7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
Size

184KB
MD5

428fdf5376ac24097efb25c09273f1eb
SHA1

2bc9ea5e315106e6589d8fd27a07f0ef3023cb39
SHA256

7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74
SHA512

a22b21665077b84c032e598c341f1ad4937cd6994cf7f8b7a898c523a800a02a85f192d95b1a310db9da77b6189a0e001ff7a4c66752167838b2ffd59245621f
SSDEEP

3072:jHP4xQoumhTYmG/WW2S89hHPhlnViF3n3:jHNoXvG//8jHPhlnViF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-12521.exeUnicorn-63429.exeUnicorn-17758.exeUnicorn-21925.exeUnicorn-28701.exeUnicorn-17841.exeUnicorn-12962.exeUnicorn-23823.exeUnicorn-43689.exeUnicorn-43689.exeUnicorn-18670.exeUnicorn-23316.exeUnicorn-16278.exeUnicorn-17670.exeUnicorn-17670.exeUnicorn-60648.exeUnicorn-36698.exeUnicorn-3471.exeUnicorn-5972.exeUnicorn-62869.exeUnicorn-4109.exeUnicorn-58785.exeUnicorn-22029.exeUnicorn-10331.exeUnicorn-34281.exeUnicorn-11722.exeUnicorn-7638.exeUnicorn-53310.exeUnicorn-19699.exeUnicorn-54509.exeUnicorn-61286.exeUnicorn-41463.exeUnicorn-56408.exeUnicorn-10736.exeUnicorn-53907.exeUnicorn-3315.exeUnicorn-31349.exeUnicorn-38125.exeUnicorn-39517.exeUnicorn-55661.exeUnicorn-14306.exeUnicorn-29019.exeUnicorn-17321.exeUnicorn-27950.exeUnicorn-27950.exeUnicorn-53715.exeUnicorn-20528.exeUnicorn-20528.exeUnicorn-18905.exeUnicorn-13751.exeUnicorn-28696.exeUnicorn-55744.exeUnicorn-14903.exeUnicorn-10819.exeUnicorn-28286.exeUnicorn-52236.exeUnicorn-21510.exeUnicorn-60404.exeUnicorn-7311.exeUnicorn-22256.exeUnicorn-3227.exeUnicorn-3227.exeUnicorn-18172.exeUnicorn-57067.exe

pid	process
2084	Unicorn-12521.exe
2776	Unicorn-63429.exe
2336	Unicorn-17758.exe
2844	Unicorn-21925.exe
2716	Unicorn-28701.exe
2744	Unicorn-17841.exe
1612	Unicorn-12962.exe
804	Unicorn-23823.exe
2600	Unicorn-43689.exe
1568	Unicorn-43689.exe
1916	Unicorn-18670.exe
1920	Unicorn-23316.exe
1328	Unicorn-16278.exe
2920	Unicorn-17670.exe
2344	Unicorn-17670.exe
2464	Unicorn-60648.exe
2864	Unicorn-36698.exe
1964	Unicorn-3471.exe
2308	Unicorn-5972.exe
1540	Unicorn-62869.exe
1484	Unicorn-4109.exe
3016	Unicorn-58785.exe
1336	Unicorn-22029.exe
1604	Unicorn-10331.exe
2880	Unicorn-34281.exe
820	Unicorn-11722.exe
2992	Unicorn-7638.exe
2584	Unicorn-53310.exe
2312	Unicorn-19699.exe
1812	Unicorn-54509.exe
2028	Unicorn-61286.exe
1708	Unicorn-41463.exe
2328	Unicorn-56408.exe
2704	Unicorn-10736.exe
1808	Unicorn-53907.exe
2288	Unicorn-3315.exe
2556	Unicorn-31349.exe
2496	Unicorn-38125.exe
1728	Unicorn-39517.exe
1200	Unicorn-55661.exe
1504	Unicorn-14306.exe
1620	Unicorn-29019.exe
1792	Unicorn-17321.exe
1844	Unicorn-27950.exe
2976	Unicorn-27950.exe
2224	Unicorn-53715.exe
2424	Unicorn-20528.exe
2244	Unicorn-20528.exe
1280	Unicorn-18905.exe
1352	Unicorn-13751.exe
836	Unicorn-28696.exe
348	Unicorn-55744.exe
1264	Unicorn-14903.exe
884	Unicorn-10819.exe
1960	Unicorn-28286.exe
2736	Unicorn-52236.exe
2144	Unicorn-21510.exe
2260	Unicorn-60404.exe
1456	Unicorn-7311.exe
2284	Unicorn-22256.exe
2644	Unicorn-3227.exe
2700	Unicorn-3227.exe
2724	Unicorn-18172.exe
2672	Unicorn-57067.exe

