b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
Size

184KB
MD5

c2ed6959c41872f9beb851c914e3687d
SHA1

b356cd76f7d6e2952d965dda732270fc9947953c
SHA256

b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120
SHA512

8ed554cd1deb20b18760075ee4d73882a43c7a16ac8059f132ce5845cc0f57424256fd6b3db9f357f66bbc787a50f94ad416765ce052a3b11a00c557c99e972c
SSDEEP

3072:Zd73yxo59VeFdH6cedcLRKsshlnniF/n3:ZdooYjH62LYsshlnniF/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-44949.exeUnicorn-16425.exeUnicorn-354.exeUnicorn-57521.exeUnicorn-53115.exeUnicorn-7251.exeUnicorn-25829.exeUnicorn-45695.exeUnicorn-58694.exeUnicorn-9457.exeUnicorn-62688.exeUnicorn-10342.exeUnicorn-30208.exeUnicorn-63264.exeUnicorn-43590.exeUnicorn-48594.exeUnicorn-35979.exeUnicorn-16113.exeUnicorn-51438.exeUnicorn-58065.exeUnicorn-42990.exeUnicorn-23124.exeUnicorn-55989.exeUnicorn-25777.exeUnicorn-54495.exeUnicorn-30492.exeUnicorn-10626.exeUnicorn-15224.exeUnicorn-63740.exeUnicorn-26853.exeUnicorn-14046.exeUnicorn-44451.exeUnicorn-44223.exeUnicorn-44223.exeUnicorn-9090.exeUnicorn-44415.exeUnicorn-44415.exeUnicorn-57414.exeUnicorn-1561.exeUnicorn-15629.exeUnicorn-35386.exeUnicorn-51037.exeUnicorn-60964.exeUnicorn-16061.exeUnicorn-29443.exeUnicorn-64768.exeUnicorn-35.exeUnicorn-35552.exeUnicorn-3071.exeUnicorn-33475.exeUnicorn-31529.exeUnicorn-51395.exeUnicorn-51395.exeUnicorn-36128.exeUnicorn-995.exeUnicorn-36320.exeUnicorn-36320.exeUnicorn-36320.exeUnicorn-19107.exeUnicorn-64778.exeUnicorn-49511.exeUnicorn-55272.exeUnicorn-2734.exeUnicorn-55848.exe

pid	process
2456	Unicorn-44949.exe
2668	Unicorn-16425.exe
2640	Unicorn-354.exe
2420	Unicorn-57521.exe
2364	Unicorn-53115.exe
2124	Unicorn-7251.exe
2588	Unicorn-25829.exe
2704	Unicorn-45695.exe
1912	Unicorn-58694.exe
1240	Unicorn-9457.exe
1248	Unicorn-62688.exe
2892	Unicorn-10342.exe
1648	Unicorn-30208.exe
2460	Unicorn-63264.exe
604	Unicorn-43590.exe
2700	Unicorn-48594.exe
912	Unicorn-35979.exe
3016	Unicorn-16113.exe
2984	Unicorn-51438.exe
692	Unicorn-58065.exe
1340	Unicorn-42990.exe
2324	Unicorn-23124.exe
2264	Unicorn-55989.exe
932	Unicorn-25777.exe
2328	Unicorn-54495.exe
1804	Unicorn-30492.exe
1860	Unicorn-10626.exe
2688	Unicorn-15224.exe
2472	Unicorn-63740.exe
1464	Unicorn-26853.exe
2636	Unicorn-14046.exe
2004	Unicorn-44451.exe
2620	Unicorn-44223.exe
2372	Unicorn-44223.exe
2676	Unicorn-9090.exe
2376	Unicorn-44415.exe
2380	Unicorn-44415.exe
2484	Unicorn-57414.exe
2716	Unicorn-1561.exe
1764	Unicorn-15629.exe
1612	Unicorn-35386.exe
2100	Unicorn-51037.exe
2732	Unicorn-60964.exe
2736	Unicorn-16061.exe
2864	Unicorn-29443.exe
2204	Unicorn-64768.exe
540	Unicorn-35.exe
1688	Unicorn-35552.exe
708	Unicorn-3071.exe
2332	Unicorn-33475.exe
3004	Unicorn-31529.exe
2932	Unicorn-51395.exe
2960	Unicorn-51395.exe
860	Unicorn-36128.exe
1492	Unicorn-995.exe
972	Unicorn-36320.exe
832	Unicorn-36320.exe
1868	Unicorn-36320.exe
1080	Unicorn-19107.exe
1908	Unicorn-64778.exe
2124	Unicorn-49511.exe
2648	Unicorn-55272.exe
2516	Unicorn-2734.exe
2384	Unicorn-55848.exe

