51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
Size

184KB
MD5

077b6e62a55d5a6d89eceeaf1dc1e30e
SHA1

51eacd77ced31f1ec5f75e0bd043865b4bec3a5c
SHA256

51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd
SHA512

3a1111b97aec85251aab095c30dffc63aaec6d2030801876c212b7c77885e8d572aa2ff4051b109239a630854815d6369771f6bc67e5a162483a87d1793a8488
SSDEEP

3072:c3e3Y8oT77hTdFnWeLwLk2sehlnViFgn3:c3uo9JFnOLjsehlnViFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-55990.exeUnicorn-35461.exeUnicorn-34069.exeUnicorn-38715.exeUnicorn-26463.exeUnicorn-6597.exeUnicorn-5933.exeUnicorn-8626.exeUnicorn-32576.exeUnicorn-47521.exeUnicorn-4625.exeUnicorn-56286.exeUnicorn-53826.exeUnicorn-57931.exeUnicorn-45679.exeUnicorn-19037.exeUnicorn-29897.exeUnicorn-52285.exeUnicorn-1138.exeUnicorn-35133.exeUnicorn-59083.exeUnicorn-7936.exeUnicorn-22881.exeUnicorn-30495.exeUnicorn-14713.exeUnicorn-26219.exeUnicorn-41163.exeUnicorn-61029.exeUnicorn-58590.exeUnicorn-7998.exeUnicorn-65367.exeUnicorn-46914.exeUnicorn-3935.exeUnicorn-18880.exeUnicorn-18326.exeUnicorn-2544.exeUnicorn-9965.exeUnicorn-44776.exeUnicorn-12658.exeUnicorn-28440.exeUnicorn-16188.exeUnicorn-50998.exeUnicorn-31132.exeUnicorn-406.exeUnicorn-55082.exeUnicorn-967.exeUnicorn-15912.exeUnicorn-27610.exeUnicorn-41808.exeUnicorn-9498.exeUnicorn-3790.exeUnicorn-65243.exeUnicorn-2399.exeUnicorn-45399.exeUnicorn-49483.exeUnicorn-49483.exeUnicorn-52176.exeUnicorn-41315.exeUnicorn-10588.exeUnicorn-9197.exeUnicorn-44008.exeUnicorn-63873.exeUnicorn-13281.exeUnicorn-2420.exe

pid	process
2408	Unicorn-55990.exe
1632	Unicorn-35461.exe
2600	Unicorn-34069.exe
2636	Unicorn-38715.exe
2692	Unicorn-26463.exe
2340	Unicorn-6597.exe
2780	Unicorn-5933.exe
2928	Unicorn-8626.exe
1524	Unicorn-32576.exe
2872	Unicorn-47521.exe
2860	Unicorn-4625.exe
812	Unicorn-56286.exe
1760	Unicorn-53826.exe
2452	Unicorn-57931.exe
2736	Unicorn-45679.exe
764	Unicorn-19037.exe
1720	Unicorn-29897.exe
2480	Unicorn-52285.exe
2028	Unicorn-1138.exe
412	Unicorn-35133.exe
2348	Unicorn-59083.exe
1284	Unicorn-7936.exe
596	Unicorn-22881.exe
2236	Unicorn-30495.exe
892	Unicorn-14713.exe
2192	Unicorn-26219.exe
1492	Unicorn-41163.exe
1712	Unicorn-61029.exe
1252	Unicorn-58590.exe
3040	Unicorn-7998.exe
2032	Unicorn-65367.exe
1736	Unicorn-46914.exe
2640	Unicorn-3935.exe
2696	Unicorn-18880.exe
2812	Unicorn-18326.exe
1552	Unicorn-2544.exe
2508	Unicorn-9965.exe
1080	Unicorn-44776.exe
2560	Unicorn-12658.exe
2956	Unicorn-28440.exe
2912	Unicorn-16188.exe
2740	Unicorn-50998.exe
2968	Unicorn-31132.exe
2484	Unicorn-406.exe
1700	Unicorn-55082.exe
2548	Unicorn-967.exe
2904	Unicorn-15912.exe
2492	Unicorn-27610.exe
1588	Unicorn-41808.exe
292	Unicorn-9498.exe
1968	Unicorn-3790.exe
2132	Unicorn-65243.exe
840	Unicorn-2399.exe
1976	Unicorn-45399.exe
2180	Unicorn-49483.exe
904	Unicorn-49483.exe
1508	Unicorn-52176.exe
3056	Unicorn-41315.exe
2352	Unicorn-10588.exe
1920	Unicorn-9197.exe
2300	Unicorn-44008.exe
2248	Unicorn-63873.exe
2668	Unicorn-13281.exe
2628	Unicorn-2420.exe