Loads dropped DLL 64 IoCs

Processes:

7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exeUnicorn-12521.exeUnicorn-17758.exeUnicorn-63429.exeWerFault.exeUnicorn-21925.exeUnicorn-17841.exeUnicorn-28701.exeWerFault.exeWerFault.exeUnicorn-12962.exeUnicorn-43689.exeUnicorn-18670.exeUnicorn-43689.exeUnicorn-23823.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
2084	Unicorn-12521.exe
1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
2084	Unicorn-12521.exe
2336	Unicorn-17758.exe
2336	Unicorn-17758.exe
2084	Unicorn-12521.exe
2084	Unicorn-12521.exe
2776	Unicorn-63429.exe
2776	Unicorn-63429.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2844	Unicorn-21925.exe
2844	Unicorn-21925.exe
2336	Unicorn-17758.exe
2336	Unicorn-17758.exe
2744	Unicorn-17841.exe
2716	Unicorn-28701.exe
2776	Unicorn-63429.exe
2744	Unicorn-17841.exe
2776	Unicorn-63429.exe
2716	Unicorn-28701.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2416	WerFault.exe
1612	Unicorn-12962.exe
1612	Unicorn-12962.exe
2844	Unicorn-21925.exe
2844	Unicorn-21925.exe
1568	Unicorn-43689.exe
1916	Unicorn-18670.exe
1916	Unicorn-18670.exe
1568	Unicorn-43689.exe
2600	Unicorn-43689.exe
2600	Unicorn-43689.exe
804	Unicorn-23823.exe
804	Unicorn-23823.exe
2716	Unicorn-28701.exe
2744	Unicorn-17841.exe
2716	Unicorn-28701.exe
2744	Unicorn-17841.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
636	WerFault.exe
636	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2852	1952	WerFault.exe	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
2924	2084	WerFault.exe	Unicorn-12521.exe
2416	2336	WerFault.exe	Unicorn-17758.exe
2436	2776	WerFault.exe	Unicorn-63429.exe
2876	2844	WerFault.exe	Unicorn-21925.exe
688	2744	WerFault.exe	Unicorn-17841.exe
636	2716	WerFault.exe	Unicorn-28701.exe
1584	1612	WerFault.exe	Unicorn-12962.exe
2472	1916	WerFault.exe	Unicorn-18670.exe
848	1568	WerFault.exe	Unicorn-43689.exe
1788	2600	WerFault.exe	Unicorn-43689.exe
3064	804	WerFault.exe	Unicorn-23823.exe
2812	1920	WerFault.exe	Unicorn-23316.exe
380	1328	WerFault.exe	Unicorn-16278.exe
1260	2920	WerFault.exe	Unicorn-17670.exe
664	2464	WerFault.exe	Unicorn-60648.exe
1896	2344	WerFault.exe	Unicorn-17670.exe
2140	2864	WerFault.exe	Unicorn-36698.exe
1704	2308	WerFault.exe	Unicorn-5972.exe
1544	1964	WerFault.exe	Unicorn-3471.exe
2856	1540	WerFault.exe	Unicorn-62869.exe
2096	1484	WerFault.exe	Unicorn-4109.exe
2228	3016	WerFault.exe	Unicorn-58785.exe
3028	1336	WerFault.exe	Unicorn-22029.exe
2768	1604	WerFault.exe	Unicorn-10331.exe
2760	2880	WerFault.exe	Unicorn-34281.exe
2748	820	WerFault.exe	Unicorn-11722.exe
1656	1812	WerFault.exe	Unicorn-54509.exe
