

Filesize
184KB

MD5
ca90140968f67e255531744f6bd07ec8

SHA1
e9c8f4d6c466df8bc4390242b9ebd00f369317f6

SHA256
05a3182c6117f22f849a7c03260303016819cf113848355c00a95b0d8cc74658

SHA512
554dd46d121a89e68ebbc525e8168c0450f0ca95262f49415317a1f27127e9d2cfb30d0f2ccc96de00181bde0ab4dcc6311430edc5b83d29e11810d89a43ff0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe

Filesize
184KB

MD5
b47faab93ced5c15c738db3bb5a39460

SHA1
98ee138b8ea3b99a4988be51cf425c7e66d3b351

SHA256
b1b7482c66600ba76ca21111bd49829432929b403b5b66fd63d16a39f47abfec

SHA512
bb3edee6547adbe708732b1320d853bb1790a0fdf6dfa4d6c9968f164235b1bfc48d69e0b20ac2fe0058f8ea5e731d15b30399563a3624cb41e0cabbecf64793

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe

Filesize
184KB

MD5
2f4008d7a9c587bbc2df28b32db6b7c9

SHA1
aaf413b3dcf0de30ea44d6125793a85c2621d10b

SHA256
577a4c453190a428f99be318fb4da6da92b311c7b7189a7cbb22e73b7e08b7d4

SHA512
4c16b3d774884b8e3167cba5b4230ec58f182be93ecfbb9ae12468d406947eeedae82755f6ba156ce89adc18f4c9d68d147b79a9e4f83949547809242a2707de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe

Filesize
184KB

MD5
99ad573f4932b3405e1133453f681afc

SHA1
fd001807cb575acde1072ddcc9acc06f3517ef9e

SHA256
659ffcb02c0d22dcb883c882600acfcf10a1b613c2fd4881699fa37a7aead24c

SHA512
72dc840cf67d669eae11e853c77559fd8a71f39ac2e1d45e19c525c09bf1076fb1aebba169d146fd9846faf741f29cf34118a1a6cad2d4bbb331fbeb8f028398

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe

Filesize
184KB

MD5
9ae3529dbf2749aa633480baa921db70

SHA1
7a04a118431077189170c12194580c8f13417e76

SHA256
bdc332a0fb5c14dff928bdb33c5f0036c67b91807490f8ee4f54b61825c7100f

SHA512
0ce85746a1118bc5617c8e85bc6f859cb608416feebbaeb285ec7f0340b87ab6e340811a845c336119fcb8625c41ab92274ebf761811ca43d14d6bbe01d33eeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe

Filesize
184KB

MD5
d0081d4634787e71c994dc536420f479

SHA1
16f7705b1922743b4ea6b45ec846746d23a7df42

SHA256
6275bdb7ff14fb7dd68e5436575d520b087bb5257d50c6cb8f8b1367a0cfed3a

SHA512
d5a7a8466a39891d1bb40d6a2599b6b4d2f45158ba265a02d239ffa52d3eef554e7bdb906fa7cc9f6238353d5b355bd3e737ad518bf1d29b6e5842718a9fd9dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe

Filesize
184KB

MD5
b36416fe331c0fc486e33f453cb5b102

SHA1
c9c4c22738ca338b795914a2ec4fc6d2fd0e40af

SHA256
8cbcda9cf735502df44496da4932c5da5d4de9adbada0ecc1f913574382cd060

SHA512
11839071e58aa41e1fe459b5794f8b29f749e2bea772cf84b089f9b18938feae4ef3b0ad24c202cf870507cecf82f341002dc77d07f3f09b799f166a6e68aa32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe

Filesize
184KB

MD5
d5914a453f62f81b7c2a56b228a2a47c

SHA1
0a89aeab65abaea0869eb73b43808f6832483189

SHA256
0c12ebc8c0871a89865b18c6794fe5101b5b1d8f05c2f9db0719d9fa98a8e063

SHA512
c62a9d07e909ee0e04f7a193b73cbcb5c13feb05a43c1cf2a431eb895650a81790ae514b3d72f2fec49d61e09f5db7cb2108d01e594f6a2963d0b8ba8a629174

