a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
Size

184KB
MD5

2c04d0b9688b785216b131a4367550b7
SHA1

d5f13ec95a18a997844a83ef4d307fd80c67c650
SHA256

a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562
SHA512

9c4b9ba5c12a1fbd0285f7ca66767e5d99600b7ad43a78aab7ebd41db4306ac36c55e591578e036bb087fa524356eacad6e8cf889cc0536b943e067a076b0244
SSDEEP

3072:Tya3hxoTDJzOjG4We8dhRKs3hlnViF3nl:Ty+oZkG4ahYs3hlnViF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-62750.exeUnicorn-999.exeUnicorn-2815.exeUnicorn-36297.exeUnicorn-56163.exeUnicorn-56163.exeUnicorn-61973.exeUnicorn-40292.exeUnicorn-9243.exeUnicorn-9243.exeUnicorn-9285.exeUnicorn-62077.exeUnicorn-16406.exeUnicorn-29919.exeUnicorn-23225.exeUnicorn-3359.exeUnicorn-23033.exeUnicorn-5456.exeUnicorn-29105.exeUnicorn-23075.exeUnicorn-53671.exeUnicorn-23843.exeUnicorn-8959.exeUnicorn-54631.exeUnicorn-4553.exeUnicorn-8767.exeUnicorn-24419.exeUnicorn-56577.exeUnicorn-28920.exeUnicorn-48786.exeUnicorn-48978.exeUnicorn-44572.exeUnicorn-44572.exeUnicorn-64437.exeUnicorn-31957.exeUnicorn-47250.exeUnicorn-60057.exeUnicorn-41796.exeUnicorn-43996.exeUnicorn-63861.exeUnicorn-12963.exeUnicorn-45828.exeUnicorn-14395.exeUnicorn-34261.exeUnicorn-34261.exeUnicorn-14971.exeUnicorn-17718.exeUnicorn-63903.exeUnicorn-14629.exeUnicorn-37785.exeUnicorn-2782.exeUnicorn-47904.exeUnicorn-19830.exeUnicorn-35289.exeUnicorn-53270.exeUnicorn-33404.exeUnicorn-33212.exeUnicorn-48480.exeUnicorn-60089.exeUnicorn-59897.exeUnicorn-59897.exeUnicorn-44630.exeUnicorn-51791.exeUnicorn-51791.exe

pid	process
1640	Unicorn-62750.exe
3004	Unicorn-999.exe
2168	Unicorn-2815.exe
1724	Unicorn-36297.exe
2756	Unicorn-56163.exe
2736	Unicorn-56163.exe
776	Unicorn-61973.exe
1200	Unicorn-40292.exe
2696	Unicorn-9243.exe
2748	Unicorn-9243.exe
1812	Unicorn-9285.exe
2228	Unicorn-62077.exe
1452	Unicorn-16406.exe
2100	Unicorn-29919.exe
2108	Unicorn-23225.exe
2804	Unicorn-3359.exe
2768	Unicorn-23033.exe
1716	Unicorn-5456.exe
3024	Unicorn-29105.exe
2376	Unicorn-23075.exe
3068	Unicorn-53671.exe
1544	Unicorn-23843.exe
288	Unicorn-8959.exe
1604	Unicorn-54631.exe
1992	Unicorn-4553.exe
936	Unicorn-8767.exe
904	Unicorn-24419.exe
2904	Unicorn-56577.exe
2380	Unicorn-28920.exe
2332	Unicorn-48786.exe
2884	Unicorn-48978.exe
2372	Unicorn-44572.exe
832	Unicorn-44572.exe
2072	Unicorn-64437.exe
2724	Unicorn-31957.exe
2932	Unicorn-47250.exe
2624	Unicorn-60057.exe
2908	Unicorn-41796.exe
2080	Unicorn-43996.exe
2572	Unicorn-63861.exe
1536	Unicorn-12963.exe
2752	Unicorn-45828.exe
1608	Unicorn-14395.exe
2280	Unicorn-34261.exe
1028	Unicorn-34261.exe
2760	Unicorn-14971.exe
1996	Unicorn-17718.exe
540	Unicorn-63903.exe
1152	Unicorn-14629.exe
660	Unicorn-37785.exe
1288	Unicorn-2782.exe
3032	Unicorn-47904.exe
2344	Unicorn-19830.exe
1308	Unicorn-35289.exe
2508	Unicorn-53270.exe
2852	Unicorn-33404.exe
2028	Unicorn-33212.exe
2008	Unicorn-48480.exe
2836	Unicorn-60089.exe
2900	Unicorn-59897.exe
2036	Unicorn-59897.exe
1696	Unicorn-44630.exe
2288	Unicorn-51791.exe
2276	Unicorn-51791.exe