1740	2992	WerFault.exe	Unicorn-7638.exe
2024	2584	WerFault.exe	Unicorn-53310.exe
1064	2028	WerFault.exe	Unicorn-61286.exe
2476	2312	WerFault.exe	Unicorn-19699.exe
3340	2288	WerFault.exe	Unicorn-3315.exe
3372	2496	WerFault.exe	Unicorn-38125.exe
3364	1708	WerFault.exe	Unicorn-41463.exe
3484	2328	WerFault.exe	Unicorn-56408.exe
3492	1808	WerFault.exe	Unicorn-53907.exe
3516	1620	WerFault.exe	Unicorn-29019.exe
3556	1504	WerFault.exe	Unicorn-14306.exe
3564	1844	WerFault.exe	Unicorn-27950.exe
3572	2704	WerFault.exe	Unicorn-10736.exe
3616	1352	WerFault.exe	Unicorn-13751.exe
3764	2424	WerFault.exe	Unicorn-20528.exe
3480	836	WerFault.exe	Unicorn-28696.exe
3704	2224	WerFault.exe	Unicorn-53715.exe
3720	1792	WerFault.exe	Unicorn-17321.exe
4020	1728	WerFault.exe	Unicorn-39517.exe
4056	1200	WerFault.exe	Unicorn-55661.exe
4072	1636	WerFault.exe	Unicorn-34747.exe
3116	1280	WerFault.exe	Unicorn-18905.exe
3252	2700	WerFault.exe	Unicorn-3227.exe
3380	2204	WerFault.exe	Unicorn-40346.exe
3440	1968	WerFault.exe	Unicorn-32178.exe
3444	1820	WerFault.exe	Unicorn-4981.exe
3464	2104	WerFault.exe	Unicorn-32178.exe
3476	2596	WerFault.exe	Unicorn-32178.exe
3820	2276	WerFault.exe	Unicorn-52044.exe
3900	2740	WerFault.exe	Unicorn-42676.exe
3872	1456	WerFault.exe	Unicorn-7311.exe
3980	1296	WerFault.exe	Unicorn-62905.exe
304	1284	WerFault.exe	Unicorn-17234.exe
3220	2644	WerFault.exe	Unicorn-3227.exe
3272	3008	WerFault.exe	Unicorn-58458.exe
3524	2724	WerFault.exe	Unicorn-18172.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exeUnicorn-12521.exeUnicorn-17758.exeUnicorn-63429.exeUnicorn-21925.exeUnicorn-28701.exeUnicorn-17841.exeUnicorn-12962.exeUnicorn-43689.exeUnicorn-23823.exeUnicorn-43689.exeUnicorn-18670.exeUnicorn-23316.exeUnicorn-16278.exeUnicorn-17670.exeUnicorn-17670.exeUnicorn-60648.exeUnicorn-3471.exeUnicorn-36698.exeUnicorn-5972.exeUnicorn-62869.exeUnicorn-4109.exeUnicorn-58785.exeUnicorn-22029.exeUnicorn-10331.exeUnicorn-34281.exeUnicorn-11722.exeUnicorn-7638.exeUnicorn-53310.exeUnicorn-19699.exeUnicorn-54509.exeUnicorn-61286.exeUnicorn-41463.exeUnicorn-56408.exeUnicorn-53907.exeUnicorn-10736.exeUnicorn-3315.exeUnicorn-38125.exeUnicorn-31349.exeUnicorn-39517.exeUnicorn-55661.exeUnicorn-14306.exeUnicorn-29019.exeUnicorn-17321.exeUnicorn-27950.exeUnicorn-27950.exeUnicorn-53715.exeUnicorn-20528.exeUnicorn-20528.exeUnicorn-18905.exeUnicorn-13751.exeUnicorn-28696.exeUnicorn-55744.exeUnicorn-14903.exeUnicorn-10819.exeUnicorn-28286.exeUnicorn-52236.exeUnicorn-21510.exeUnicorn-7311.exeUnicorn-60404.exeUnicorn-3227.exeUnicorn-3227.exeUnicorn-22256.exeUnicorn-18172.exe