Loads dropped DLL 64 IoCs

Processes:

51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exeUnicorn-55990.exeUnicorn-34069.exeUnicorn-35461.exeWerFault.exeUnicorn-38715.exeUnicorn-26463.exeWerFault.exeWerFault.exeUnicorn-6597.exeUnicorn-5933.exeUnicorn-8626.exeUnicorn-32576.exeUnicorn-47521.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
2408	Unicorn-55990.exe
1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
2408	Unicorn-55990.exe
1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
2600	Unicorn-34069.exe
2600	Unicorn-34069.exe
1632	Unicorn-35461.exe
2408	Unicorn-55990.exe
2408	Unicorn-55990.exe
1632	Unicorn-35461.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
2636	Unicorn-38715.exe
2636	Unicorn-38715.exe
2600	Unicorn-34069.exe
2600	Unicorn-34069.exe
2692	Unicorn-26463.exe
2692	Unicorn-26463.exe
1632	Unicorn-35461.exe
1632	Unicorn-35461.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
1332	WerFault.exe
2612	WerFault.exe
2340	Unicorn-6597.exe
2340	Unicorn-6597.exe
2780	Unicorn-5933.exe
2780	Unicorn-5933.exe
2636	Unicorn-38715.exe
2636	Unicorn-38715.exe
2928	Unicorn-8626.exe
2928	Unicorn-8626.exe
1524	Unicorn-32576.exe
1524	Unicorn-32576.exe
2692	Unicorn-26463.exe
2692	Unicorn-26463.exe
2872	Unicorn-47521.exe
2872	Unicorn-47521.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
580	WerFault.exe
1060	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
1060	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2708	1648	WerFault.exe	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
1992	2408	WerFault.exe	Unicorn-55990.exe
1332	2600	WerFault.exe	Unicorn-34069.exe
2612	1632	WerFault.exe	Unicorn-35461.exe
580	2340	WerFault.exe	Unicorn-6597.exe
1060	2636	WerFault.exe	Unicorn-38715.exe
2008	2692	WerFault.exe	Unicorn-26463.exe
880	2780	WerFault.exe	Unicorn-5933.exe
2204	2928	WerFault.exe	Unicorn-8626.exe
2216	1524	WerFault.exe	Unicorn-32576.exe
2616	2872	WerFault.exe	Unicorn-47521.exe
2140	2860	WerFault.exe	Unicorn-4625.exe
1756	812	WerFault.exe	Unicorn-56286.exe
2060	1760	WerFault.exe	Unicorn-53826.exe
536	2452	WerFault.exe	Unicorn-57931.exe
264	2736	WerFault.exe	Unicorn-45679.exe
1804	764	WerFault.exe	Unicorn-19037.exe
1544	1720	WerFault.exe	Unicorn-29897.exe
2148	2480	WerFault.exe	Unicorn-52285.exe
2496	412	WerFault.exe	Unicorn-35133.exe
2576	2348	WerFault.exe	Unicorn-59083.exe
1264	1284	WerFault.exe	Unicorn-7936.exe
1296	596	WerFault.exe	Unicorn-22881.exe
3004	2236	WerFault.exe	Unicorn-30495.exe
908	892	WerFault.exe	Unicorn-14713.exe
1560	1712	WerFault.exe	Unicorn-61029.exe
1548	2192	WerFault.exe	Unicorn-26219.exe