Loads dropped DLL 64 IoCs

Processes:

a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exeUnicorn-62750.exeUnicorn-2815.exeUnicorn-999.exeWerFault.exeUnicorn-36297.exeUnicorn-56163.exeWerFault.exeWerFault.exeUnicorn-56163.exeUnicorn-61973.exeUnicorn-9243.exeUnicorn-40292.exeUnicorn-9243.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
1640	Unicorn-62750.exe
1640	Unicorn-62750.exe
1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
1640	Unicorn-62750.exe
1640	Unicorn-62750.exe
2168	Unicorn-2815.exe
3004	Unicorn-999.exe
2168	Unicorn-2815.exe
3004	Unicorn-999.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
1724	Unicorn-36297.exe
1724	Unicorn-36297.exe
2736	Unicorn-56163.exe
2736	Unicorn-56163.exe
3004	Unicorn-999.exe
2168	Unicorn-2815.exe
3004	Unicorn-999.exe
2168	Unicorn-2815.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
2352	WerFault.exe
1512	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
1512	WerFault.exe
2352	WerFault.exe
2756	Unicorn-56163.exe
2756	Unicorn-56163.exe
1724	Unicorn-36297.exe
1724	Unicorn-36297.exe
776	Unicorn-61973.exe
776	Unicorn-61973.exe
2748	Unicorn-9243.exe
2748	Unicorn-9243.exe
1200	Unicorn-40292.exe
1200	Unicorn-40292.exe
2696	Unicorn-9243.exe
2696	Unicorn-9243.exe
2736	Unicorn-56163.exe
2736	Unicorn-56163.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2672	1976	WerFault.exe	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
2864	1640	WerFault.exe	Unicorn-62750.exe
2352	3004	WerFault.exe	Unicorn-999.exe
1512	2168	WerFault.exe	Unicorn-2815.exe
796	1724	WerFault.exe	Unicorn-36297.exe
1040	2736	WerFault.exe	Unicorn-56163.exe
1168	2756	WerFault.exe	Unicorn-56163.exe
1720	2748	WerFault.exe	Unicorn-9243.exe
2016	1200	WerFault.exe	Unicorn-40292.exe
1584	2696	WerFault.exe	Unicorn-9243.exe
332	1812	WerFault.exe	Unicorn-9285.exe
1868	1452	WerFault.exe	Unicorn-16406.exe
1328	2228	WerFault.exe	Unicorn-62077.exe
2396	2108	WerFault.exe	Unicorn-23225.exe
2628	2768	WerFault.exe	Unicorn-23033.exe
2820	2804	WerFault.exe	Unicorn-3359.exe
2116	2100	WerFault.exe	Unicorn-29919.exe
1964	1716	WerFault.exe	Unicorn-5456.exe
2284	3024	WerFault.exe	Unicorn-29105.exe
1952	2376	WerFault.exe	Unicorn-23075.exe
384	3068	WerFault.exe	Unicorn-53671.exe
2392	1544	WerFault.exe	Unicorn-23843.exe
2088	288	WerFault.exe	Unicorn-8959.exe
1684	1604	WerFault.exe	Unicorn-54631.exe
2404	904	WerFault.exe	Unicorn-24419.exe
2068	1992	WerFault.exe	Unicorn-4553.exe
996	936	WerFault.exe	Unicorn-8767.exe
1788	2904	WerFault.exe	Unicorn-56577.exe
2648	2332	WerFault.exe	Unicorn-48786.exe
1600	2932	WerFault.exe	Unicorn-47250.exe
1292	832	WerFault.exe	Unicorn-44572.exe
2492	2372	WerFault.exe	Unicorn-44572.exe
2248	1608	WerFault.exe	Unicorn-14395.exe
2264	2280	WerFault.exe	Unicorn-34261.exe
3076	2380	WerFault.exe	Unicorn-28920.exe
3512	2908	WerFault.exe	Unicorn-41796.exe
3712	1536	WerFault.exe	Unicorn-12963.exe
3812	2080	WerFault.exe	Unicorn-43996.exe
3980	1288	WerFault.exe	Unicorn-2782.exe
3228	2564	WerFault.exe	Unicorn-40799.exe
3232	540	WerFault.exe	Unicorn-63903.exe
3308	2852	WerFault.exe	Unicorn-33404.exe
3408	2556	WerFault.exe	Unicorn-60857.exe
3452	2508	WerFault.exe	Unicorn-53270.exe
3500	2836	WerFault.exe	Unicorn-60089.exe
3564	2588	WerFault.exe	Unicorn-19310.exe
3560	2028	WerFault.exe	Unicorn-33212.exe
3708	2752	WerFault.exe	Unicorn-45828.exe
3768	2656	WerFault.exe	Unicorn-60857.exe
3896	1996	WerFault.exe	Unicorn-17718.exe
3936	2072	WerFault.exe	Unicorn-64437.exe
3968	1308	WerFault.exe	Unicorn-35289.exe
3160	1028	WerFault.exe	Unicorn-34261.exe
3216	2344	WerFault.exe	Unicorn-19830.exe
3400	2524	WerFault.exe	Unicorn-39176.exe
3444	2624	WerFault.exe	Unicorn-60057.exe
3744	2884	WerFault.exe	Unicorn-48978.exe
3804	2288	WerFault.exe	Unicorn-51791.exe
3840	2572	WerFault.exe	Unicorn-63861.exe
3132	660	WerFault.exe	Unicorn-37785.exe
3324	2900	WerFault.exe	Unicorn-59897.exe
3388	1696	WerFault.exe	Unicorn-44630.exe
3360	1548	WerFault.exe	Unicorn-16329.exe
3596	2724	WerFault.exe	Unicorn-31957.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exeUnicorn-62750.exeUnicorn-999.exeUnicorn-2815.exeUnicorn-36297.exeUnicorn-56163.exeUnicorn-56163.exeUnicorn-61973.exeUnicorn-40292.exeUnicorn-9243.exeUnicorn-9243.exeUnicorn-9285.exeUnicorn-62077.exeUnicorn-16406.exeUnicorn-3359.exeUnicorn-23033.exeUnicorn-23225.exeUnicorn-29919.exeUnicorn-5456.exeUnicorn-29105.exeUnicorn-23075.exeUnicorn-53671.exeUnicorn-23843.exeUnicorn-8959.exeUnicorn-4553.exeUnicorn-8767.exeUnicorn-54631.exeUnicorn-24419.exeUnicorn-56577.exeUnicorn-28920.exeUnicorn-48786.exeUnicorn-48978.exeUnicorn-44572.exeUnicorn-44572.exeUnicorn-64437.exeUnicorn-31957.exeUnicorn-47250.exeUnicorn-60057.exeUnicorn-41796.exeUnicorn-63861.exeUnicorn-43996.exeUnicorn-14395.exeUnicorn-12963.exeUnicorn-34261.exeUnicorn-45828.exeUnicorn-34261.exeUnicorn-14971.exeUnicorn-17718.exeUnicorn-63903.exeUnicorn-14629.exeUnicorn-37785.exeUnicorn-2782.exeUnicorn-47904.exeUnicorn-19830.exeUnicorn-35289.exeUnicorn-53270.exeUnicorn-33212.exeUnicorn-33404.exeUnicorn-48480.exeUnicorn-60089.exeUnicorn-59897.exeUnicorn-59897.exeUnicorn-44630.exeUnicorn-51791.exe