Loads dropped DLL 64 IoCs

Processes:

b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exeUnicorn-44949.exeUnicorn-16425.exeUnicorn-354.exeWerFault.exeUnicorn-57521.exeUnicorn-53115.exeWerFault.exeWerFault.exeUnicorn-45695.exeUnicorn-25829.exeUnicorn-58694.exeWerFault.exeWerFault.exeUnicorn-9457.exeUnicorn-62688.exeUnicorn-10342.exeUnicorn-63264.exe

pid	process
2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
2456	Unicorn-44949.exe
2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
2456	Unicorn-44949.exe
2668	Unicorn-16425.exe
2640	Unicorn-354.exe
2456	Unicorn-44949.exe
2640	Unicorn-354.exe
2456	Unicorn-44949.exe
2668	Unicorn-16425.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
2640	Unicorn-354.exe
2640	Unicorn-354.exe
2420	Unicorn-57521.exe
2420	Unicorn-57521.exe
2668	Unicorn-16425.exe
2668	Unicorn-16425.exe
2364	Unicorn-53115.exe
2364	Unicorn-53115.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1524	WerFault.exe
1440	WerFault.exe
2704	Unicorn-45695.exe
2704	Unicorn-45695.exe
2420	Unicorn-57521.exe
2420	Unicorn-57521.exe
2588	Unicorn-25829.exe
2588	Unicorn-25829.exe
1912	Unicorn-58694.exe
1912	Unicorn-58694.exe
2364	Unicorn-53115.exe
2364	Unicorn-53115.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
1240	Unicorn-9457.exe
1240	Unicorn-9457.exe
1248	Unicorn-62688.exe
1248	Unicorn-62688.exe
2704	Unicorn-45695.exe
2704	Unicorn-45695.exe
2892	Unicorn-10342.exe
2892	Unicorn-10342.exe
2460	Unicorn-63264.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2696	2240	WerFault.exe	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
1380	2456	WerFault.exe	Unicorn-44949.exe
1524	2668	WerFault.exe	Unicorn-16425.exe
1440	2640	WerFault.exe	Unicorn-354.exe
1424	2420	WerFault.exe	Unicorn-57521.exe
2816	2364	WerFault.exe	Unicorn-53115.exe
1880	2704	WerFault.exe	Unicorn-45695.exe
1220	2588	WerFault.exe	Unicorn-25829.exe
2308	1912	WerFault.exe	Unicorn-58694.exe
276	1240	WerFault.exe	Unicorn-9457.exe
1608	1248	WerFault.exe	Unicorn-62688.exe
2432	2892	WerFault.exe	Unicorn-10342.exe
2712	2460	WerFault.exe	Unicorn-63264.exe
2252	1648	WerFault.exe	Unicorn-30208.exe
1852	604	WerFault.exe	Unicorn-43590.exe
1544	2204	WerFault.exe	Unicorn-64768.exe
2236	2700	WerFault.exe	Unicorn-48594.exe
2492	912	WerFault.exe	Unicorn-35979.exe
2036	3016	WerFault.exe	Unicorn-16113.exe
2496	2984	WerFault.exe	Unicorn-51438.exe
2868	692	WerFault.exe	Unicorn-58065.exe
1600	932	WerFault.exe	Unicorn-25777.exe
1556	2324	WerFault.exe	Unicorn-23124.exe
332	2264	WerFault.exe	Unicorn-55989.exe
1640	1340	WerFault.exe	Unicorn-42990.exe
1288	1736	WerFault.exe	Unicorn-32692.exe
1584	2328	WerFault.exe	Unicorn-54495.exe
1264	1860	WerFault.exe	Unicorn-10626.exe
688	2688	WerFault.exe	Unicorn-15224.exe
1004	1464	WerFault.exe	Unicorn-26853.exe
1448	2636	WerFault.exe	Unicorn-14046.exe
2220	2380	WerFault.exe	Unicorn-44415.exe
2076	2620	WerFault.exe	Unicorn-44223.exe
2536	2004	WerFault.exe	Unicorn-44451.exe
3036	2484	WerFault.exe	Unicorn-57414.exe
2396	2372	WerFault.exe	Unicorn-44223.exe
2884	2676	WerFault.exe	Unicorn-9090.exe
1020	2376	WerFault.exe	Unicorn-44415.exe
3724	2716	WerFault.exe	Unicorn-1561.exe
3756	2100	WerFault.exe	Unicorn-51037.exe
3844	2736	WerFault.exe	Unicorn-16061.exe
3932	2864	WerFault.exe	Unicorn-29443.exe
3944	2732	WerFault.exe	Unicorn-60964.exe
4016	540	WerFault.exe	Unicorn-35.exe
4092	1612	WerFault.exe	Unicorn-35386.exe
3100	1764	WerFault.exe	Unicorn-15629.exe
3204	3004	WerFault.exe	Unicorn-31529.exe
3312	2124	WerFault.exe	Unicorn-49511.exe
3348	972	WerFault.exe	Unicorn-36320.exe
3500	1804	WerFault.exe	Unicorn-30492.exe
3608	832	WerFault.exe	Unicorn-36320.exe
3692	1688	WerFault.exe	Unicorn-35552.exe
3740	1080	WerFault.exe	Unicorn-19107.exe
3804	708	WerFault.exe	Unicorn-3071.exe
3104	860	WerFault.exe	Unicorn-36128.exe
3436	2332	WerFault.exe	Unicorn-33475.exe
3432	1908	WerFault.exe	Unicorn-64778.exe
3220	1492	WerFault.exe	Unicorn-995.exe
3416	2960	WerFault.exe	Unicorn-51395.exe
3964	1868	WerFault.exe	Unicorn-36320.exe
3520	2932	WerFault.exe	Unicorn-51395.exe
4144	1452	WerFault.exe	Unicorn-58235.exe
4200	2104	WerFault.exe	Unicorn-30161.exe
4220	1028	WerFault.exe	Unicorn-12371.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exeUnicorn-44949.exeUnicorn-16425.exeUnicorn-354.exeUnicorn-57521.exeUnicorn-53115.exeUnicorn-7251.exeUnicorn-25829.exeUnicorn-45695.exeUnicorn-58694.exeUnicorn-9457.exeUnicorn-62688.exeUnicorn-10342.exeUnicorn-30208.exeUnicorn-63264.exeUnicorn-43590.exeUnicorn-48594.exeUnicorn-35979.exeUnicorn-16113.exeUnicorn-51438.exeUnicorn-58065.exeUnicorn-23124.exeUnicorn-42990.exeUnicorn-55989.exeUnicorn-25777.exeUnicorn-54495.exeUnicorn-30492.exeUnicorn-15224.exeUnicorn-10626.exeUnicorn-63740.exeUnicorn-26853.exeUnicorn-44451.exeUnicorn-14046.exeUnicorn-44223.exeUnicorn-44223.exeUnicorn-44415.exeUnicorn-9090.exeUnicorn-44415.exeUnicorn-57414.exeUnicorn-1561.exeUnicorn-15629.exeUnicorn-35386.exeUnicorn-51037.exeUnicorn-60964.exeUnicorn-16061.exeUnicorn-29443.exeUnicorn-64768.exeUnicorn-35.exeUnicorn-35552.exeUnicorn-3071.exeUnicorn-51395.exeUnicorn-31529.exeUnicorn-33475.exeUnicorn-995.exeUnicorn-51395.exeUnicorn-36128.exeUnicorn-36320.exeUnicorn-19107.exeUnicorn-36320.exeUnicorn-36320.exeUnicorn-49511.exeUnicorn-64778.exeUnicorn-55272.exeUnicorn-2734.exe