492	1492	WerFault.exe	Unicorn-41163.exe
2772	3040	WerFault.exe	Unicorn-7998.exe
3052	1252	WerFault.exe	Unicorn-58590.exe
2744	2032	WerFault.exe	Unicorn-65367.exe
2680	1736	WerFault.exe	Unicorn-46914.exe
2816	2696	WerFault.exe	Unicorn-18880.exe
1816	2640	WerFault.exe	Unicorn-3935.exe
2104	1080	WerFault.exe	Unicorn-44776.exe
1372	2560	WerFault.exe	Unicorn-12658.exe
872	1552	WerFault.exe	Unicorn-2544.exe
2396	2812	WerFault.exe	Unicorn-18326.exe
2788	2740	WerFault.exe	Unicorn-50998.exe
2528	1700	WerFault.exe	Unicorn-55082.exe
2808	2956	WerFault.exe	Unicorn-28440.exe
2324	2912	WerFault.exe	Unicorn-16188.exe
1912	2484	WerFault.exe	Unicorn-406.exe
3112	2968	WerFault.exe	Unicorn-31132.exe
3652	2548	WerFault.exe	Unicorn-967.exe
3828	1972	WerFault.exe	Unicorn-65409.exe
3292	2508	WerFault.exe	Unicorn-9965.exe
3452	2884	WerFault.exe	Unicorn-31694.exe
3488	904	WerFault.exe	Unicorn-49483.exe
3556	2684	WerFault.exe	Unicorn-48092.exe
3720	1588	WerFault.exe	Unicorn-41808.exe
3716	372	WerFault.exe	Unicorn-60557.exe
3744	2584	WerFault.exe	Unicorn-2420.exe
3784	1724	WerFault.exe	Unicorn-32331.exe
4028	840	WerFault.exe	Unicorn-2399.exe
4036	2180	WerFault.exe	Unicorn-49483.exe
4084	2628	WerFault.exe	Unicorn-2420.exe
3188	2132	WerFault.exe	Unicorn-65243.exe
4092	1976	WerFault.exe	Unicorn-45399.exe
3268	2300	WerFault.exe	Unicorn-44008.exe
3276	1916	WerFault.exe	Unicorn-15803.exe
3412	740	WerFault.exe	Unicorn-55705.exe
3456	2136	WerFault.exe	Unicorn-26685.exe
3504	2668	WerFault.exe	Unicorn-13281.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exeUnicorn-55990.exeUnicorn-35461.exeUnicorn-34069.exeUnicorn-38715.exeUnicorn-6597.exeUnicorn-26463.exeUnicorn-5933.exeUnicorn-8626.exeUnicorn-32576.exeUnicorn-47521.exeUnicorn-4625.exeUnicorn-56286.exeUnicorn-53826.exeUnicorn-57931.exeUnicorn-45679.exeUnicorn-19037.exeUnicorn-29897.exeUnicorn-52285.exeUnicorn-35133.exeUnicorn-59083.exeUnicorn-7936.exeUnicorn-22881.exeUnicorn-30495.exeUnicorn-14713.exeUnicorn-26219.exeUnicorn-61029.exeUnicorn-41163.exeUnicorn-58590.exeUnicorn-65367.exeUnicorn-46914.exeUnicorn-3935.exeUnicorn-18880.exeUnicorn-18326.exeUnicorn-9965.exeUnicorn-2544.exeUnicorn-44776.exeUnicorn-12658.exeUnicorn-28440.exeUnicorn-50998.exeUnicorn-406.exeUnicorn-16188.exeUnicorn-31132.exeUnicorn-55082.exeUnicorn-31694.exeUnicorn-967.exeUnicorn-15912.exeUnicorn-27610.exeUnicorn-41808.exeUnicorn-9498.exeUnicorn-3790.exeUnicorn-65243.exeUnicorn-2399.exeUnicorn-45399.exeUnicorn-49483.exeUnicorn-49483.exeUnicorn-41315.exeUnicorn-52176.exeUnicorn-10588.exeUnicorn-9197.exeUnicorn-13281.exeUnicorn-44008.exeUnicorn-63873.exeUnicorn-2420.exe