pid	process
1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
1640	Unicorn-62750.exe
3004	Unicorn-999.exe
2168	Unicorn-2815.exe
1724	Unicorn-36297.exe
2736	Unicorn-56163.exe
2756	Unicorn-56163.exe
776	Unicorn-61973.exe
1200	Unicorn-40292.exe
2748	Unicorn-9243.exe
2696	Unicorn-9243.exe
1812	Unicorn-9285.exe
2228	Unicorn-62077.exe
1452	Unicorn-16406.exe
2804	Unicorn-3359.exe
2768	Unicorn-23033.exe
2108	Unicorn-23225.exe
2100	Unicorn-29919.exe
1716	Unicorn-5456.exe
3024	Unicorn-29105.exe
2376	Unicorn-23075.exe
3068	Unicorn-53671.exe
1544	Unicorn-23843.exe
288	Unicorn-8959.exe
1992	Unicorn-4553.exe
936	Unicorn-8767.exe
1604	Unicorn-54631.exe
904	Unicorn-24419.exe
2904	Unicorn-56577.exe
2380	Unicorn-28920.exe
2332	Unicorn-48786.exe
2884	Unicorn-48978.exe
832	Unicorn-44572.exe
2372	Unicorn-44572.exe
2072	Unicorn-64437.exe
2724	Unicorn-31957.exe
2932	Unicorn-47250.exe
2624	Unicorn-60057.exe
2908	Unicorn-41796.exe
2572	Unicorn-63861.exe
2080	Unicorn-43996.exe
1608	Unicorn-14395.exe
1536	Unicorn-12963.exe
1028	Unicorn-34261.exe
2752	Unicorn-45828.exe
2280	Unicorn-34261.exe
2760	Unicorn-14971.exe
1996	Unicorn-17718.exe
540	Unicorn-63903.exe
1152	Unicorn-14629.exe
660	Unicorn-37785.exe
1288	Unicorn-2782.exe
3032	Unicorn-47904.exe
2344	Unicorn-19830.exe
1308	Unicorn-35289.exe
2508	Unicorn-53270.exe
2028	Unicorn-33212.exe
2852	Unicorn-33404.exe
2008	Unicorn-48480.exe
2836	Unicorn-60089.exe
2900	Unicorn-59897.exe
2036	Unicorn-59897.exe
1696	Unicorn-44630.exe
2288	Unicorn-51791.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exeUnicorn-62750.exeUnicorn-2815.exeUnicorn-999.exeUnicorn-36297.exeUnicorn-56163.exeUnicorn-56163.exe