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe

Filesize
184KB

MD5
5e0d1849f81fbe29915623c46b2d5930

SHA1
2bd627c730740332ed4f40082e7fd831ccc7e017

SHA256
d19eac956e5c37f748319539e78397d912fac2a7c6c45debd3c29309356b08c2

SHA512
26982cf1846ff39fbffbf762dddb41310b046072d8c4521e5fd18a56ad0177a5ec11643ec85a9bf4baf98dcf81ce868d8c369b20646ab6416deb6c4e634cb905

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe

Filesize
184KB

MD5
3936a28ed1f2a18f576ca3ae35d862e8

SHA1
d3545e693798a6da928ea69fc8dba6bc282c0fab

SHA256
52f86fab784c4e0d59464cdcbf6a57ae0bf71d5e40038420148c6052d7b9a809

SHA512
5b598bbfdf617b2ff51e333b069df9264bc8e85c197efac6cba8e7a8b9e0ad5916f5bbc9caa6be77225562146e85941a9d4b97df16dc82e9560f60efff1feb62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe

Filesize
184KB

MD5
08e40505b3d6f9e10299edab0d5480e9

SHA1
1a90bc655e21be022cbef66b3a39cf74a7981673

SHA256
303893e1b9e838faa11f9c14aafaf9c6e731f3dc7dbfefcfd95406400c503c89

SHA512
5790e2f22cbb3fb3ed4adae912959035708345cfb1395159ffcae57c1a03e9e11cf38c5fe9e8c11cd1b48b721f846abc373faaef39e46660044bd053c9c4fbe3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe

Filesize
184KB

MD5
01a44face8d6104150bb6263443eb31f

SHA1
e421ae4b92daa0be2e28a9945edbfb785e6a60ae

SHA256
6a22b31f36630f384707508ea7b72659746f71e423e2cae9d54efa1c49554317

SHA512
db9a1f89729c22f1842f726dd2899a1c1379c218af45d333f93a1d8163a7142f3ac96fd406a9c617261a70e75e358f6460e8f8c5d29250b5ca3518e7d2db902f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe

Filesize
184KB

MD5
a49a90b226e3a1a2375b6bc5e8db0b1e

SHA1
2b7e6261ea4708a827eb01d702d60c1752b38020

SHA256
7b12b6d719e3d652ccf1096daff8ec90ad45b151e83d6f975fe045ecdd83d9e6

SHA512
0ab087ef6e22a585b72e68a856b56a7fad5779130d8b7ae1eb3f694a6a2f027e478a8c3dc64f36fd012f95332923555c5bb620692604353f465f6c1bf8c1ca8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe

Filesize
184KB

MD5
62d7587dc48de668619ae5f176c1c2fd

SHA1
7934dd2b0e3ec5abb7f5db67fd0fd8bee767b71f

SHA256
076af9b46193a8143a42ab8c4f8bf3b102271447a25daf07629636ec897514ce

SHA512
6ea2fd89e88d91d4ea8f018bcaf2611bbd6b543ae2f476eebd1621ec2dc5ca0bcc113ea64800207aba6e54bbf189ece7e66a1a64fc54db392b53033534e0a970

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe

Filesize
184KB

MD5
404023cc3ad425c30b39a9e8a72cf033

SHA1
1147a5853d48f768b158839d203b27deee10eca7

SHA256
a3181785e5aa75d69a3c2d331f27140e8678d243a82e218f7983d2919f8d0b9e

SHA512
970fd4e86df95ad24b769edaf35e8d72812387327fd33a8603b907bbfd688f92a01d339f4c2bca49f3a07b2898496567483bed120238d32f96f06db3fd3cfb97

Download Submit