pid	process
1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
2408	Unicorn-55990.exe
1632	Unicorn-35461.exe
2600	Unicorn-34069.exe
2636	Unicorn-38715.exe
2340	Unicorn-6597.exe
2692	Unicorn-26463.exe
2780	Unicorn-5933.exe
2928	Unicorn-8626.exe
1524	Unicorn-32576.exe
2872	Unicorn-47521.exe
2860	Unicorn-4625.exe
812	Unicorn-56286.exe
1760	Unicorn-53826.exe
2452	Unicorn-57931.exe
2736	Unicorn-45679.exe
764	Unicorn-19037.exe
1720	Unicorn-29897.exe
2480	Unicorn-52285.exe
412	Unicorn-35133.exe
2348	Unicorn-59083.exe
1284	Unicorn-7936.exe
596	Unicorn-22881.exe
2236	Unicorn-30495.exe
892	Unicorn-14713.exe
2192	Unicorn-26219.exe
1712	Unicorn-61029.exe
1492	Unicorn-41163.exe
1252	Unicorn-58590.exe
2032	Unicorn-65367.exe
1736	Unicorn-46914.exe
2640	Unicorn-3935.exe
2696	Unicorn-18880.exe
2812	Unicorn-18326.exe
2508	Unicorn-9965.exe
1552	Unicorn-2544.exe
1080	Unicorn-44776.exe
2560	Unicorn-12658.exe
2956	Unicorn-28440.exe
2740	Unicorn-50998.exe
2484	Unicorn-406.exe
2912	Unicorn-16188.exe
2968	Unicorn-31132.exe
1700	Unicorn-55082.exe
2884	Unicorn-31694.exe
2548	Unicorn-967.exe
2904	Unicorn-15912.exe
2492	Unicorn-27610.exe
1588	Unicorn-41808.exe
292	Unicorn-9498.exe
1968	Unicorn-3790.exe
2132	Unicorn-65243.exe
840	Unicorn-2399.exe
1976	Unicorn-45399.exe
2180	Unicorn-49483.exe
904	Unicorn-49483.exe
3056	Unicorn-41315.exe
1508	Unicorn-52176.exe
2352	Unicorn-10588.exe
1920	Unicorn-9197.exe
2668	Unicorn-13281.exe
2300	Unicorn-44008.exe
2248	Unicorn-63873.exe
2628	Unicorn-2420.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exeUnicorn-55990.exeUnicorn-34069.exeUnicorn-35461.exeUnicorn-38715.exeUnicorn-26463.exeUnicorn-6597.exeUnicorn-5933.exe