description	pid	process	target process
PID 1976 wrote to memory of 1640	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-62750.exe
PID 1976 wrote to memory of 1640	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-62750.exe
PID 1976 wrote to memory of 1640	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-62750.exe
PID 1976 wrote to memory of 1640	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-62750.exe
PID 1640 wrote to memory of 3004	1640	Unicorn-62750.exe	Unicorn-999.exe
PID 1640 wrote to memory of 3004	1640	Unicorn-62750.exe	Unicorn-999.exe
PID 1640 wrote to memory of 3004	1640	Unicorn-62750.exe	Unicorn-999.exe
PID 1640 wrote to memory of 3004	1640	Unicorn-62750.exe	Unicorn-999.exe
PID 1976 wrote to memory of 2168	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-2815.exe
PID 1976 wrote to memory of 2168	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-2815.exe
PID 1976 wrote to memory of 2168	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-2815.exe
PID 1976 wrote to memory of 2168	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	Unicorn-2815.exe
PID 1976 wrote to memory of 2672	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	WerFault.exe
PID 1976 wrote to memory of 2672	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	WerFault.exe
PID 1976 wrote to memory of 2672	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	WerFault.exe
PID 1976 wrote to memory of 2672	1976	a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe	WerFault.exe
PID 1640 wrote to memory of 1724	1640	Unicorn-62750.exe	Unicorn-36297.exe
PID 1640 wrote to memory of 1724	1640	Unicorn-62750.exe	Unicorn-36297.exe
PID 1640 wrote to memory of 1724	1640	Unicorn-62750.exe	Unicorn-36297.exe
PID 1640 wrote to memory of 1724	1640	Unicorn-62750.exe	Unicorn-36297.exe
PID 2168 wrote to memory of 2756	2168	Unicorn-2815.exe	Unicorn-56163.exe
PID 2168 wrote to memory of 2756	2168	Unicorn-2815.exe	Unicorn-56163.exe
PID 2168 wrote to memory of 2756	2168	Unicorn-2815.exe	Unicorn-56163.exe
PID 2168 wrote to memory of 2756	2168	Unicorn-2815.exe	Unicorn-56163.exe
PID 3004 wrote to memory of 2736	3004	Unicorn-999.exe	Unicorn-56163.exe
PID 3004 wrote to memory of 2736	3004	Unicorn-999.exe	Unicorn-56163.exe
PID 3004 wrote to memory of 2736	3004	Unicorn-999.exe	Unicorn-56163.exe
PID 3004 wrote to memory of 2736	3004	Unicorn-999.exe	Unicorn-56163.exe
PID 1640 wrote to memory of 2864	1640	Unicorn-62750.exe	WerFault.exe
PID 1640 wrote to memory of 2864	1640	Unicorn-62750.exe	WerFault.exe
PID 1640 wrote to memory of 2864	1640	Unicorn-62750.exe	WerFault.exe
PID 1640 wrote to memory of 2864	1640	Unicorn-62750.exe	WerFault.exe
PID 1724 wrote to memory of 776	1724	Unicorn-36297.exe	Unicorn-61973.exe
PID 1724 wrote to memory of 776	1724	Unicorn-36297.exe	Unicorn-61973.exe
PID 1724 wrote to memory of 776	1724	Unicorn-36297.exe	Unicorn-61973.exe
PID 1724 wrote to memory of 776	1724	Unicorn-36297.exe	Unicorn-61973.exe
PID 2736 wrote to memory of 1200	2736	Unicorn-56163.exe	Unicorn-40292.exe
PID 2736 wrote to memory of 1200	2736	Unicorn-56163.exe	Unicorn-40292.exe
PID 2736 wrote to memory of 1200	2736	Unicorn-56163.exe	Unicorn-40292.exe
PID 2736 wrote to memory of 1200	2736	Unicorn-56163.exe	Unicorn-40292.exe
PID 3004 wrote to memory of 2748	3004	Unicorn-999.exe	Unicorn-9243.exe
PID 3004 wrote to memory of 2748	3004	Unicorn-999.exe	Unicorn-9243.exe
PID 3004 wrote to memory of 2748	3004	Unicorn-999.exe	Unicorn-9243.exe
PID 3004 wrote to memory of 2748	3004	Unicorn-999.exe	Unicorn-9243.exe
PID 2168 wrote to memory of 2696	2168	Unicorn-2815.exe	Unicorn-9243.exe
PID 2168 wrote to memory of 2696	2168	Unicorn-2815.exe	Unicorn-9243.exe
PID 2168 wrote to memory of 2696	2168	Unicorn-2815.exe	Unicorn-9243.exe
PID 2168 wrote to memory of 2696	2168	Unicorn-2815.exe	Unicorn-9243.exe
PID 2168 wrote to memory of 1512	2168	Unicorn-2815.exe	WerFault.exe
PID 3004 wrote to memory of 2352	3004	Unicorn-999.exe	WerFault.exe
PID 2168 wrote to memory of 1512	2168	Unicorn-2815.exe	WerFault.exe
PID 2168 wrote to memory of 1512	2168	Unicorn-2815.exe	WerFault.exe
PID 3004 wrote to memory of 2352	3004	Unicorn-999.exe	WerFault.exe
PID 3004 wrote to memory of 2352	3004	Unicorn-999.exe	WerFault.exe
PID 2168 wrote to memory of 1512	2168	Unicorn-2815.exe	WerFault.exe
PID 3004 wrote to memory of 2352	3004	Unicorn-999.exe	WerFault.exe
PID 2756 wrote to memory of 1812	2756	Unicorn-56163.exe	Unicorn-9285.exe
PID 2756 wrote to memory of 1812	2756	Unicorn-56163.exe	Unicorn-9285.exe
PID 2756 wrote to memory of 1812	2756	Unicorn-56163.exe	Unicorn-9285.exe
PID 2756 wrote to memory of 1812	2756	Unicorn-56163.exe	Unicorn-9285.exe
PID 1724 wrote to memory of 2228	1724	Unicorn-36297.exe	Unicorn-62077.exe
PID 1724 wrote to memory of 2228	1724	Unicorn-36297.exe	Unicorn-62077.exe
PID 1724 wrote to memory of 2228	1724	Unicorn-36297.exe	Unicorn-62077.exe
PID 1724 wrote to memory of 2228	1724	Unicorn-36297.exe	Unicorn-62077.exe