pid	process
2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
2456	Unicorn-44949.exe
2668	Unicorn-16425.exe
2640	Unicorn-354.exe
2420	Unicorn-57521.exe
2364	Unicorn-53115.exe
2124	Unicorn-7251.exe
2588	Unicorn-25829.exe
2704	Unicorn-45695.exe
1912	Unicorn-58694.exe
1240	Unicorn-9457.exe
1248	Unicorn-62688.exe
2892	Unicorn-10342.exe
1648	Unicorn-30208.exe
2460	Unicorn-63264.exe
604	Unicorn-43590.exe
2700	Unicorn-48594.exe
912	Unicorn-35979.exe
3016	Unicorn-16113.exe
2984	Unicorn-51438.exe
692	Unicorn-58065.exe
2324	Unicorn-23124.exe
1340	Unicorn-42990.exe
2264	Unicorn-55989.exe
932	Unicorn-25777.exe
2328	Unicorn-54495.exe
1804	Unicorn-30492.exe
2688	Unicorn-15224.exe
1860	Unicorn-10626.exe
2472	Unicorn-63740.exe
1464	Unicorn-26853.exe
2004	Unicorn-44451.exe
2636	Unicorn-14046.exe
2372	Unicorn-44223.exe
2620	Unicorn-44223.exe
2376	Unicorn-44415.exe
2676	Unicorn-9090.exe
2380	Unicorn-44415.exe
2484	Unicorn-57414.exe
2716	Unicorn-1561.exe
1764	Unicorn-15629.exe
1612	Unicorn-35386.exe
2100	Unicorn-51037.exe
2732	Unicorn-60964.exe
2736	Unicorn-16061.exe
2864	Unicorn-29443.exe
2204	Unicorn-64768.exe
540	Unicorn-35.exe
1688	Unicorn-35552.exe
708	Unicorn-3071.exe
2932	Unicorn-51395.exe
3004	Unicorn-31529.exe
2332	Unicorn-33475.exe
1492	Unicorn-995.exe
2960	Unicorn-51395.exe
860	Unicorn-36128.exe
832	Unicorn-36320.exe
1080	Unicorn-19107.exe
1868	Unicorn-36320.exe
972	Unicorn-36320.exe
2124	Unicorn-49511.exe
1908	Unicorn-64778.exe
2648	Unicorn-55272.exe
2516	Unicorn-2734.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exeUnicorn-44949.exeUnicorn-354.exeUnicorn-16425.exeUnicorn-57521.exeUnicorn-53115.exeUnicorn-45695.exe