description	pid	process	target process
PID 1648 wrote to memory of 2408	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-55990.exe
PID 1648 wrote to memory of 2408	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-55990.exe
PID 1648 wrote to memory of 2408	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-55990.exe
PID 1648 wrote to memory of 2408	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-55990.exe
PID 2408 wrote to memory of 1632	2408	Unicorn-55990.exe	Unicorn-35461.exe
PID 2408 wrote to memory of 1632	2408	Unicorn-55990.exe	Unicorn-35461.exe
PID 2408 wrote to memory of 1632	2408	Unicorn-55990.exe	Unicorn-35461.exe
PID 2408 wrote to memory of 1632	2408	Unicorn-55990.exe	Unicorn-35461.exe
PID 1648 wrote to memory of 2600	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-34069.exe
PID 1648 wrote to memory of 2600	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-34069.exe
PID 1648 wrote to memory of 2600	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-34069.exe
PID 1648 wrote to memory of 2600	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	Unicorn-34069.exe
PID 1648 wrote to memory of 2708	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	WerFault.exe
PID 1648 wrote to memory of 2708	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	WerFault.exe
PID 1648 wrote to memory of 2708	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	WerFault.exe
PID 1648 wrote to memory of 2708	1648	51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe	WerFault.exe
PID 2600 wrote to memory of 2636	2600	Unicorn-34069.exe	Unicorn-38715.exe
PID 2600 wrote to memory of 2636	2600	Unicorn-34069.exe	Unicorn-38715.exe
PID 2600 wrote to memory of 2636	2600	Unicorn-34069.exe	Unicorn-38715.exe
PID 2600 wrote to memory of 2636	2600	Unicorn-34069.exe	Unicorn-38715.exe
PID 2408 wrote to memory of 2340	2408	Unicorn-55990.exe	Unicorn-6597.exe
PID 2408 wrote to memory of 2340	2408	Unicorn-55990.exe	Unicorn-6597.exe
PID 2408 wrote to memory of 2340	2408	Unicorn-55990.exe	Unicorn-6597.exe
PID 2408 wrote to memory of 2340	2408	Unicorn-55990.exe	Unicorn-6597.exe
PID 1632 wrote to memory of 2692	1632	Unicorn-35461.exe	Unicorn-26463.exe
PID 1632 wrote to memory of 2692	1632	Unicorn-35461.exe	Unicorn-26463.exe
PID 1632 wrote to memory of 2692	1632	Unicorn-35461.exe	Unicorn-26463.exe
PID 1632 wrote to memory of 2692	1632	Unicorn-35461.exe	Unicorn-26463.exe
PID 2408 wrote to memory of 1992	2408	Unicorn-55990.exe	WerFault.exe
PID 2408 wrote to memory of 1992	2408	Unicorn-55990.exe	WerFault.exe
PID 2408 wrote to memory of 1992	2408	Unicorn-55990.exe	WerFault.exe
PID 2408 wrote to memory of 1992	2408	Unicorn-55990.exe	WerFault.exe
PID 2636 wrote to memory of 2780	2636	Unicorn-38715.exe	Unicorn-5933.exe
PID 2636 wrote to memory of 2780	2636	Unicorn-38715.exe	Unicorn-5933.exe
PID 2636 wrote to memory of 2780	2636	Unicorn-38715.exe	Unicorn-5933.exe
PID 2636 wrote to memory of 2780	2636	Unicorn-38715.exe	Unicorn-5933.exe
PID 2600 wrote to memory of 2928	2600	Unicorn-34069.exe	Unicorn-8626.exe
PID 2600 wrote to memory of 2928	2600	Unicorn-34069.exe	Unicorn-8626.exe
PID 2600 wrote to memory of 2928	2600	Unicorn-34069.exe	Unicorn-8626.exe
PID 2600 wrote to memory of 2928	2600	Unicorn-34069.exe	Unicorn-8626.exe
PID 2692 wrote to memory of 1524	2692	Unicorn-26463.exe	Unicorn-32576.exe
PID 2692 wrote to memory of 1524	2692	Unicorn-26463.exe	Unicorn-32576.exe
PID 2692 wrote to memory of 1524	2692	Unicorn-26463.exe	Unicorn-32576.exe
PID 2692 wrote to memory of 1524	2692	Unicorn-26463.exe	Unicorn-32576.exe
PID 1632 wrote to memory of 2872	1632	Unicorn-35461.exe	Unicorn-47521.exe
PID 1632 wrote to memory of 2872	1632	Unicorn-35461.exe	Unicorn-47521.exe
PID 1632 wrote to memory of 2872	1632	Unicorn-35461.exe	Unicorn-47521.exe
PID 1632 wrote to memory of 2872	1632	Unicorn-35461.exe	Unicorn-47521.exe
PID 2600 wrote to memory of 1332	2600	Unicorn-34069.exe	WerFault.exe
PID 2600 wrote to memory of 1332	2600	Unicorn-34069.exe	WerFault.exe
PID 2600 wrote to memory of 1332	2600	Unicorn-34069.exe	WerFault.exe
PID 2600 wrote to memory of 1332	2600	Unicorn-34069.exe	WerFault.exe
PID 1632 wrote to memory of 2612	1632	Unicorn-35461.exe	WerFault.exe
PID 1632 wrote to memory of 2612	1632	Unicorn-35461.exe	WerFault.exe
PID 1632 wrote to memory of 2612	1632	Unicorn-35461.exe	WerFault.exe
PID 1632 wrote to memory of 2612	1632	Unicorn-35461.exe	WerFault.exe
PID 2340 wrote to memory of 2860	2340	Unicorn-6597.exe	Unicorn-4625.exe
PID 2340 wrote to memory of 2860	2340	Unicorn-6597.exe	Unicorn-4625.exe
PID 2340 wrote to memory of 2860	2340	Unicorn-6597.exe	Unicorn-4625.exe
PID 2340 wrote to memory of 2860	2340	Unicorn-6597.exe	Unicorn-4625.exe
PID 2780 wrote to memory of 812	2780	Unicorn-5933.exe	Unicorn-56286.exe
PID 2780 wrote to memory of 812	2780	Unicorn-5933.exe	Unicorn-56286.exe
PID 2780 wrote to memory of 812	2780	Unicorn-5933.exe	Unicorn-56286.exe
PID 2780 wrote to memory of 812	2780	Unicorn-5933.exe	Unicorn-56286.exe