C:\Users\Admin\AppData\Local\Temp\a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe
"C:\Users\Admin\AppData\Local\Temp\a8fe84b5e2e27bbe3e93d4c4144586d3ac63cbab5ae0fa6d22f8704437047562.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-37785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37785.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:660

C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
10⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
11⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
12⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
13⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
14⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
15⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
15⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
14⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
13⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
12⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
11⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
12⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
13⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
14⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
14⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 220
13⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
12⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
11⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
10⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
11⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
12⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
13⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
14⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
14⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
13⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 220
12⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
11⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 240
10⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
9⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
11⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
12⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
13⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
14⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
14⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 220
14⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
13⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
12⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
11⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
10⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
9⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
9⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
10⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
11⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
12⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
13⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
14⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
15⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
14⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
13⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 220
12⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
11⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
10⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
11⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
12⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
13⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 220
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 220
12⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
11⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-8146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8146.exe
12⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
13⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
13⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
12⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
11⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
9⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
8⤵
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
9⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
10⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
11⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-30433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30433.exe
12⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 236
13⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
12⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
11⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 216
10⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
9⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
10⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 240
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
11⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
8⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
7⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
9⤵
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 220
10⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
9⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
8⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
11⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
12⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
12⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
11⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
9⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
8⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
7⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
11⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
12⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 220
12⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
11⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
10⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
9⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
8⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
7⤵
- Program crash
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
6⤵
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
9⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
10⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
11⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
12⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
13⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
14⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
13⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 236
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
11⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
11⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
11⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
12⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
13⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 220
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
8⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
10⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 220
11⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
9⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
8⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 220
12⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
11⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
8⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
7⤵
- Program crash
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
7⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
11⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
12⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
11⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
8⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
7⤵
- Program crash
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
6⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
9⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
11⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
12⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
13⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 220
11⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
10⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
9⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
8⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-24041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24041.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
10⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
11⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
12⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 236
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
10⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
9⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 220
8⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
7⤵
- Executes dropped EXE
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
10⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-13624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13624.exe
11⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
12⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
11⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
8⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
7⤵
- Program crash
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
8⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-28704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28704.exe
10⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
12⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
12⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 220
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
10⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 216
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
8⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
7⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
9⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-53711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53711.exe
10⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
11⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
10⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
9⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
6⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
8⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
10⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
11⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
11⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 236
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 236
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
7⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-2558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2558.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-63567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63567.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
10⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
11⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
11⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
7⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
6⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
11⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
12⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16882.exe
13⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
12⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
8⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
7⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
8⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
9⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
10⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
11⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
10⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
9⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
8⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
7⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
6⤵
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
5⤵
- Program crash
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
9⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
11⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
12⤵
PID:8904