description	pid	process	target process
PID 2240 wrote to memory of 2456	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-44949.exe
PID 2240 wrote to memory of 2456	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-44949.exe
PID 2240 wrote to memory of 2456	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-44949.exe
PID 2240 wrote to memory of 2456	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-44949.exe
PID 2240 wrote to memory of 2668	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-16425.exe
PID 2240 wrote to memory of 2668	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-16425.exe
PID 2240 wrote to memory of 2668	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-16425.exe
PID 2240 wrote to memory of 2668	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	Unicorn-16425.exe
PID 2456 wrote to memory of 2640	2456	Unicorn-44949.exe	Unicorn-354.exe
PID 2456 wrote to memory of 2640	2456	Unicorn-44949.exe	Unicorn-354.exe
PID 2456 wrote to memory of 2640	2456	Unicorn-44949.exe	Unicorn-354.exe
PID 2456 wrote to memory of 2640	2456	Unicorn-44949.exe	Unicorn-354.exe
PID 2240 wrote to memory of 2696	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	WerFault.exe
PID 2240 wrote to memory of 2696	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	WerFault.exe
PID 2240 wrote to memory of 2696	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	WerFault.exe
PID 2240 wrote to memory of 2696	2240	b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe	WerFault.exe
PID 2640 wrote to memory of 2420	2640	Unicorn-354.exe	Unicorn-57521.exe
PID 2640 wrote to memory of 2420	2640	Unicorn-354.exe	Unicorn-57521.exe
PID 2640 wrote to memory of 2420	2640	Unicorn-354.exe	Unicorn-57521.exe
PID 2640 wrote to memory of 2420	2640	Unicorn-354.exe	Unicorn-57521.exe
PID 2456 wrote to memory of 2364	2456	Unicorn-44949.exe	Unicorn-53115.exe
PID 2456 wrote to memory of 2364	2456	Unicorn-44949.exe	Unicorn-53115.exe
PID 2456 wrote to memory of 2364	2456	Unicorn-44949.exe	Unicorn-53115.exe
PID 2456 wrote to memory of 2364	2456	Unicorn-44949.exe	Unicorn-53115.exe
PID 2668 wrote to memory of 2124	2668	Unicorn-16425.exe	Unicorn-7251.exe
PID 2668 wrote to memory of 2124	2668	Unicorn-16425.exe	Unicorn-7251.exe
PID 2668 wrote to memory of 2124	2668	Unicorn-16425.exe	Unicorn-7251.exe
PID 2668 wrote to memory of 2124	2668	Unicorn-16425.exe	Unicorn-7251.exe
PID 2456 wrote to memory of 1380	2456	Unicorn-44949.exe	WerFault.exe
PID 2456 wrote to memory of 1380	2456	Unicorn-44949.exe	WerFault.exe
PID 2456 wrote to memory of 1380	2456	Unicorn-44949.exe	WerFault.exe
PID 2456 wrote to memory of 1380	2456	Unicorn-44949.exe	WerFault.exe
PID 2640 wrote to memory of 2588	2640	Unicorn-354.exe	Unicorn-25829.exe
PID 2640 wrote to memory of 2588	2640	Unicorn-354.exe	Unicorn-25829.exe
PID 2640 wrote to memory of 2588	2640	Unicorn-354.exe	Unicorn-25829.exe
PID 2640 wrote to memory of 2588	2640	Unicorn-354.exe	Unicorn-25829.exe
PID 2420 wrote to memory of 2704	2420	Unicorn-57521.exe	Unicorn-45695.exe
PID 2420 wrote to memory of 2704	2420	Unicorn-57521.exe	Unicorn-45695.exe
PID 2420 wrote to memory of 2704	2420	Unicorn-57521.exe	Unicorn-45695.exe
PID 2420 wrote to memory of 2704	2420	Unicorn-57521.exe	Unicorn-45695.exe
PID 2668 wrote to memory of 1912	2668	Unicorn-16425.exe	Unicorn-58694.exe
PID 2668 wrote to memory of 1912	2668	Unicorn-16425.exe	Unicorn-58694.exe
PID 2668 wrote to memory of 1912	2668	Unicorn-16425.exe	Unicorn-58694.exe
PID 2668 wrote to memory of 1912	2668	Unicorn-16425.exe	Unicorn-58694.exe
PID 2364 wrote to memory of 1240	2364	Unicorn-53115.exe	Unicorn-9457.exe
PID 2364 wrote to memory of 1240	2364	Unicorn-53115.exe	Unicorn-9457.exe
PID 2364 wrote to memory of 1240	2364	Unicorn-53115.exe	Unicorn-9457.exe
PID 2364 wrote to memory of 1240	2364	Unicorn-53115.exe	Unicorn-9457.exe
PID 2668 wrote to memory of 1524	2668	Unicorn-16425.exe	WerFault.exe
PID 2668 wrote to memory of 1524	2668	Unicorn-16425.exe	WerFault.exe
PID 2668 wrote to memory of 1524	2668	Unicorn-16425.exe	WerFault.exe
PID 2668 wrote to memory of 1524	2668	Unicorn-16425.exe	WerFault.exe
PID 2640 wrote to memory of 1440	2640	Unicorn-354.exe	WerFault.exe
PID 2640 wrote to memory of 1440	2640	Unicorn-354.exe	WerFault.exe
PID 2640 wrote to memory of 1440	2640	Unicorn-354.exe	WerFault.exe
PID 2640 wrote to memory of 1440	2640	Unicorn-354.exe	WerFault.exe
PID 2704 wrote to memory of 1248	2704	Unicorn-45695.exe	Unicorn-62688.exe
PID 2704 wrote to memory of 1248	2704	Unicorn-45695.exe	Unicorn-62688.exe
PID 2704 wrote to memory of 1248	2704	Unicorn-45695.exe	Unicorn-62688.exe
PID 2704 wrote to memory of 1248	2704	Unicorn-45695.exe	Unicorn-62688.exe
PID 2420 wrote to memory of 2892	2420	Unicorn-57521.exe	Unicorn-10342.exe
PID 2420 wrote to memory of 2892	2420	Unicorn-57521.exe	Unicorn-10342.exe
PID 2420 wrote to memory of 2892	2420	Unicorn-57521.exe	Unicorn-10342.exe
PID 2420 wrote to memory of 2892	2420	Unicorn-57521.exe	Unicorn-10342.exe

C:\Users\Admin\AppData\Local\Temp\b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe
"C:\Users\Admin\AppData\Local\Temp\b5e42b325f05ada19efd33ec1df43eccaeb1d4b1176468a3b31481218e2b8120.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 200
10⤵
- Program crash
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
9⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
9⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
10⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
11⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
12⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
13⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
14⤵
PID:11708

C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
15⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11708 -s 216
15⤵
PID:13396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
14⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
13⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
12⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
11⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
10⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
11⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
12⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
13⤵
PID:12256

C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
14⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12256 -s 216
14⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
12⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
10⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
11⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
12⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
13⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
14⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 216
14⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
11⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
10⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
9⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
8⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
9⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
10⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
11⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
12⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-14516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14516.exe
13⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
14⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
15⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11580 -s 216
15⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
14⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
13⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
12⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
11⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
11⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
12⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
13⤵
PID:11696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
14⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11696 -s 220
14⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
13⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
12⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
9⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
10⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
11⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
12⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
13⤵
PID:11648

C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
14⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11648 -s 216
14⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
12⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
9⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
8⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
9⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
10⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
12⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
13⤵
PID:11380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
14⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11380 -s 216
14⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
13⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
12⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
11⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
11⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
12⤵
PID:12120

C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
13⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12120 -s 220
13⤵
PID:13848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
11⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
9⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
8⤵
- Program crash
PID:1264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
7⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
9⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
10⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-15941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15941.exe
11⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
12⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
13⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
14⤵
PID:11464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
15⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11464 -s 216
15⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
14⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
13⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
12⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
11⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
11⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 200
12⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
11⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
10⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
11⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
12⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
13⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
14⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 236
14⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
12⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
11⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
10⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
9⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
10⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
11⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
13⤵
PID:11764

C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
14⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11764 -s 216
14⤵
PID:13804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 220
12⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
11⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
11⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
12⤵
PID:11440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
13⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11440 -s 216
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
10⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
8⤵
- Program crash
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
9⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
10⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
11⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
12⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
13⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
14⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 236
14⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
12⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
11⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
10⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
10⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
11⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
12⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
13⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 216
13⤵
PID:13368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 216
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
11⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
8⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
10⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
11⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-27897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27897.exe
12⤵
PID:11844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
13⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11844 -s 216
13⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
11⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
8⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
7⤵
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
6⤵
- Program crash
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
9⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
10⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
11⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
12⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
13⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
14⤵
PID:11720

C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
15⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11720 -s 216
15⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
13⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
12⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64243.exe
10⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
11⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
12⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
13⤵
PID:11544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
14⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11544 -s 216
14⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
12⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
10⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
10⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
11⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
12⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
13⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
14⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
14⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
13⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
12⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
11⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
10⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
9⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
8⤵
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 188
9⤵
- Program crash
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
8⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
10⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
11⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 188
12⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
11⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
11⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
12⤵
PID:11900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
13⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11900 -s 216
13⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 220
12⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
11⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
12⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
13⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 216
13⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
9⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
8⤵
- Program crash
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
7⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
8⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
11⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
12⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
13⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
14⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 236
14⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 236
12⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
10⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
9⤵
- Program crash
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
10⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
11⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
12⤵
PID:11908

C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
13⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11908 -s 216
13⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 220
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
11⤵
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
9⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
8⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
7⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
9⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 188
10⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
8⤵
- Program crash
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
7⤵
- Program crash
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
6⤵
- Program crash
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44084.exe
9⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
10⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
11⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
12⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
13⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
14⤵
PID:11272

C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
15⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
14⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
13⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
12⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
11⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
11⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
12⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
13⤵
PID:12276

C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
14⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 236
13⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
11⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
9⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
8⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
10⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
12⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
13⤵
PID:11920

C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
14⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11920 -s 216
14⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 220
13⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 220
12⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
10⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
9⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
8⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
12⤵
PID:11504

C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
13⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11504 -s 220
13⤵
PID:14140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 216
8⤵
- Program crash
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
7⤵
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
10⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
11⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
12⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
13⤵
PID:11752

C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
14⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11752 -s 216
14⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 220
13⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 236
12⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
11⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
10⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
11⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
12⤵
PID:12392

C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
13⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 216
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
11⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
8⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
7⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exe
10⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
11⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
12⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
13⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11512 -s 236
13⤵
PID:13528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
12⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
8⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 220
7⤵
- Program crash
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
10⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
11⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
12⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
13⤵
PID:11824

C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
14⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11824 -s 216
14⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
12⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
11⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
12⤵
PID:11756

C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
13⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 220
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
10⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
8⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
7⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
10⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
11⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
12⤵
PID:11620

C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
13⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
11⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
8⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
7⤵
- Program crash
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
10⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
12⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
13⤵
PID:13408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
11⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
8⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
7⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
6⤵
- Program crash
PID:332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
5⤵
- Program crash
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
9⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
10⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
11⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
12⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
13⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
14⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
14⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
13⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
12⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
11⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
11⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
12⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
13⤵
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
13⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
8⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
10⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
11⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
12⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
13⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
13⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
9⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
8⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
11⤵
PID:8028

C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
12⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
13⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
13⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
10⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
12⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
10⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
8⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
7⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
7⤵
- Executes dropped EXE
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
10⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
11⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
12⤵
PID:12228

C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
13⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12228 -s 216
13⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
11⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
9⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
10⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
11⤵
PID:11684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
12⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11684 -s 220
12⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
8⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
9⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
10⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
11⤵
PID:11612

C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11612 -s 216
12⤵
PID:13984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
11⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 220
10⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
9⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
8⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
- Program crash
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
5⤵
- Program crash
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
8⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-6305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6305.exe
11⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
12⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
13⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
14⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
14⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
13⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
12⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
10⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
11⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
12⤵
PID:11732

C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
13⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11732 -s 216
13⤵
PID:13712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
8⤵
- Program crash
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
7⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-5795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5795.exe
10⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12108 -s 240
13⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 236
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
8⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
7⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-28049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28049.exe
7⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
8⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
12⤵
PID:12160

C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
13⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
9⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
10⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
12⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
11⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
10⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 220
9⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
7⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
6⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
7⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
9⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
10⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
11⤵
PID:12020

C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
12⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12020 -s 220
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
11⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 220
10⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
8⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 236
7⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
6⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
7⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
9⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
10⤵
PID:8912

C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
11⤵
PID:11460

C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
12⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11460 -s 216
12⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
11⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 220
10⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
8⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
7⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
6⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
5⤵
- Program crash
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-7251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7251.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
11⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
12⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
13⤵
PID:11576

C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
14⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11576 -s 216
14⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
13⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
11⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45357.exe
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
11⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
12⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 236
11⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 220
10⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
8⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
7⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
10⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
11⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
12⤵
PID:12284

C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
13⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12284 -s 216
13⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 220
11⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
7⤵
- Program crash
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
7⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
10⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-23507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23507.exe
11⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
12⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
13⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 236
13⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
11⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
10⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
9⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
10⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
11⤵
PID:11992

C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
12⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 220
11⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 236
10⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
9⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
8⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
7⤵
- Program crash
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
6⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-44451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44451.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
7⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
10⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
11⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
12⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 236
11⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 220
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
9⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
10⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
11⤵
PID:11388

C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
12⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11388 -s 216
12⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 220
10⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 220
9⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 220
7⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
6⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
8⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
9⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
10⤵
PID:11324

C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
11⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11324 -s 216
11⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
10⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
9⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
8⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
7⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
6⤵
- Program crash
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
5⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
7⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
10⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 212
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 220
11⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
9⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
8⤵
- Program crash
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
7⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
9⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
10⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
11⤵
PID:11536

C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
12⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11536 -s 220
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
11⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 220
10⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
9⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
8⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 220
7⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
6⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
7⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
9⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
10⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
11⤵
PID:11972

C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
12⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11972 -s 220
12⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
11⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
10⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 236
9⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
8⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
7⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
6⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
6⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
7⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
9⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
10⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
11⤵
PID:12152

C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
12⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
11⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
10⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 220
9⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
8⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
7⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
6⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
7⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-35619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35619.exe
8⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
9⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
10⤵
PID:11748

C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
11⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
10⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
9⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 220
8⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
7⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
6⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
5⤵
- Program crash
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
4⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
2⤵
- Program crash
PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe

Filesize
184KB

MD5
d9b14121ce09cac7a161ac741369bf56

SHA1
352406e23bedb095af95d80f6f23b7046e3b3379

SHA256
206098bdb2b78ee223de6ce4dbc4b0cdeb3fce0829253280aab3cd488e0473f2

SHA512
8ce789e5628ae1910602ebc264ca6ce55550522c48893de4ad6df2dd996b8710ab9850bd5d15feb246b42623bed3646eeb5d73da5d14b6d59f1fc0a25d9b1ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe

Filesize
184KB

MD5
aeeab62cefb77335f34acf18286ec094

SHA1
127a5e53e3fe236338c4fef37a122bc959be2372

SHA256
94cf6b0110afa43be34c9ff96a7df6fd8fa68e67a7d97f96a41ee9b2681c6424

SHA512
b4eabdd9e59211fa72d9d8d07d4e5b969651006a56c6c647deafb7f57f731bfc0f38594d63229447adc8242b4c51f8128a8c69d359e32c8b7cd53dcaae46a7e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe

Filesize
184KB

MD5
f0a2749cbca0fc97dd06ea067b1f1f64

SHA1
69e21b44ff1ef1bf0df3ded3a8be9fb886040ce6

SHA256
b8ace6deec4e8993660477139b30c1233240a1dae05225129a92dba1794955b5

SHA512
a4ca373d282b3485fd8b10c6bae354736c053519a865e8a68c23fd5fe2b80faef98adb22b150a235618aad3598c42149a85dbc8dbc781da8b16dea33f15a3d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe

Filesize
184KB

MD5
d0d8b79b9365f8b62cce643ac37e7f43

SHA1
8d65557eeb762b5f154fa860117206cd56494484

SHA256
edfeb96c097f378a4afbefc2f82b36bada88acf7af7815d9a2c558eb8c159597

SHA512
307df0f3b6cd0aee30ecfef3a2128f5552a2bf22e2a0b9e8774cba8deb5649c52d4687df20f7faac0e84245c2e674b112251b18b15f9b5013497eebf1e8ae2cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe

Filesize
184KB

MD5
b2f29c6ca61a0888ada0fc28bf672150

SHA1
f91b0f320479faeae76ca53050a6850ac8e9bff4

SHA256
1d929e37f0e795c579b35ad88f85750d26f8cc45e8bcc3a9285fac0239a06491

SHA512
afbb79307e0fc3d89415b9b46e534391be6bcf3c5950f5cb8bbc79175dcc105e14733bb33c10e762f9f123fa1f11f5c71351c35d48e3d82b0d29b61a383cb04f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe

Filesize
184KB

MD5
f53caf7dc987149c1d6bf3f7ac16f022

SHA1
8bbf3f2c382a169a3b05cdda5d5a27e1d458e865

SHA256
f2aa06dde750d22b5be01af1fc6c0348a1d092e9718d896102a6e59b61de6be8

SHA512
31488ce02f460cc6952d19bc7dc7a88b7606199008b6a594682d4ce8d160f9354726d21d52ed178037df7e117ab973c3f4b921d4436d441e5624662fd8bf1ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe

Filesize
184KB

MD5
e2d43b5434fa715d94a02f94d2f5486b

SHA1
b05e4feb7e71a841542a5c6da02d11dc839cc037

SHA256
5c7f8eff0a35692dd2a7a143d10c32a5d1d44c9374103662545743675cc5f309

SHA512
1c2f985ea07d3708d7037401522d07c39497052c293c51e6088bc6938c04b30069b835bdac72209112ad0caacf1de920b6b38c22c9b6f9dcffed5a479935b6ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe

Filesize
184KB

MD5
6888f50f4e907e6c5769a1f4ebcc5063

SHA1
4f1e357cac9b5c142eda76ff4d0d620a1844bcca

SHA256
1cb8b4fc94220399695468becf3845622684bc8cf24ec33c422c4ee4057b8deb

SHA512
55e6ea22f503c146542649eee7aba8fd2b986643a6994c2300f90723a9af301c6761653eb248770c52c14dc76d37ea9263392c7b546e147c2593b76ffe2daffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe

Filesize
184KB

MD5
b6f5cf2296bc818b826dfd4667503450

SHA1
672fa6c0d0790f67cb145572723cc325beae58d2

SHA256
e784d6c248c2c5caf69b507863f257fc5600dc8716a80bd3e29ba369e5cf0de8

SHA512
b011d4677a8369d43a17fa2000b9deb9fb30a5e1a83a990caaee62dfccd69969fefb0839b4158651a28d1addf27e590e71923d078ebfe001f84ac3154951dd00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe

Filesize
184KB

MD5
3cafd8be7f375862f38d74e737c5bed4

SHA1
21729c9b08e35d4928da73bbcc20cd0879712498

SHA256
c68a2e9fbccb47dad7890c4d972c00affe592eab9b8bda59b43b1bc03b99a5e7

SHA512
27db7ade7768eae3b09db8b334b08caa4774e51010a4bb714af21ab8022b7598ac9a66ac1a8de40fc5363ff407dc961340f8772d8376f8e879c5ddc31850f101

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe

Filesize
184KB

MD5
df67825f346eb419a1598a39fab94e6c

SHA1
2e5db94f4f77965ec73f078606061f43dc9ec30b

SHA256
12b33fc9f0162b128c8311407f9af965b2922014f010cf351d1023e4cc2894e2

SHA512
095bea6f2228e52e12b91a734b1e54b20d45dddb982d54c35b1107c89cf68ad550c4e1a1bd9aae5bd536b78ddd17df6bf1565f5d33925d097874d07a333581ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe

Filesize
184KB

MD5
91cf8f65222b455b43927af3372260a6

SHA1
847a1605af3d99570a0885b7abc5e2fe6ae019c8

SHA256
1ed431e0d46e071947174290841f6af2dbb936d4ea50c891fe150930be5672c5

SHA512
2406fe24a8b025ba42f8403ae38954a62cd28434a11fa06738c2475183de07b25a9acbd8ae23d56209fef22af9950a11070905d20774a1aab9e4a0ce1bdc39be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe

Filesize
184KB

MD5
cbba806bf768c225e719d51181f9e357

SHA1
f74ba744c24927c7f0258fb40dbab350fba18e1b

SHA256
0a0b9557d8b658632a4d7f90507c679cdd8205124267777d380387d5007a7ec4

SHA512
95e98377ea15e04c43db1de4a9cc314aed14abebb313ed89634c4f1ccaa473f186cb216611bd2d5b5695825460f1990fadc2219903288c19da98cde99ac3e634

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe

Filesize
184KB

MD5
1cfe1ee1f29394422966455c7987426f

SHA1
09a442745a3e3b1564fee7a3a252245e44a09b6d

SHA256
4f5389e1b0bbde4e365c40991057be4b95ae156a47f263c395749febae8ae940

SHA512
712ec325d5d77f8bda805179e5a44ee0b5c77931c09e985f1631b282791acc4cc41029ce179ca6f6e62388f29fe5b2f4495ec717f490391cb96e8b37b1326bb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe

Filesize
184KB

MD5
a0b217fd4b2ace3ec73ef9892aaa436b

SHA1
97ad2d7d501bcd836c726aa344d905ccc1d7e3e4

SHA256
fc5942fe5b938fbe27935bd08a4609c8654dd1b8cd05b5317112d4becfe141c6

SHA512
102e64f23f0b29ba4d51a64f66edd86b120d2eb9b32390dc8eaf645e019331d76a0afbf2a8bb43d7b25b89a09d3ea345704c069db081958d3a19965411049e63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe

Filesize
184KB

MD5
8d2ee4f35b95560044756933ddcf098c

SHA1
25d8906d116c9ea6d125e2c20302b71d75c54dfc

SHA256
8d4138c8f43a91545c17de2049fb3b4027198e9c62a6d13dc0c71c930d9245b3

SHA512
b7b927225f313f6a5153765893b5907937fe55e91b6d71a5e8f3eee96f7a54414b2c754f16303263a073bd118c5fb41b4e0243d63cb54ce46b9ebd29c8e3c2aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe

Filesize
184KB

MD5
46b1eb7f5b29e6185ca3013054708c04

SHA1
d647c057ae5566a181642a0d4ec666127870ef4d

SHA256
a2114b2bcff92ab3ae9bc29418eca56415501e7b529dcc7142f8c182342ae9e7

SHA512
64af167f1c74836cfcac968873466069b5ae574c2e173759429d1f0581a2c6eeacb5a2101808ad99b32509902ae7555e8193acb989835fa5cc35f7f3c7c9e4cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-354.exe

Filesize
184KB

MD5
f0d330c19d7fa2fa440b429763dd7664

SHA1
08fd0d567f78d0f69742e39b76d9c2cf1d1f2998

SHA256
78d8bd98825d18adb96f770537bb46c3644427c418e6e34a41aa5704a8cc6114

SHA512
1a464cc1c38d0218d40354e2000cee77be32a0d0768df06fd33a2151b3bc920c90de1af21d51f9f9de70ccc728524c4c726479692d386ac6ecdd4f5300c44573

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe

Filesize
184KB

MD5
58086f320188b8e9f7ab94646ca54f2f

SHA1
7bf02ba4bdaddf3852455528d44d6076684b80fe

SHA256
50c64e5ce2e8f471633d8d347aa1473e4ad46e42cd17380ba5b829ecc1bc3e54

SHA512
96eb90ce82d784d29cf818c312ee3b57a4f89b9dc326a2722e27bd10aead5257ae7354c53d495cbcd7178eeead974cde8ed4efbfd4a0cb43bbda943389a0062a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe

Filesize
184KB

MD5
ee40227d9a4f68d8a19ea0c63123cdd5

SHA1
553fef4db2c3cabc763681d295bbc1fb04c6875c

SHA256
cb7c2b3dbd73833a72a194c2ec6513547e35f0ec4d80bc7681025310d89d06b5

SHA512
cdcfb504a53ae127794f94c148ce42a779e7e64f2879a45cf25dbe71dd6bb6ca6a44c4575dfbd75d35fb5de8ff6befed9a0860af42c0ea67c5dcb87f477dfe26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe

Filesize
184KB

MD5
a94ed9ac7ae2c0bda4b740d3d085fa0c

SHA1
1d202c74e4594937cdb77670f3d2cd549463a0f1

SHA256
7817049847820f7477fb35db31579ab773ff05e8e54a6e063f6ac5182dfdde91

SHA512
26b39942480635db8f7bd35cf20359df69e024ab021d30e2fdb9be2bcc96fdbe2efbc2ad6329837140daa6dc46d1c72ecf8c03eef54f10b641463d3a78d56823

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe

Filesize
184KB

MD5
009bb92f0bb578854c5fff3369508d96

SHA1
1d1294b431c590a62cde2088a61a4ebeb5d4e414

SHA256
2a134d65c19296e29d1e9ee0645756c1c1a6aa4dea8e73b82f084add065e2377

SHA512
4e4acf277329eca3048480c3670d1215ca2ec797036ec1fecf217a31ce35c05bf7941023c15dce94f5f26e7714eef86926355d9c81c432b1367e5d3c72ee2560

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7251.exe

Filesize
184KB

MD5
318c04c5ee3036ceada2ca1fb69dba29

SHA1
f2ac5bf2eddb105e98bf4df8dc4efe86b21a5e04

SHA256
5dc21bfae7e2a8d6c03941aac264cc03bc7647e5e4be21d05e6b977c4660922b

SHA512
f83fc78466e9f88d943e587fda26f7facc39c2c292ba15e25bf6b82d892132f0d2e8fd48cc5c655cdaaf19e12b1443245458b5517ad464ef67683bf044b54d96

Download Submit
memory/2692-1250-0x0000000002940000-0x0000000002A9C000-memory.dmp

Filesize
1.4MB

Download