C:\Users\Admin\AppData\Local\Temp\51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe
"C:\Users\Admin\AppData\Local\Temp\51a7e18a51a551d5ddffb7009125144219af9ed09075270a2a1144e3ddd801fd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
10⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
11⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
12⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
13⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
14⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
15⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
16⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
15⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
14⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
13⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
12⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
11⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
11⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
12⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
13⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
14⤵
PID:11480

C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
15⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
14⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
13⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
12⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
11⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
10⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
9⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
10⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
11⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-2939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2939.exe
12⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
13⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
14⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
14⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
13⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
12⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
11⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
10⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
9⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
8⤵
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
9⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
10⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
11⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
12⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
13⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
14⤵
PID:11448

C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
15⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 220
14⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
13⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
12⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
11⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
12⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
13⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
13⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
12⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
11⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
9⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
8⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
11⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
12⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
13⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
14⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
14⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
13⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
12⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
10⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
9⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
8⤵
- Program crash
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
- Program crash
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-57412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57412.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
11⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
12⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
13⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 236
13⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
12⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 236
11⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
9⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
8⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
11⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
12⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
13⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
14⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
12⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
10⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
11⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 220
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
8⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
7⤵
- Program crash
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
6⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
9⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
10⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
11⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
12⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
13⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 220
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
12⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
9⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
8⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
11⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
12⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
13⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 220
12⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
9⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
8⤵
- Program crash
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
10⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
11⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
12⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
13⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
11⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
8⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
7⤵
- Program crash
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
7⤵
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
8⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
10⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
12⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
13⤵
PID:11440

C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
14⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 220
13⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
11⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
10⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
11⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
12⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
13⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
11⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
7⤵
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
11⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 220
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
11⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 220
10⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 236
8⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
7⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
6⤵
- Program crash
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
10⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
11⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
12⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
13⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 220
13⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 220
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 220
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
9⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
8⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
8⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
11⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
12⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
13⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
14⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
13⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
12⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
11⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
10⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
10⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
10⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 220
8⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
- Program crash
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
8⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
10⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
11⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
12⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
13⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
14⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
12⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
11⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
10⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
11⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
12⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
13⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
10⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
8⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
7⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
12⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
13⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
10⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
8⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
7⤵
- Program crash
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
6⤵
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
10⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
11⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
12⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
11⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 236
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
7⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25358.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
11⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
13⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
11⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
7⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
11⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
12⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
13⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
11⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 236
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
7⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
9⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
11⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
10⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
9⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
8⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
6⤵
- Program crash
PID:492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
5⤵
- Program crash
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
8⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
8⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-723.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
12⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
13⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
13⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
12⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
11⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
9⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 220
8⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
7⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
10⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
11⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
12⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
13⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
13⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 220
11⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
8⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
7⤵
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
11⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 220
11⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
7⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
9⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
10⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
10⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 220
9⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
8⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
7⤵
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
6⤵
- Program crash
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
5⤵
- Executes dropped EXE
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
7⤵
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
8⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
12⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 236
8⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
7⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
10⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
11⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
12⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
8⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
7⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
6⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
9⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
10⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
11⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
11⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
10⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
9⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
7⤵
- Program crash
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
6⤵
- Program crash
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
5⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
4⤵
- Loads dropped DLL
- Program crash
PID:580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
6⤵
- Executes dropped EXE
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
8⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
10⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-42841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42841.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
12⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exe
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 220
13⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 220
12⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 220
11⤵
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
10⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
11⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
7⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
11⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
12⤵
PID:11324

C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 220
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
10⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
8⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
7⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
6⤵
- Program crash
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-46914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46914.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
11⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
12⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
13⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
14⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
13⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
12⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
11⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
11⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
12⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
13⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 220
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
7⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-42078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42078.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
11⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
12⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
13⤵
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
12⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
11⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
7⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
7⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
10⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
12⤵
PID:11604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 220
12⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 220
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
8⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
7⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
9⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
10⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
11⤵
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 220
10⤵
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
9⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
8⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
6⤵
- Program crash
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
5⤵
- Program crash
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
7⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
11⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
12⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
12⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
11⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
8⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
7⤵
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
7⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
10⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
11⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
12⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
13⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 220
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
11⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
9⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
7⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
9⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
10⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
11⤵
PID:11644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
12⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11644 -s 236
12⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
10⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
8⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
7⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
6⤵
- Program crash
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-3790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3790.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
11⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 220
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 220
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
9⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
10⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
11⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 216
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
10⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 220
9⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
8⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
7⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
6⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
5⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
8⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-54522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54522.exe
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
11⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
12⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
13⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
14⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
12⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
10⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
10⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-1668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1668.exe
11⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
13⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
8⤵
- Program crash
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
10⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
11⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
12⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
11⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
8⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
7⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
7⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
9⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
10⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
11⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
12⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 236
11⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
7⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
8⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
9⤵
PID:6688

C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
10⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
11⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
11⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 236
10⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
9⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
8⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
7⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
6⤵
- Program crash
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
7⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
9⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
10⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
11⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
10⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
8⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 216
7⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
6⤵
- Program crash
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
5⤵
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
6⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
11⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
12⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58978.exe
13⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
9⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
7⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
9⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
10⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 220
11⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
10⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 220
9⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
8⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
7⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
6⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
8⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
9⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
10⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
10⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
9⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
8⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
7⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
5⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
6⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
7⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
8⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
9⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
10⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 220
10⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
9⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
8⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
7⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
6⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
5⤵
- Program crash
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
4⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
2⤵
- Program crash
PID:2708