C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
13⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 236
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
12⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
11⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 216
10⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
9⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
8⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
10⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
11⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 236
12⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
11⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
9⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
8⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
11⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
12⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
13⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 236
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
10⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
7⤵
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
12⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
13⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
13⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
12⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
11⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
10⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
11⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
11⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
9⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
7⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
10⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
11⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
12⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 236
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 216
8⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
7⤵
- Program crash
PID:1292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 220
6⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-31957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31957.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
8⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
10⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
11⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
12⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 220
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
8⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
10⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
11⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
9⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
8⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
7⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
10⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
11⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 216
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
10⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
8⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
7⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
6⤵
- Program crash
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
8⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
11⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
12⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
12⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
11⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
9⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
8⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
7⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
9⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
10⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
11⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 236
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
10⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
9⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 216
8⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
7⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
11⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 236
11⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
10⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
8⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
7⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
6⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
6⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
9⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
10⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
10⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
9⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
8⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
7⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
6⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
5⤵
- Program crash
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-43377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43377.exe
8⤵
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
11⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
12⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
13⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
13⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 220
12⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
11⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
11⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
12⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-960.exe
13⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
12⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 236
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
10⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
9⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
8⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
7⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
10⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
11⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
12⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 236
11⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
9⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
8⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
7⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
7⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
10⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
11⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
11⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
10⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
7⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
9⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 236
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
10⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
9⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
8⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
7⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
6⤵
- Program crash
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
7⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
11⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
12⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 220
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
9⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
7⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-33501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33501.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
10⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
11⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 220
7⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
6⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
7⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
8⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
9⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
10⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
10⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 236
9⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
8⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
7⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
6⤵
- Program crash
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
5⤵
- Program crash
PID:332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
4⤵
- Loads dropped DLL
- Program crash
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
10⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
11⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 236
11⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
10⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
8⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
7⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
11⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
11⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
10⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
7⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-8703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8703.exe
6⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
7⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
10⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-42408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42408.exe
11⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
10⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-27080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27080.exe
7⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
8⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
9⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
10⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
11⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
10⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
9⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
8⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
7⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
6⤵
- Program crash
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
6⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
7⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
10⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
11⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
8⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
7⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
6⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
8⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
9⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
10⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
10⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
9⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
8⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
7⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
6⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
5⤵
- Program crash
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
6⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
7⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
8⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
9⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
10⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
11⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 236
11⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
10⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
9⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
8⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
7⤵
- Program crash
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
6⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
7⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
8⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-47130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47130.exe
9⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
10⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 236
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 220
9⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
8⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
7⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
6⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exe
5⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
6⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
7⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
8⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
9⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
10⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
10⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
9⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
7⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
6⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
5⤵
- Program crash
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
4⤵
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
2⤵
- Program crash
PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe

Filesize
184KB

MD5
ec7a7915f0aae39066782f7b0d5a52b6

SHA1
9cdeb5af4bf8fcb62ac1a60ac0cf01028e3f0420

SHA256
ef70893c2378ca77211bef22c77caddcd2870a94e401011d7e238c52dda1eb92

SHA512
5f52f6c78a262a1e76e249e33da286c119b3d94ce4a1a9ee9d984df5209d5045577f2f6c430c2900c5d3bc08363119c96b06aa19046f7a86b0cca217cc2fde1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe

Filesize
184KB

MD5
4cfdf4bf21c9f6d2313dc39eb84f2699

SHA1
a08f6658169dfc717b0f734735fc8d88f6731dea

SHA256
54d1558dee65c0eb268af7c7dbe5bf61585fcf35fdea3a759e7f8ad6f7b5f693

SHA512
10f4dd3372a187d176cca52a73d150021f15f65414b14d6e827da19c9c30c38bba0f46f26580cd88c1ab7d3aadff3d509a3fe0d3585183c5e15d137b1df1af0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe

Filesize
184KB

MD5
5f5a28327d6d445361a6d190e4c13db5

SHA1
6b777c613909fb0b3d08faf69a20653735f75760

SHA256
448a58003324afd6edeb1b448b71adff458c6cb41225265b4122144be53ed6b7

SHA512
24fbcf59b4e23b6d407e9e6c83aeff6d1864de70271e30a35a99a800d816d0fc332eade5c1dc3275ebc4662bffd1ed4784640625cc60326ca52866272d9317c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe

Filesize
184KB

MD5
ed297327a8f24c79dcd2aa71f86934cb

SHA1
bc0f7463b085688bec09a8f1240b6b13f3888f78

SHA256
89ba1b29889351ba0114da0a14662515ff25b97b9900e05f252cfd527fa9b7ca

SHA512
1c33394d5ea286cc7c1b37da9fb24df3e215d70f4728217746f460c9383879153913ce5c39f80752cd55bfecbbe6615c0c9cf818596cc0c5f7141c146d2c5a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe

Filesize
184KB

MD5
969d361f6bddfd6f4594f40acf0f0212

SHA1
ec91aefe2b17c37e034d84efc7ca643fb66dac5c

SHA256
e24ede1e3cf4eab14a5505329df3532db793edf88fd24382fd0b10a143c9dc2a

SHA512
e9b8987c89aa8db62ea6dc93b45fcae1d2acbb36b8c8c13bf90cdfd8ec39ecc5ea5bcad0cc072700fe799ee9ec0cd85f0493058efd9b054242a7e21b788c0e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe

Filesize
184KB

MD5
13131f04b37fb7ca076d7a752425d10d

SHA1
8694ea6b0ca13bd2fb4b591ef3340f567332239b

SHA256
344ab8b8420f3eb05a3d27d707a9f6127f24d56e35781e00881c09c958b5a8a8

SHA512
efedfab123fd8a401fe4438eccb86ce2dcd2067f8ed8648cf0c005f8d893a32e4de47d52a8fcfab7a4c53b8384096f53bdf0e95e418cb8aa6a4234b58974163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe

Filesize
184KB

MD5
d449b84c6ae3c909e3bd7d9ad10c5da7

SHA1
1fd1172428b211bfb86e9a72fea1e1a8406adbcc

SHA256
fcb914f1d10f14fe82844fa7c848d790f7f6f9de3c0de5bd3465d0c785985460

SHA512
fba1abe03136504a691e9c03209b75b6ab58653770c00f95e68fec071609d48b58c63569326a05241056d7059eb03dc2750264f0f330fdd4ade04bc8b534e936

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe

Filesize
184KB

MD5
bfcb798becdcb5e266ada3741b599829

SHA1
3a44c162a0c1937165a16f65100e301c237249f2

SHA256
9c7bb3c129ff382107fa9d6bdb6c30d8419c503b717cb3abb7eaba6d99e0eaf3

SHA512
a97adc70a4c8bbde42e17858883e733847e8b2e1f17bd1a4a10dbe3dc54e1366af7fc6d52e1ccc0a777ad4304ffd94d7ec33591c2afef7e24b083fb477896bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe

Filesize
184KB

MD5
0b5286728553b3dfb0946418cf0393f6

SHA1
d02f300d8273b6b9ba7fe3dc3fd0a02a3da577ea

SHA256
a9b16788e946f8c4ad6e236a6688224829a9b7361a70e3800dea71a7a413e7ac

SHA512
e893b15935502519621ca72a4c1b586031fe53c671f006bfd67745c0d01cbcfb192be733f234a68f91a23a58ee095896973a6c05223b2554c7aff9a9e0bea6a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe

Filesize
184KB

MD5
f05f8269b77b0aec4f4bd43cd08f0114

SHA1
0c6e57b1126c1427e3cbb5e9a70ee6f4bc1b41d2

SHA256
db7fae6f4b16e1e5e574b27447459fd15458bbb8fe3fb7a6adba503a1e802f81

SHA512
afd2550d138d813386d140e4196c406dfeba844305c62358d0d5c55e4a09361a54eefe0d1a7e4c87ff3180d981bcf475669c26436fb817690f4bc853099de6c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe

Filesize
184KB

MD5
ba907548a2defa9f215959c40c736d3b

SHA1
7f2ee1c350889b80837186edda973cbd323fbb64

SHA256
502a0adf3b8a5c635aa383b85b018386f6e2c76ac5a5686e6cad175d5fa902ec

SHA512
4515a019e72d90a39e3b7b64b384f9ca3ba10ca4594c22beebea544a8752e4925f6fd3f619fca7ccf690658adf1bfa7ad20382e96b42bf158775f7351acb6bde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe

Filesize
184KB

MD5
628e264fde53b3cd44dd651420b18fc8

SHA1
2c0ada9b7d37be53d9e67fc8305b31fcfdeae7a4

SHA256
68b618e37a92b7d1090fa4e69f9436a0d2ca096b0c5d56d5a3300abdf358250c

SHA512
b6197b9963aeb7ade364e87d0ce187e3e3e9e71dcada16e1d1f786eaa61acdf458d776660804aa6304d1e758be28491f1e0f640b17b7c5392f56b692ea735675

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe

Filesize
184KB

MD5
24a7161896da392bc533a74343470fd8

SHA1
32d9be63ee0687fc000e92177302af7cca4643fc

SHA256
4bd9a8e259e837eb03202bf34e5c555182ad8489d3b78ba73d6d4d9529b89690

SHA512
3b4fec3c0484d12737a73ff4f5b30f2f681f33f93fa84c820c08845eb50218653628697ca390003f2a85349a41422293a099d01b2f201cecb36e14be9a4a73d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe

Filesize
184KB

MD5
cc22808cba8a40b14a15845fa59f2cb7

SHA1
5126ab74d67f8b32b48415a0292a23ca1d57a0b0

SHA256
2b072998d76af8e6b92d5af4a265a8521de9cb493e01ba39540dff7356617a27

SHA512
f3f5b11b47da943d913c61718140d5c6c9b267791bfa0db9dffa363ac535490d94eb35413518d6c1894bbfe6477d755e90fc0d2fab44c96e2185f61cb858b6ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe

Filesize
184KB

MD5
dc4df732080253585c2afd30c2ac8925

SHA1
80308bf827bdb972d288a9eaa59210de9c490763

SHA256
d34d13aad49d111064480b5c7384236047690c75fa6162dd8d8dc55fec85edad

SHA512
382172bd95296664e452ca6d66e211ab3037b618c10abeb98144fb8268079a30a1de077ffe835de1bb69d8d4032450694a2bb5474964bbce8c936e7512262835

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe

Filesize
184KB

MD5
911c26e5ac8e9c8a798dfc8e06d148b8

SHA1
cf3eb48ab1ad7a1517e710619a5caa80757cfd03

SHA256
d1c148e485c610ecf8b83889f72333b20dec7c6f406d00d89f7f50f501611869

SHA512
1c28bcae9ddf1d81f347ba944efc27ed79bf54ca35c60d7cd2aefce14099657e52cb2827f39f83d8fe332134c43846d97f9d3a60dcc183b0cd725b769c0bb4b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe

Filesize
184KB

MD5
fca97d1987ad7b88fa56fc0c716962d2

SHA1
a88b749c1c67f4866538a490eaee98f6a0a84aab

SHA256
0833cef08c979d1b7b0fa124f7d90aa97dc10f391e73a8d63d2c1cd94b1ced80

SHA512
4c3da969c9d759f34136bacc3958d7f2f5015b3a7fe921890a6563bf8bbd57e4b2fb1ff9bd762c42af6f0aa98c0fc677a673bbe16e3edb6a5e6e0e621478b589

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe

Filesize
184KB

MD5
af050da0ba70d789574b4932169608b3

SHA1
8ef91d10a58a35ff5cc4dc9fe24f3ea5044d75be

SHA256
eab0b929e50b2f67242268c22e266492754a6431b4a797c0dc2bd896bfa448f8

SHA512
5dc2064b993faf2e32fd32e19a89c4703fa7960b51b4295feeb674d0b608e7f0e14ff7c87988f7e1d967a1b2cd310d6581fdc47cfae915056200acd34355c50b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-999.exe

Filesize
184KB

MD5
c2479bad5fea03a24129b29115bf73ad

SHA1
af6198e0f3762f47f2ba3f44c78d7cf28de22e06

SHA256
62d0b4fa7e0466f42056d495c4f271d205af2fd243dee0cbf2a08c53afcf43ac

SHA512
b712ac6d126716198e28281f8fd0cb421c49590c4f6ba326c0226b93218bedf23afbf2dab813b3af936ff54960b8da77be78fad5083f2f09d748616f8dc0d156

Download Submit