pid	process
1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
2084	Unicorn-12521.exe
2336	Unicorn-17758.exe
2776	Unicorn-63429.exe
2844	Unicorn-21925.exe
2716	Unicorn-28701.exe
2744	Unicorn-17841.exe
1612	Unicorn-12962.exe
2600	Unicorn-43689.exe
804	Unicorn-23823.exe
1568	Unicorn-43689.exe
1916	Unicorn-18670.exe
1920	Unicorn-23316.exe
1328	Unicorn-16278.exe
2344	Unicorn-17670.exe
2920	Unicorn-17670.exe
2464	Unicorn-60648.exe
1964	Unicorn-3471.exe
2864	Unicorn-36698.exe
2308	Unicorn-5972.exe
1540	Unicorn-62869.exe
1484	Unicorn-4109.exe
3016	Unicorn-58785.exe
1336	Unicorn-22029.exe
1604	Unicorn-10331.exe
2880	Unicorn-34281.exe
820	Unicorn-11722.exe
2992	Unicorn-7638.exe
2584	Unicorn-53310.exe
2312	Unicorn-19699.exe
1812	Unicorn-54509.exe
2028	Unicorn-61286.exe
1708	Unicorn-41463.exe
2328	Unicorn-56408.exe
1808	Unicorn-53907.exe
2704	Unicorn-10736.exe
2288	Unicorn-3315.exe
2496	Unicorn-38125.exe
2556	Unicorn-31349.exe
1728	Unicorn-39517.exe
1200	Unicorn-55661.exe
1504	Unicorn-14306.exe
1620	Unicorn-29019.exe
1792	Unicorn-17321.exe
1844	Unicorn-27950.exe
2976	Unicorn-27950.exe
2224	Unicorn-53715.exe
2424	Unicorn-20528.exe
2244	Unicorn-20528.exe
1280	Unicorn-18905.exe
1352	Unicorn-13751.exe
836	Unicorn-28696.exe
348	Unicorn-55744.exe
1264	Unicorn-14903.exe
884	Unicorn-10819.exe
1960	Unicorn-28286.exe
2736	Unicorn-52236.exe
2144	Unicorn-21510.exe
1456	Unicorn-7311.exe
2260	Unicorn-60404.exe
2700	Unicorn-3227.exe
2644	Unicorn-3227.exe
2284	Unicorn-22256.exe
2724	Unicorn-18172.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exeUnicorn-12521.exeUnicorn-17758.exeUnicorn-63429.exeUnicorn-21925.exeUnicorn-17841.exeUnicorn-28701.exeUnicorn-12962.exe

description	pid	process	target process
PID 1952 wrote to memory of 2084	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-12521.exe
PID 1952 wrote to memory of 2084	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-12521.exe
PID 1952 wrote to memory of 2084	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-12521.exe
PID 1952 wrote to memory of 2084	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-12521.exe
PID 1952 wrote to memory of 2776	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-63429.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-12521.exe	Unicorn-17758.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-12521.exe	Unicorn-17758.exe
PID 1952 wrote to memory of 2776	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-63429.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-12521.exe	Unicorn-17758.exe
PID 1952 wrote to memory of 2776	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-63429.exe
PID 2084 wrote to memory of 2336	2084	Unicorn-12521.exe	Unicorn-17758.exe
PID 1952 wrote to memory of 2776	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	Unicorn-63429.exe
PID 1952 wrote to memory of 2852	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	WerFault.exe
PID 1952 wrote to memory of 2852	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	WerFault.exe
PID 1952 wrote to memory of 2852	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	WerFault.exe
PID 1952 wrote to memory of 2852	1952	7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe	WerFault.exe
PID 2336 wrote to memory of 2844	2336	Unicorn-17758.exe	Unicorn-21925.exe
PID 2336 wrote to memory of 2844	2336	Unicorn-17758.exe	Unicorn-21925.exe
PID 2336 wrote to memory of 2844	2336	Unicorn-17758.exe	Unicorn-21925.exe
PID 2336 wrote to memory of 2844	2336	Unicorn-17758.exe	Unicorn-21925.exe
PID 2084 wrote to memory of 2716	2084	Unicorn-12521.exe	Unicorn-28701.exe
PID 2084 wrote to memory of 2716	2084	Unicorn-12521.exe	Unicorn-28701.exe
PID 2084 wrote to memory of 2716	2084	Unicorn-12521.exe	Unicorn-28701.exe
PID 2084 wrote to memory of 2716	2084	Unicorn-12521.exe	Unicorn-28701.exe
PID 2776 wrote to memory of 2744	2776	Unicorn-63429.exe	Unicorn-17841.exe
PID 2776 wrote to memory of 2744	2776	Unicorn-63429.exe	Unicorn-17841.exe
PID 2776 wrote to memory of 2744	2776	Unicorn-63429.exe	Unicorn-17841.exe
PID 2776 wrote to memory of 2744	2776	Unicorn-63429.exe	Unicorn-17841.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-12521.exe	WerFault.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-12521.exe	WerFault.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-12521.exe	WerFault.exe
PID 2084 wrote to memory of 2924	2084	Unicorn-12521.exe	WerFault.exe
PID 2844 wrote to memory of 1612	2844	Unicorn-21925.exe	Unicorn-12962.exe
PID 2844 wrote to memory of 1612	2844	Unicorn-21925.exe	Unicorn-12962.exe
PID 2844 wrote to memory of 1612	2844	Unicorn-21925.exe	Unicorn-12962.exe
PID 2844 wrote to memory of 1612	2844	Unicorn-21925.exe	Unicorn-12962.exe
PID 2336 wrote to memory of 804	2336	Unicorn-17758.exe	Unicorn-23823.exe
PID 2336 wrote to memory of 804	2336	Unicorn-17758.exe	Unicorn-23823.exe
PID 2336 wrote to memory of 804	2336	Unicorn-17758.exe	Unicorn-23823.exe
PID 2336 wrote to memory of 804	2336	Unicorn-17758.exe	Unicorn-23823.exe
PID 2744 wrote to memory of 2600	2744	Unicorn-17841.exe	Unicorn-43689.exe
PID 2744 wrote to memory of 2600	2744	Unicorn-17841.exe	Unicorn-43689.exe
PID 2744 wrote to memory of 2600	2744	Unicorn-17841.exe	Unicorn-43689.exe
PID 2744 wrote to memory of 2600	2744	Unicorn-17841.exe	Unicorn-43689.exe
PID 2776 wrote to memory of 1916	2776	Unicorn-63429.exe	Unicorn-18670.exe
PID 2776 wrote to memory of 1916	2776	Unicorn-63429.exe	Unicorn-18670.exe
PID 2776 wrote to memory of 1916	2776	Unicorn-63429.exe	Unicorn-18670.exe
PID 2776 wrote to memory of 1916	2776	Unicorn-63429.exe	Unicorn-18670.exe
PID 2716 wrote to memory of 1568	2716	Unicorn-28701.exe	Unicorn-43689.exe
PID 2716 wrote to memory of 1568	2716	Unicorn-28701.exe	Unicorn-43689.exe
PID 2716 wrote to memory of 1568	2716	Unicorn-28701.exe	Unicorn-43689.exe
PID 2716 wrote to memory of 1568	2716	Unicorn-28701.exe	Unicorn-43689.exe
PID 2336 wrote to memory of 2416	2336	Unicorn-17758.exe	WerFault.exe
PID 2336 wrote to memory of 2416	2336	Unicorn-17758.exe	WerFault.exe
PID 2336 wrote to memory of 2416	2336	Unicorn-17758.exe	WerFault.exe
PID 2336 wrote to memory of 2416	2336	Unicorn-17758.exe	WerFault.exe
PID 2776 wrote to memory of 2436	2776	Unicorn-63429.exe	WerFault.exe
PID 2776 wrote to memory of 2436	2776	Unicorn-63429.exe	WerFault.exe
PID 2776 wrote to memory of 2436	2776	Unicorn-63429.exe	WerFault.exe
PID 2776 wrote to memory of 2436	2776	Unicorn-63429.exe	WerFault.exe
PID 1612 wrote to memory of 1920	1612	Unicorn-12962.exe	Unicorn-23316.exe
PID 1612 wrote to memory of 1920	1612	Unicorn-12962.exe	Unicorn-23316.exe
PID 1612 wrote to memory of 1920	1612	Unicorn-12962.exe	Unicorn-23316.exe
PID 1612 wrote to memory of 1920	1612	Unicorn-12962.exe	Unicorn-23316.exe

C:\Users\Admin\AppData\Local\Temp\7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe
"C:\Users\Admin\AppData\Local\Temp\7e695f1135271611eb1fd144bef6aad1dddad32096d13616b78116d56dd3ce74.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
10⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
11⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
12⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
13⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
14⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
15⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
15⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
14⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
13⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
12⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
11⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
11⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
12⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
13⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
14⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
14⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
13⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
12⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
11⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
9⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
11⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
12⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
13⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
14⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
14⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 220
13⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
12⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
10⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
9⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
9⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
10⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
11⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
12⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 236
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
12⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
11⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
11⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
12⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
13⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
13⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 220
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
9⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
8⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
9⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
11⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
12⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
13⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
14⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 236
14⤵
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
13⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
12⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
11⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
10⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
10⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
12⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
12⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
13⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
13⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 220
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
11⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
9⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
8⤵
- Program crash
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
7⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4104.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
11⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
12⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
13⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 220
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
9⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
8⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
7⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
8⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
10⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
11⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
12⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
13⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
13⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 236
12⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
11⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
8⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
7⤵
- Program crash
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
9⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
10⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
11⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
12⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
13⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
14⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
14⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
13⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
12⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
11⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
12⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
13⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
11⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
9⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
8⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
10⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
11⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
12⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
13⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
12⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
9⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
8⤵
- Program crash
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
11⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
12⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
13⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
10⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
11⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 236
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
10⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
9⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
8⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
7⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
11⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-36064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36064.exe
12⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
12⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
13⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 220
12⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
11⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
12⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 236
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
10⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
11⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 236
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
10⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
9⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
7⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
10⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
11⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
12⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
11⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
8⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
7⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
6⤵
- Program crash
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
8⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
9⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
10⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
11⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
12⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
13⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
13⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
12⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
10⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
9⤵
- Program crash
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
8⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
11⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
12⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
13⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 220
13⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
9⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
8⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
8⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
12⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
13⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 220
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
10⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
11⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
12⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
12⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 220
11⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
10⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
7⤵
- Program crash
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
8⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
11⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
12⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
13⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
11⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
8⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
7⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
8⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
10⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
11⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
10⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
9⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
8⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
6⤵
- Program crash
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
7⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
8⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
10⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
11⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 220
11⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
9⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
8⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
7⤵
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-33181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33181.exe
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
9⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
10⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
11⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
9⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
8⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 220
7⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
6⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
7⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
9⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
10⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
10⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
9⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
8⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
7⤵
- Program crash
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
6⤵
- Program crash
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
5⤵
- Program crash
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28701.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
10⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
11⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
12⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
13⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
14⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 216
14⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
13⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
12⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
11⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
12⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
13⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 236
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 220
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
11⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
12⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
13⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
9⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
8⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
11⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
12⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 236
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
10⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
7⤵
- Program crash
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
10⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
11⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
12⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
11⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
9⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
8⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-7986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7986.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
10⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
11⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
11⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
8⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
7⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
6⤵
- Program crash
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
5⤵
- Program crash
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
7⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
8⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
11⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
10⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
8⤵
- Program crash
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
9⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
10⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
11⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 216
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
10⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
8⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
7⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
6⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
7⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
9⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
10⤵
PID:8912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
11⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
10⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
9⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
7⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
6⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
6⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-58152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58152.exe
8⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
9⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
10⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
11⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
11⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
10⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
9⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
8⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
7⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
6⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
5⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
9⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
11⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
12⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
13⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
12⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 216
10⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
9⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
10⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
11⤵
PID:9228

C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9228 -s 236
12⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
11⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 220
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
7⤵
- Executes dropped EXE
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
11⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
12⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
13⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
9⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
10⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
8⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
10⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
11⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
12⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
13⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
11⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
9⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
11⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
10⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
7⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
6⤵
- Program crash
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
12⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
13⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 236
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
10⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
10⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
8⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
8⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
9⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 240
10⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
8⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
7⤵
- Program crash
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
6⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
7⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
10⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
11⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 236
11⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
8⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
7⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
6⤵
- Program crash
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
5⤵
- Program crash
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
7⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
8⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
11⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
12⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
13⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
8⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
10⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
11⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 236
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 236
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
9⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
7⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
10⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
11⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
12⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
11⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
10⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
9⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
7⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
6⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
7⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
10⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
11⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
10⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
9⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
8⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
7⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
6⤵
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
6⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
7⤵
PID:396

C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
12⤵
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 236
11⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
10⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 236
8⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
8⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
9⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
10⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
10⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
9⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 220
7⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
6⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 220
7⤵
- Program crash
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
6⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
5⤵
- Program crash
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 220
8⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
7⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
9⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
10⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
11⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
11⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
9⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
6⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
7⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
10⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
11⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
12⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 236
11⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
8⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
8⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
9⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
10⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
11⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 236
10⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
9⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
8⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 220
7⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
6⤵
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
7⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
11⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
12⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
11⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
10⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
9⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
10⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
11⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 216
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 220
10⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
9⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
8⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
7⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
6⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
7⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
8⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
9⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
10⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
11⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
11⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
10⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
9⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
8⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
7⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 220
6⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
5⤵
- Program crash
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
6⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
7⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
8⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
9⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
10⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 236
10⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
9⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
8⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
7⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
6⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
7⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
8⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
9⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
10⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
10⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
9⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
8⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
7⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
6⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
5⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
6⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
7⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
8⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
9⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
10⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
10⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
9⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 236
8⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 236
7⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
6⤵
- Program crash
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
5⤵
- Program crash
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
4⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
2⤵
- Program crash
PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe

Filesize
184KB

MD5
a93775e7401148e017b1d52128aba173

SHA1
d6edc0e8f21ad7e2caa7ac88ae576605d9d4d2ec

SHA256
91dfb28a4fdb14a802d6a31002cd95860c1a436aa3801785a272d566d2d4c79b

SHA512
0a25ec784092b930bf23d915dee6a235f16f228c7f6c5ec48fe60ebe4312c7e7e01046fead6386a4181d6c284c1a74a2f4e172e45118f392cc2ed10d5126970b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe

Filesize
184KB

MD5
a8dcee7fc0340afdd15edbb86707c836

SHA1
f98b670635a5b332238dafdbebdb5e77cb528a49

SHA256
af02577716c5ea6bc53e6e627e394ce20e674f5044a7a7e80d83e1530843af53

SHA512
9cc314cd502efe447f4626a930da596210b6982855cd2ac92e2edc7b32a0c0aa57fe493a6a8093807d509b556fee21da1845994264c5cc5c9c4672e1d601fe4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe

Filesize
184KB

MD5
4ba96bbf53652f3e85735ede5ccd2c9e

SHA1
dab05ac1ea34146a95aeac2bb97f7ed558567a50

SHA256
2d35d39f4121248e3d7342d8251b9ffca740cd50835f9ddc63e35a62a3474559

SHA512
36b4f9816d98600f541f5277f9638846f5dc2ffa5861e95b7c5b603002cf9ab79019fe2e93878282bd524918bae62b6e1457c362dcee6481098292db17cf8667

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe

Filesize
184KB

MD5
693124468d014cd923107e6b1595e03f

SHA1
58ea7cd9a012066fb9e7f64d43b115cfd7941aa5

SHA256
67bff4bf418c9844cc365d42ef3c528c241d1482f4409b11c82b109f53b5b81e

SHA512
07216ac010b6b8c076c612c6e880a3df3ee9295503af5913c22869c628fc8a5ed3f6efecf4d21978e0ca2212594a9b97b47c08e3491e36b791a97379deaae431

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe

Filesize
184KB

MD5
9d3cf8a243a76e2a28c71ee92d5a3c4a

SHA1
33128d4cf0a9de0d93b63cedd45faf86844d35a4

SHA256
a30d821f19bdecf1a3034dfc1c6e282f0e68ae012bcd839a358a98482868237b

SHA512
80d1269b193d1d2c6053690910248814358d7f47361db455ee2f3a7e6010d486d662574b80ce837dc9a5a3260901f74a1f5466ed7b326c4055b87bb628787cc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe

Filesize
184KB

MD5
6d42d53f5e120dc86271fb61714d316c

SHA1
fc64655fc2b00b76b1d575ec46ac4a91dbbccff2

SHA256
64261ad45bf41e3aa04d55fcefb91d7ea11026f7faa836daf3cfdc8aaec80b5d

SHA512
e5642744a5b750807960938945603a9399290ee505b59c011709308f20e4a10ddc088dbdb6ab80df6ed1e66cc8f90dd03e5cfc581cd71e2dd115aeedde694fd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe

Filesize
184KB

MD5
3c139768f3ada6a6d4b7b0249fe0c4c2

SHA1
b5da5d1b4aa0d68c1fbb0cfbcb4bf1009015e8c6

SHA256
ad5946e20e1ca1da66f9690c22b49fb7ee83e37e7841353b5cd9582eea18631a

SHA512
d3b08a3fefbc4620b4cddeba5759ebc9ac1f9ea85e979606c3ddb0a40cb7402c37a048d2768ace8b06977fac61992507e3d84b60aa5b02f64851c1addfa8e105

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe

Filesize
184KB

MD5
6a24770551cb28a4886200722ae657b3

SHA1
1a2742a8eff83b7f76ce1bd3371535a7a3f88ee6

SHA256
be1d9c0cb1282d71908beb9d9d5fd431d682bce46e5f352ce8fca9b3c298ce7f

SHA512
354d6f6b06dcd03fb59848f56e10302092653e2ff42c6fcdf6748573c57e419a705ec3f80ec924f3a52dc2ad91994d87da2426348dba2c4b817c17504de0c984

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe

Filesize
184KB

MD5
b34b1012f5f4d1878775097ad4df72d2

SHA1
b2cd5e8f461a064887b5e638df1cd36b7bbb965d

SHA256
298aaa7e94151fbcd6e41df12dd3faab3ddae0958f209c06cbc6359d83fcb45e

SHA512
6cf86bc2f0fc50e0a9689dfbd68073a641e8070bfc8cec1717fefe196720c9c7f08410aa23f4b76cbf6a61edbb50150f2cfaaa79025b2af5dc282ce6b7bce929

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe

Filesize
184KB

MD5
4f9ba6bb508269c75b472f3976e71be9

SHA1
297af66c8f26a8d46ad8e29346b49b0aee8a3144

SHA256
b509becfcf861dd723a80236c510440ab3daf6b06c2b32ed71af2745bf3ad7cf

SHA512
f33529042b1dd9c07c3fd9c80e03c6c38d2d49ff39ddb61b70c1df2370867ff644f104d5a21af69423bcc7eea1cbb8d05a5387640f313443b747da4d562ec155

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe

Filesize
184KB

MD5
d98ffa0585e976a6b6eb939ffe1769d2

SHA1
d4bc91e4996b6a5ac85842dad95da201f51c0281

SHA256
e16f39c09820672f7320d490d14b53df3b10cf47e27fe6c09f5f587225bd0dea

SHA512
513aef1b41bf34dea679ed9d8212ac489ac242a28aa2c28fd602578fdf46fb9f6e1251fc300b9aa9f4af6e53197ef9d2e92eacac2b15d009027d0cd138058918

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe

Filesize
184KB

MD5
09771dd6cc8b62b61e3d4e85ba8b0cbc

SHA1
6ce149c6b98aa638e94715170e7b10e9f1191894

SHA256
60ac242ea96d294319fc0eec089ab2c3d1c0efde45cc79473f2217de04e9ecc6

SHA512
391f3249c5a4066e750911382065aac715f09be2768cf9ee534b5927bf2691d8599658b20271f9e28dcc7477ce4b70dcd67a09c0aca55305542a5554985f7c65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28701.exe

Filesize
184KB

MD5
2383c2f5b230a7bb86b0bb9164c3c98b

SHA1
0580a1a8725cc2992f37d8c0b1d89900c4a75453

SHA256
b9211016c35be8d42f917a5321e9a6584430b4ed958f9931857b9cacef793348

SHA512
5033dc605575ecec08ee08750db40f268bba1be10bf8572f85a8b28b82b4086c5b2e614d734a3eba28243e4ce1ac6d2bed3e057e3a5240867d3d5cbf3c636a2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe

Filesize
184KB

MD5
a74dfff762017887bb4a62908846d941

SHA1
a384efdc38ffe1852cb0e26ca86994c6a929e7c5

SHA256
93354daec6c47cc41c0afdb01b0bd0f193c4f019b020522610a40fa01a1ca50e

SHA512
bb1254972d4c05d04c8e520d6bac7e02c32122187deae33f333469d980f9d915f5ceeb8de3eb26fbea685cd7c7e804ea8dd139cd60d225dd4206ab6c8ab17c8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe

Filesize
184KB

MD5
c216aa45103f8c17197133c59972839e

SHA1
8b17de45cffdca8198eb507eeb1d195dd074192e

SHA256
6672ba2d29023c0fe96bc68964346c5859141cea33cb9953ce5cd4528ace1e36

SHA512
c8452c44c988d4acdb0b8ee7eb34b83df694d744cc338927aab2f07a72c1c955eaf89435955ae6525ca9d1eab9c628e3e25f6ae88468333fb10ebf8bb4fa33dc

Download Submit