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
Filesize
184KB

MD5
48b943126bc14cf0e74c87ce710ef8a0

SHA1
815343d78456e7b6126e5820f350a43de2502a4f

SHA256
dc041b54ed74a65663953e74846b37d947e6d5af31a9b59900df85d53a53007f

SHA512
1628ced191b649fbfd8646e0f45ae519232d5eafabbf6fc05524487fdf35a680a47a11a8f733fe0020b6fd2c4c926b9f6b72f108d2591c82fcbda959b4e9b876

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
Filesize
184KB

MD5
38a60297920d3e06a152d33f3fc1eafd

SHA1
5df112301895ddbffac4c2a4728b222418e21d12

SHA256
0738f72ae9886df7b08cf6b3451e8913b8481b89e03bcb925ff6275b53fe983f

SHA512
a97750ce21a512956614ec857bd0ddfafeefb6f6e1fbc7dcaf6db2efb3f62ccc0648822a28b8e010b8e781276f4df6296c96b79c4feb87bcc7e6bd9cad12c56d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
Filesize
184KB

MD5
d5d1d79cfeff7f321f5c6af2d4921ec0

SHA1
e470b85b03fd3ee67c89074cd1973e66892f3f9c

SHA256
b7b25d9099c99a6981347581c91a49711448f6f410fc0773e5a604f4fa16db9e

SHA512
2d32f3c9c7f3e5f82bbb7e3dc7e92df11794eee0efbe84cd0f7e6b5ce9fb844b706ae61a0cb48850c691ff3dff238dd53539c6bf51379af773ec689acd9b7869

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
Filesize
184KB

MD5
4a97c9765e054e01c3aab5497f7a9436

SHA1
35412ed6d302f14085d8a872885913fce04530af

SHA256
4722d63af0c557b59e8ee02dde83a099dfaa3773bc16813c82cf721def6783b1

SHA512
22907aa233e583606c1789c30525fc68f5c03ff92aaca4c20a476f5203013fdb783de980109bfae4115bb8b1c1665300b1d6b57a9939f526c34ca069a8e0dd73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
Filesize
184KB

MD5
484707bcc5e90d8482c115e10015b940

SHA1
a52fec155cc214c83039d5bc651b4f02c30720c0

SHA256
384959cdae690386f9a2e6a16df72b364e489189bf82e6aae9bb8ca40f9c5459

SHA512
78583a6d2478588456e738f3d9cade95c6c298978ce42d4c62acba18597a1389a97c905c72522da19a7ec5f71c780bd9041b1edeaddf1de2a4f30fe833c40251

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
Filesize
184KB

MD5
ed8bcfc43cfd91771bb0661646678e7a

SHA1
99e5bd6681b6896807992ce095cb2164e0f30586

SHA256
f7a7e6af451eba9284ec0967c3994d6d045b4c4db18a790a37cae7bfba5cb3d4

SHA512
ce01f53fc1d5678725eaadff978f0875bc64cae8dbf1f348eb55fa72341af1b739552189774fd732b4945e6d8586e1fb2cdd64f84ff8a54fc2b17d40c59f0428

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
Filesize
184KB

MD5
a0db6305d239c487460dd1c25d627a65

SHA1
8bf3a4c7242e0082cffc7bda2b144ba9bfc6bd3c

SHA256
f4abcd75e448892d3480ce88de9fb59f32bc8dff97583d44cf9f799cb6b69179

SHA512
5f1a8ffee01c4b7eb8d769f79e92ef4995e99426292265a724a6c5a362d42f7050aa47f110fac84dd83562f662f1c2241cce3274bbab3ce75aa18dae48f9309d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
Filesize
184KB

MD5
b805ede67e2415c4ee2680cafe22f6c9

SHA1
864c208cddb93c25eb253b80b300b407f872659b

SHA256
f11612f6eef87f152bf585f88a485fbe90924859e49dddff4304d3e7c4d57ac6

SHA512
403a435e1c002980b3384acc7c7fa13e1d8fbb15314d3bf3a7e3220bd0e05fbbb000bbdb13e096f78e5b2f24ee5e6a29f827fa21c81bb47acfcccbfdc09bf962

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
Filesize
184KB

MD5
beddf101fe9f013eb1bd050ecec8db2b

SHA1
fea720f012d67bb5ab885dcc46cb6ac83bfcc36d

SHA256
10d4cc8756450e9a2676571ef84a728f73b376965b5e08678d7c50cd7d24913f

SHA512
696eccdb13846633c8b48d2dd4ec3f924b595c3654132ffd3cc7cf80e12c6c6e543ba428ca6bba9c7ad561a548109cc2c549cf895a35ee235aedc6c724907086

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
Filesize
184KB

MD5
f9e69311167603fbfc3400d4ff8c6df9

SHA1
7de57fb3c163a188763f5e2623948902204880a0

SHA256
6ed3e1879fe548d77aad411e3ab1ca443ff3592acde2e0f0f528807b73476e09

SHA512
8db585fb5235018333c9ab69b0dfad230184430224bdb261ab688458f4b4cfdc958c9409c18ed1030e0720509bcc601c4bed25759b4a97b6f420bf9ae4795c3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
Filesize
184KB

MD5
17a0761477bf7f22b02beca9dad7edfe

SHA1
e3f6279432e462d7e413164d10bba388fff636ad

SHA256
a57d5994c48ffdaeb8fc499b57678b82d47c5a780e6fbe579a8daa65e42e28a5

SHA512
452499191850ddf9b8ddc259f54b5ec8377a62972236c1d837a27ebb9331047be86619543ca2ff21652de6d7406f2581aa5ff1d1ad516aa0843de601d6e8e9f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
Filesize
184KB

MD5
1452fa487ffa00eb233dba9725f43439

SHA1
881046faa675768bb6075af2cc9086931abfbc91

SHA256
dca8361996087d0310de935384500a2792b27139e5437c8720338b807de735be

SHA512
b28474d699d036ab5d56c50888f5934e27283d249c0c8215f9935827c2add56ef9328d116f2ae8053b9dc0b0bb40d7c8d9f8cbd37a48baf46e8742dc1c9e9fe4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
Filesize
184KB

MD5
3d9ad1dccc46f83d202c97790244562b

SHA1
3c5a85eb5b912f4e0f6c21b493f7576251321a8c

SHA256
61381cc21231ea27728b369aabb557bbf64a2598a0f9c94d343bf6638ff512d0

SHA512
80c70f522111c54d7a4134c789f0d38200a4de31c0016c106f70837ebe0129a8b17ef7ebf352dcc4e792fd74e4c000cee7a929bf71c6eb70b695a2e03aea802a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
Filesize
184KB

MD5
351ba581460363e6f5102cffed1ba1ad

SHA1
89c217c601efd1d39f749b0a0f183cb22342c70b

SHA256
a91a4c5bb6ccba4fe42530216c0df2056f912bc7ca37f4795750f80c7b476f13

SHA512
5e44cb30fb74c62768cc1cf97539e6fc37027863ebbea0858e22052cd0dca42c2b623d101f40cf3d7afd1fa815ca3114c2c2b1178cc8f8809e11cd722bfd22e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
Filesize
184KB

MD5
b9da5dea11157aea18ca1616f1e4fad1

SHA1
e2a245ec907e36c37545636ded9460dec99cf73f

SHA256
5f5780372b93d672faaa9ccfae191f9a6bb85d6e882717c9a3f7a4ceeec04a8c

SHA512
bd2fae4a31a7161ea7b5b78594ed6fc53f8cc4b5878839efbaeb9f41000714299ad539d62803dda17e9226efbc2884ec4ee7f3589a8a870368e024046b2a78a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
Filesize
184KB

MD5
31a8a3b891c9acc384668855e7f0ace6

SHA1
33066f554a61d3ae5a9ba5009345dd120bf3ef35

SHA256
9ceeba598fd45d10770dcea9ebf603f475683c871ff3ac37d0d28492244b1237

SHA512
851bea7c5accb070b074cd6448020095814eb19418f2a2c04a9beac2920f67189d70c206685966368b3696194a03857a9d34e3b3066bc26f646c0a8da1f302cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe
Filesize
184KB

MD5
376e1721cf1e13fe3d251bc8cbbf5095

SHA1
4dd18cf8befc3c1d92dc9537c993b5a6afd484ad

SHA256
49361559a52bcb207a34d0477b46ce8df4ad33723bd1f941e08bc0416f982690

SHA512
e9799cd7bf71d4af162c84e4aa72f457d2ff937f2bea89299854601063f30ad040100f3386baad2cbc944875a2f48d8e887903e6c3e9440fd9079f6cd04635e5

Download Submit
memory/3040-900-0x00000000029C0000-0x0000000002B1C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads