7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
Size

184KB
MD5

44da88b91e3585481a7df876dfc110c5
SHA1

316552c44717ba9bce38c6f16c80c2e9e46febbf
SHA256

7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1
SHA512

bf8f4b9c9a0322d60ba8d62aa439678e7105d953f859dae09ae90c4cbd1743287f9c79a4a95822b690a6ec2e2b89f72f5d34bafc517f3e3cbc07e3484a000192
SSDEEP

3072:8Nl3D8ofXYhTdF5We07XRtsJhlnYiFFn3:8NmoSJF5EXbsJhlnYiFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-52350.exeUnicorn-31977.exeUnicorn-12111.exeUnicorn-18547.exeUnicorn-33491.exeUnicorn-53357.exeUnicorn-45272.exeUnicorn-60217.exeUnicorn-49356.exeUnicorn-41742.exeUnicorn-18630.exeUnicorn-59745.exeUnicorn-52132.exeUnicorn-33103.exeUnicorn-61883.exeUnicorn-31157.exeUnicorn-37933.exeUnicorn-11291.exeUnicorn-15781.exeUnicorn-57368.exeUnicorn-54867.exeUnicorn-24141.exeUnicorn-30917.exeUnicorn-12443.exeUnicorn-5666.exeUnicorn-16527.exeUnicorn-48645.exeUnicorn-9750.exeUnicorn-55422.exeUnicorn-44561.exeUnicorn-50866.exeUnicorn-26916.exeUnicorn-54950.exeUnicorn-63118.exeUnicorn-8982.exeUnicorn-63658.exeUnicorn-45184.exeUnicorn-14457.exeUnicorn-41100.exeUnicorn-56045.exeUnicorn-33486.exeUnicorn-61712.exeUnicorn-11120.exeUnicorn-37762.exeUnicorn-57628.exeUnicorn-7036.exeUnicorn-26902.exeUnicorn-8510.exeUnicorn-897.exeUnicorn-16679.exeUnicorn-28931.exeUnicorn-43876.exeUnicorn-37099.exeUnicorn-25593.exeUnicorn-41375.exeUnicorn-33761.exeUnicorn-39237.exeUnicorn-46014.exeUnicorn-12402.exeUnicorn-27347.exeUnicorn-8318.exeUnicorn-705.exeUnicorn-20571.exeUnicorn-16487.exe

pid	process
2988	Unicorn-52350.exe
1940	Unicorn-31977.exe
3032	Unicorn-12111.exe
2868	Unicorn-18547.exe
2620	Unicorn-33491.exe
2500	Unicorn-53357.exe
1568	Unicorn-45272.exe
796	Unicorn-60217.exe
1456	Unicorn-49356.exe
2804	Unicorn-41742.exe
1312	Unicorn-18630.exe
1632	Unicorn-59745.exe
1740	Unicorn-52132.exe
2332	Unicorn-33103.exe
1548	Unicorn-61883.exe
2432	Unicorn-31157.exe
1468	Unicorn-37933.exe
692	Unicorn-11291.exe
2260	Unicorn-15781.exe
840	Unicorn-57368.exe
1800	Unicorn-54867.exe
1988	Unicorn-24141.exe
972	Unicorn-30917.exe
900	Unicorn-12443.exe
2388	Unicorn-5666.exe
1512	Unicorn-16527.exe
688	Unicorn-48645.exe
1772	Unicorn-9750.exe
1976	Unicorn-55422.exe
2384	Unicorn-44561.exe
2608	Unicorn-50866.exe
2664	Unicorn-26916.exe
2276	Unicorn-54950.exe
1852	Unicorn-63118.exe
2448	Unicorn-8982.exe
2492	Unicorn-63658.exe
2956	Unicorn-45184.exe
2728	Unicorn-14457.exe
2720	Unicorn-41100.exe
2168	Unicorn-56045.exe
1984	Unicorn-33486.exe
2816	Unicorn-61712.exe
2008	Unicorn-11120.exe
2212	Unicorn-37762.exe
2936	Unicorn-57628.exe
1712	Unicorn-7036.exe
2320	Unicorn-26902.exe
1664	Unicorn-8510.exe
1896	Unicorn-897.exe
1536	Unicorn-16679.exe
472	Unicorn-28931.exe
572	Unicorn-43876.exe
1440	Unicorn-37099.exe
884	Unicorn-25593.exe
1600	Unicorn-41375.exe
1720	Unicorn-33761.exe
2180	Unicorn-39237.exe
2780	Unicorn-46014.exe
2596	Unicorn-12402.exe
2632	Unicorn-27347.exe
2860	Unicorn-8318.exe
2948	Unicorn-705.exe
2520	Unicorn-20571.exe
2684	Unicorn-16487.exe

Loads dropped DLL 64 IoCs

Processes:

7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exeUnicorn-52350.exeUnicorn-31977.exeUnicorn-12111.exeWerFault.exeUnicorn-18547.exeUnicorn-33491.exeUnicorn-53357.exeWerFault.exeWerFault.exeUnicorn-45272.exeUnicorn-60217.exeUnicorn-41742.exeUnicorn-18630.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
2988	Unicorn-52350.exe
2988	Unicorn-52350.exe
2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
1940	Unicorn-31977.exe
2988	Unicorn-52350.exe
1940	Unicorn-31977.exe
2988	Unicorn-52350.exe
3032	Unicorn-12111.exe
3032	Unicorn-12111.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2868	Unicorn-18547.exe
2868	Unicorn-18547.exe
1940	Unicorn-31977.exe
1940	Unicorn-31977.exe
2620	Unicorn-33491.exe
2620	Unicorn-33491.exe
2500	Unicorn-53357.exe
3032	Unicorn-12111.exe
2500	Unicorn-53357.exe
3032	Unicorn-12111.exe
3060	WerFault.exe
3060	WerFault.exe
3060	WerFault.exe
3060	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
3060	WerFault.exe
2636	WerFault.exe
1568	Unicorn-45272.exe
1568	Unicorn-45272.exe
2868	Unicorn-18547.exe
2868	Unicorn-18547.exe
796	Unicorn-60217.exe
796	Unicorn-60217.exe
2804	Unicorn-41742.exe
2804	Unicorn-41742.exe
1312	Unicorn-18630.exe
1312	Unicorn-18630.exe
2620	Unicorn-33491.exe
2620	Unicorn-33491.exe
2500	Unicorn-53357.exe
2500	Unicorn-53357.exe
1820	WerFault.exe
1820	WerFault.exe
1820	WerFault.exe
1820	WerFault.exe
1820	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
448	WerFault.exe
448	WerFault.exe
448	WerFault.exe
448	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2668	2784	WerFault.exe	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
2536	2988	WerFault.exe	Unicorn-52350.exe
3060	1940	WerFault.exe	Unicorn-31977.exe
2636	3032	WerFault.exe	Unicorn-12111.exe
1820	2868	WerFault.exe	Unicorn-18547.exe
1904	2620	WerFault.exe	Unicorn-33491.exe
448	2500	WerFault.exe	Unicorn-53357.exe
2984	1568	WerFault.exe	Unicorn-45272.exe
3048	796	WerFault.exe	Unicorn-60217.exe
2228	2804	WerFault.exe	Unicorn-41742.exe
3068	1456	WerFault.exe	Unicorn-49356.exe
2416	1312	WerFault.exe	Unicorn-18630.exe
1108	1632	WerFault.exe	Unicorn-59745.exe
2976	1740	WerFault.exe	Unicorn-52132.exe
544	2332	WerFault.exe	Unicorn-33103.exe
676	1548	WerFault.exe	Unicorn-61883.exe
1992	2432	WerFault.exe	Unicorn-31157.exe
1084	692	WerFault.exe	Unicorn-11291.exe
2304	1468	WerFault.exe	Unicorn-37933.exe
1528	2260	WerFault.exe	Unicorn-15781.exe
1960	840	WerFault.exe	Unicorn-57368.exe
1920	1988	WerFault.exe	Unicorn-24141.exe
1580	972	WerFault.exe	Unicorn-30917.exe
1924	900	WerFault.exe	Unicorn-12443.exe
2292	1800	WerFault.exe	Unicorn-54867.exe
2160	2388	WerFault.exe	Unicorn-5666.exe
2952	1772	WerFault.exe	Unicorn-9750.exe
928	2384	WerFault.exe	Unicorn-44561.exe
2644	1512	WerFault.exe	Unicorn-16527.exe
948	688	WerFault.exe	Unicorn-48645.exe
1192	1976	WerFault.exe	Unicorn-55422.exe
2392	2608	WerFault.exe	Unicorn-50866.exe
2584	2664	WerFault.exe	Unicorn-26916.exe
1744	2276	WerFault.exe	Unicorn-54950.exe
3092	1852	WerFault.exe	Unicorn-63118.exe
3152	2448	WerFault.exe	Unicorn-8982.exe
3212	2492	WerFault.exe	Unicorn-63658.exe
3240	2956	WerFault.exe	Unicorn-45184.exe
3248	2816	WerFault.exe	Unicorn-61712.exe
3288	2320	WerFault.exe	Unicorn-26902.exe
3304	2212	WerFault.exe	Unicorn-37762.exe
3328	2008	WerFault.exe	Unicorn-11120.exe
3352	1984	WerFault.exe	Unicorn-33486.exe
3344	2168	WerFault.exe	Unicorn-56045.exe
3376	1712	WerFault.exe	Unicorn-7036.exe
3408	2728	WerFault.exe	Unicorn-14457.exe
3416	2936	WerFault.exe	Unicorn-57628.exe
3440	2720	WerFault.exe	Unicorn-41100.exe
3508	1664	WerFault.exe	Unicorn-8510.exe
3584	1896	WerFault.exe	Unicorn-897.exe
3076	472	WerFault.exe	Unicorn-28931.exe
3556	1720	WerFault.exe	Unicorn-33761.exe
3684	1536	WerFault.exe	Unicorn-16679.exe
3720	884	WerFault.exe	Unicorn-25593.exe
3892	572	WerFault.exe	Unicorn-43876.exe
3940	1600	WerFault.exe	Unicorn-41375.exe
4012	2780	WerFault.exe	Unicorn-46014.exe
3196	2684	WerFault.exe	Unicorn-16487.exe
3568	1504	WerFault.exe	Unicorn-47768.exe
4084	2520	WerFault.exe	Unicorn-20571.exe
3364	1440	WerFault.exe	Unicorn-37099.exe
4184	3944	WerFault.exe	Unicorn-22382.exe
4380	2948	WerFault.exe	Unicorn-705.exe
4408	1824	WerFault.exe	Unicorn-6180.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exeUnicorn-52350.exeUnicorn-31977.exeUnicorn-12111.exeUnicorn-18547.exeUnicorn-33491.exeUnicorn-53357.exeUnicorn-45272.exeUnicorn-60217.exeUnicorn-49356.exeUnicorn-41742.exeUnicorn-18630.exeUnicorn-59745.exeUnicorn-52132.exeUnicorn-33103.exeUnicorn-61883.exeUnicorn-31157.exeUnicorn-37933.exeUnicorn-11291.exeUnicorn-15781.exeUnicorn-57368.exeUnicorn-54867.exeUnicorn-24141.exeUnicorn-30917.exeUnicorn-12443.exeUnicorn-5666.exeUnicorn-44561.exeUnicorn-55422.exeUnicorn-16527.exeUnicorn-9750.exeUnicorn-48645.exeUnicorn-50866.exeUnicorn-26916.exeUnicorn-54950.exeUnicorn-63118.exeUnicorn-63658.exeUnicorn-8982.exeUnicorn-45184.exeUnicorn-41100.exeUnicorn-14457.exeUnicorn-33486.exeUnicorn-56045.exeUnicorn-61712.exeUnicorn-11120.exeUnicorn-37762.exeUnicorn-57628.exeUnicorn-26902.exeUnicorn-7036.exeUnicorn-8510.exeUnicorn-897.exeUnicorn-16679.exeUnicorn-28931.exeUnicorn-43876.exeUnicorn-37099.exeUnicorn-41375.exeUnicorn-25593.exeUnicorn-33761.exeUnicorn-46014.exeUnicorn-39237.exeUnicorn-8318.exeUnicorn-12402.exeUnicorn-27347.exeUnicorn-705.exeUnicorn-16487.exe

pid	process
2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
2988	Unicorn-52350.exe
1940	Unicorn-31977.exe
3032	Unicorn-12111.exe
2868	Unicorn-18547.exe
2620	Unicorn-33491.exe
2500	Unicorn-53357.exe
1568	Unicorn-45272.exe
796	Unicorn-60217.exe
1456	Unicorn-49356.exe
2804	Unicorn-41742.exe
1312	Unicorn-18630.exe
1632	Unicorn-59745.exe
1740	Unicorn-52132.exe
2332	Unicorn-33103.exe
1548	Unicorn-61883.exe
2432	Unicorn-31157.exe
1468	Unicorn-37933.exe
692	Unicorn-11291.exe
2260	Unicorn-15781.exe
840	Unicorn-57368.exe
1800	Unicorn-54867.exe
1988	Unicorn-24141.exe
972	Unicorn-30917.exe
900	Unicorn-12443.exe
2388	Unicorn-5666.exe
2384	Unicorn-44561.exe
1976	Unicorn-55422.exe
1512	Unicorn-16527.exe
1772	Unicorn-9750.exe
688	Unicorn-48645.exe
2608	Unicorn-50866.exe
2664	Unicorn-26916.exe
2276	Unicorn-54950.exe
1852	Unicorn-63118.exe
2492	Unicorn-63658.exe
2448	Unicorn-8982.exe
2956	Unicorn-45184.exe
2720	Unicorn-41100.exe
2728	Unicorn-14457.exe
1984	Unicorn-33486.exe
2168	Unicorn-56045.exe
2816	Unicorn-61712.exe
2008	Unicorn-11120.exe
2212	Unicorn-37762.exe
2936	Unicorn-57628.exe
2320	Unicorn-26902.exe
1712	Unicorn-7036.exe
1664	Unicorn-8510.exe
1896	Unicorn-897.exe
1536	Unicorn-16679.exe
472	Unicorn-28931.exe
572	Unicorn-43876.exe
1440	Unicorn-37099.exe
1600	Unicorn-41375.exe
884	Unicorn-25593.exe
1720	Unicorn-33761.exe
2780	Unicorn-46014.exe
2180	Unicorn-39237.exe
2860	Unicorn-8318.exe
2596	Unicorn-12402.exe
2632	Unicorn-27347.exe
2948	Unicorn-705.exe
2684	Unicorn-16487.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exeUnicorn-52350.exeUnicorn-31977.exeUnicorn-12111.exeUnicorn-18547.exeUnicorn-33491.exeUnicorn-53357.exeUnicorn-45272.exe

description	pid	process	target process
PID 2784 wrote to memory of 2988	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-52350.exe
PID 2784 wrote to memory of 2988	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-52350.exe
PID 2784 wrote to memory of 2988	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-52350.exe
PID 2784 wrote to memory of 2988	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-52350.exe
PID 2988 wrote to memory of 1940	2988	Unicorn-52350.exe	Unicorn-31977.exe
PID 2988 wrote to memory of 1940	2988	Unicorn-52350.exe	Unicorn-31977.exe
PID 2988 wrote to memory of 1940	2988	Unicorn-52350.exe	Unicorn-31977.exe
PID 2988 wrote to memory of 1940	2988	Unicorn-52350.exe	Unicorn-31977.exe
PID 2784 wrote to memory of 3032	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-12111.exe
PID 2784 wrote to memory of 3032	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-12111.exe
PID 2784 wrote to memory of 3032	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-12111.exe
PID 2784 wrote to memory of 3032	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	Unicorn-12111.exe
PID 2784 wrote to memory of 2668	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	WerFault.exe
PID 2784 wrote to memory of 2668	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	WerFault.exe
PID 2784 wrote to memory of 2668	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	WerFault.exe
PID 2784 wrote to memory of 2668	2784	7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe	WerFault.exe
PID 1940 wrote to memory of 2868	1940	Unicorn-31977.exe	Unicorn-18547.exe
PID 1940 wrote to memory of 2868	1940	Unicorn-31977.exe	Unicorn-18547.exe
PID 1940 wrote to memory of 2868	1940	Unicorn-31977.exe	Unicorn-18547.exe
PID 1940 wrote to memory of 2868	1940	Unicorn-31977.exe	Unicorn-18547.exe
PID 2988 wrote to memory of 2620	2988	Unicorn-52350.exe	Unicorn-33491.exe
PID 2988 wrote to memory of 2620	2988	Unicorn-52350.exe	Unicorn-33491.exe
PID 2988 wrote to memory of 2620	2988	Unicorn-52350.exe	Unicorn-33491.exe
PID 2988 wrote to memory of 2620	2988	Unicorn-52350.exe	Unicorn-33491.exe
PID 3032 wrote to memory of 2500	3032	Unicorn-12111.exe	Unicorn-53357.exe
PID 3032 wrote to memory of 2500	3032	Unicorn-12111.exe	Unicorn-53357.exe
PID 3032 wrote to memory of 2500	3032	Unicorn-12111.exe	Unicorn-53357.exe
PID 3032 wrote to memory of 2500	3032	Unicorn-12111.exe	Unicorn-53357.exe
PID 2988 wrote to memory of 2536	2988	Unicorn-52350.exe	WerFault.exe
PID 2988 wrote to memory of 2536	2988	Unicorn-52350.exe	WerFault.exe
PID 2988 wrote to memory of 2536	2988	Unicorn-52350.exe	WerFault.exe
PID 2988 wrote to memory of 2536	2988	Unicorn-52350.exe	WerFault.exe
PID 2868 wrote to memory of 1568	2868	Unicorn-18547.exe	Unicorn-45272.exe
PID 2868 wrote to memory of 1568	2868	Unicorn-18547.exe	Unicorn-45272.exe
PID 2868 wrote to memory of 1568	2868	Unicorn-18547.exe	Unicorn-45272.exe
PID 2868 wrote to memory of 1568	2868	Unicorn-18547.exe	Unicorn-45272.exe
PID 1940 wrote to memory of 796	1940	Unicorn-31977.exe	Unicorn-60217.exe
PID 1940 wrote to memory of 796	1940	Unicorn-31977.exe	Unicorn-60217.exe
PID 1940 wrote to memory of 796	1940	Unicorn-31977.exe	Unicorn-60217.exe
PID 1940 wrote to memory of 796	1940	Unicorn-31977.exe	Unicorn-60217.exe
PID 2620 wrote to memory of 1456	2620	Unicorn-33491.exe	Unicorn-49356.exe
PID 2620 wrote to memory of 1456	2620	Unicorn-33491.exe	Unicorn-49356.exe
PID 2620 wrote to memory of 1456	2620	Unicorn-33491.exe	Unicorn-49356.exe
PID 2620 wrote to memory of 1456	2620	Unicorn-33491.exe	Unicorn-49356.exe
PID 2500 wrote to memory of 1312	2500	Unicorn-53357.exe	Unicorn-18630.exe
PID 2500 wrote to memory of 1312	2500	Unicorn-53357.exe	Unicorn-18630.exe
PID 2500 wrote to memory of 1312	2500	Unicorn-53357.exe	Unicorn-18630.exe
PID 2500 wrote to memory of 1312	2500	Unicorn-53357.exe	Unicorn-18630.exe
PID 3032 wrote to memory of 2804	3032	Unicorn-12111.exe	Unicorn-41742.exe
PID 3032 wrote to memory of 2804	3032	Unicorn-12111.exe	Unicorn-41742.exe
PID 3032 wrote to memory of 2804	3032	Unicorn-12111.exe	Unicorn-41742.exe
PID 3032 wrote to memory of 2804	3032	Unicorn-12111.exe	Unicorn-41742.exe
PID 1940 wrote to memory of 3060	1940	Unicorn-31977.exe	WerFault.exe
PID 1940 wrote to memory of 3060	1940	Unicorn-31977.exe	WerFault.exe
PID 1940 wrote to memory of 3060	1940	Unicorn-31977.exe	WerFault.exe
PID 1940 wrote to memory of 3060	1940	Unicorn-31977.exe	WerFault.exe
PID 3032 wrote to memory of 2636	3032	Unicorn-12111.exe	WerFault.exe
PID 3032 wrote to memory of 2636	3032	Unicorn-12111.exe	WerFault.exe
PID 3032 wrote to memory of 2636	3032	Unicorn-12111.exe	WerFault.exe
PID 3032 wrote to memory of 2636	3032	Unicorn-12111.exe	WerFault.exe
PID 1568 wrote to memory of 1632	1568	Unicorn-45272.exe	Unicorn-59745.exe
PID 1568 wrote to memory of 1632	1568	Unicorn-45272.exe	Unicorn-59745.exe
PID 1568 wrote to memory of 1632	1568	Unicorn-45272.exe	Unicorn-59745.exe
PID 1568 wrote to memory of 1632	1568	Unicorn-45272.exe	Unicorn-59745.exe

C:\Users\Admin\AppData\Local\Temp\7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe
"C:\Users\Admin\AppData\Local\Temp\7e764b3bb7d8113cd32fe4b2066c9fc04a1d8e9599969ca21c76b12ea072d2b1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
10⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
11⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
12⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
13⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
14⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
15⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
16⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
16⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 220
15⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
14⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
13⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
12⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
13⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
14⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
15⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 220
15⤵
PID:14196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
14⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
13⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
12⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
11⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
12⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
13⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
14⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
15⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
15⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 220
14⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
13⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
12⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
11⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
10⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
11⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
12⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-42312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42312.exe
13⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
14⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
15⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 220
15⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
14⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
13⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
11⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
10⤵
- Program crash
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
9⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
11⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
12⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
13⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
14⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
14⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
13⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
12⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
11⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
11⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
12⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
13⤵
PID:12712

C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
14⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
12⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
11⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
10⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
9⤵
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
9⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
10⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
11⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
12⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
13⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
14⤵
PID:12936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
15⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12936 -s 236
15⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
14⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 220
13⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
9⤵
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
9⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
8⤵
- Program crash
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
9⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
10⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
11⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
12⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
13⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
14⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 220
14⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
13⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
12⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
13⤵
PID:12680

C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
14⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
13⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
12⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
10⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
9⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
9⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
8⤵
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
7⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
10⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
12⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
13⤵
PID:9680

C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
14⤵
PID:12560

C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
15⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
14⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
13⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 236
12⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
11⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
12⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
13⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
13⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 220
11⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
10⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 216
9⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
8⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-20903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20903.exe
10⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
11⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
12⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
13⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12660 -s 240
14⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
12⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
11⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
12⤵
PID:12808

C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
13⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
12⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
11⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 220
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
8⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
10⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
11⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
12⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 220
13⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
10⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
11⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
12⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
12⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
11⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
10⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
11⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
12⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
12⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
11⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 236
10⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
8⤵
- Program crash
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
7⤵
- Program crash
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
6⤵
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
10⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
11⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
12⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
13⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
13⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
12⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
10⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
9⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
8⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
7⤵
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
7⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
11⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
12⤵
PID:12616

C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
13⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12616 -s 236
13⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-58323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58323.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
11⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
12⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
7⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
10⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
11⤵
PID:12780

C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
11⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
9⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
7⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
6⤵
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
9⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
11⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
12⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
13⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
14⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
14⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 220
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
12⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
10⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
10⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 220
11⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
9⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
8⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
7⤵
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64701.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
11⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
12⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
13⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
13⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
12⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
11⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
12⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20408.exe
11⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
12⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 220
11⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
9⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
8⤵
- Program crash
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
8⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 244
9⤵
- Program crash
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
8⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
10⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
11⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12648 -s 220
12⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
11⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
10⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
9⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
7⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
6⤵
- Program crash
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
8⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
12⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-58960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58960.exe
13⤵
PID:14316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 220
13⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
10⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
9⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
10⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
11⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 216
12⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 236
10⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
10⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
11⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
12⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 236
12⤵
PID:14032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 236
11⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
8⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
11⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
12⤵
PID:13016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
13⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13016 -s 216
13⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
12⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
10⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
9⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
10⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
11⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 220
11⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
10⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
9⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
8⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
6⤵
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
5⤵
- Program crash
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
8⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
9⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-5005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5005.exe
12⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
13⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 220
13⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
12⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
10⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
12⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 220
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
8⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
10⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 220
12⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
8⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
7⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
7⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
10⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
11⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
12⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
12⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
10⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
9⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
7⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
8⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
9⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
10⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
11⤵
PID:14012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 216
11⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
10⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
9⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
8⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
6⤵
- Program crash
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
5⤵
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
7⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
10⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
11⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
12⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 220
12⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
11⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
9⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
10⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
11⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 236
11⤵
PID:13396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
10⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
9⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
8⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
7⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
8⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
9⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
10⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
11⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
11⤵
PID:13896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
10⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
9⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
8⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
7⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
6⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
7⤵
- Program crash
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
6⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
7⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
8⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
9⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
10⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
11⤵
PID:14188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
10⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 220
9⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
8⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
7⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
6⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
5⤵
- Program crash
PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
8⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
9⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
11⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
13⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
14⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 220
14⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 220
13⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
12⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
9⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
11⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
12⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
13⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
13⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 220
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
11⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
9⤵
- Program crash
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
8⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
11⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
12⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 220
13⤵
PID:13812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
9⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
8⤵
- Program crash
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
7⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
8⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
11⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
12⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
13⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 220
13⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
9⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
10⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
11⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
12⤵
PID:13764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
8⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
7⤵
- Program crash
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
7⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
10⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 200
11⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
11⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
12⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
12⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
9⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
10⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
11⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
12⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
10⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
8⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
7⤵
- Program crash
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
6⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
7⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
9⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
10⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
11⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
12⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 236
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
11⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 236
10⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
9⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
8⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
9⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
10⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
11⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 220
11⤵
PID:13776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
10⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
9⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
8⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
7⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
6⤵
- Program crash
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
5⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
8⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
11⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
12⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
13⤵
PID:13924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
13⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 236
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
10⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
9⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 200
10⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
8⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
7⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
11⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
12⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
12⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
8⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
7⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exe
7⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
11⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
12⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
12⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
8⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
8⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
10⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
11⤵
PID:12588

C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
12⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
10⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 236
9⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
7⤵
- Program crash
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 220
6⤵
- Program crash
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
6⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
10⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
11⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
12⤵
PID:13940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
12⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
7⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
9⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
10⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
11⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
11⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
10⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
9⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
8⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
7⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
6⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
5⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
7⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
8⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
11⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
12⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
13⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
13⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
12⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
10⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
12⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
12⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
11⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
7⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-8889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8889.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
11⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
12⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 216
12⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 236
8⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
7⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
6⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
9⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
10⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
11⤵
PID:12752

C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
12⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
11⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
10⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
8⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
7⤵
- Program crash
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
6⤵
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-33486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33486.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
6⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
7⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
10⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
11⤵
PID:11856

C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11856 -s 236
12⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 236
11⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
10⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 240
9⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
8⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
8⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
9⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
10⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
11⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
11⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
10⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
9⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
8⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
7⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
6⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
7⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
8⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
9⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
10⤵
PID:12500

C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
11⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
10⤵
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 236
9⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
8⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
7⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
6⤵
- Program crash
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
5⤵
- Program crash
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20571.exe
6⤵
- Executes dropped EXE
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
7⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
9⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
10⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
11⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
11⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 220
10⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
9⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
8⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
7⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
6⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
8⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
9⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
10⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
11⤵
PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 220
11⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
10⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
9⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
8⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
7⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
6⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
5⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
6⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
7⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
8⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
9⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
10⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
11⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 236
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 236
10⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
9⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
8⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
7⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
6⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
7⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-31121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31121.exe
8⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
9⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
10⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
10⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
9⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
8⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
7⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 220
6⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
5⤵
- Program crash
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
4⤵
- Program crash
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
2⤵
- Program crash
PID:2668

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
Filesize
184KB

MD5
263ef3355405077dd1aceb0f8dc5ba3c

SHA1
40a75251274b1f00d7a71b91e77edbe6fd89fb79

SHA256
8f73f0f2157df79f858e943cf714f725e6f5c826d90595699ae284a31b737eec

SHA512
030903c1c52ca5a58cafa142414ca437fc990851130b1b4b3faf60d9968b20ea15e545f23722258f195e078bbe36e4d412228e48ba0e88bae2ec7696fc40a1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
Filesize
184KB

MD5
b7f80f378917719230fb848680fcdab8

SHA1
c7f253fdd7cf25bc2b09422b67c7032c67db4c61

SHA256
c50cbbd26ccc3bad723e1b1e04a45a3d1f024610b541fbc8f2e815f317f1cdca

SHA512
2e27be27497881f564561f1f7d687217676c7727949bd2a43f8196dcce232d4a609b82b3e439074dcffddc81105f6029827a720a154c909f916cb8515bbee122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
Filesize
184KB

MD5
7ec16ff18f029edaf991e9d33ef3f5ef

SHA1
1b7d7d0cc07bb2775f68deb0dd757b47124d3252

SHA256
d63a7a0ec12fdd7edde7195626ef83acd2541ed008db2afb22c51aa40c917f6c

SHA512
f5e9c112b993c8d07be76a496333ec2e8a95740cf89182ea27e1007a436ad0a16150432a4774bf1f646cf2802e6ac506dc2e57e093512856c7b1eccb973e974e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
Filesize
184KB

MD5
adce74b1a7ddd8045e61d0c99d928c83

SHA1
5ca1b39077553fd3c2f441ac27a269652d00fe66

SHA256
0c6dd81706f314dea1dcfa17224fe6f7a343d23df5e52cc28002590f252e1b10

SHA512
edcd9bf4660bbef20a95602b3479ec2d47824036cda37e3c03a8caf67bfd95e70d0c4c1dca018ecf8773b7c6757b7cdd772a0c9fd232b565b3894c11f2355950

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
Filesize
184KB

MD5
87f2b24b3e4d1c15b1f8ef884956c2f9

SHA1
075c8caa6e64d954ec945112830e4df297a6225f

SHA256
4e00919d489ee9d42526959048f5590bd78c7d0156040a0144dae46863752aa4

SHA512
d7c51252fa186d54c5848b35347343f617d227b33ced6423ab97ff6cb7c9d4f5f16d7867e3a4b11cc285b7bf1f4b0fc2828538f901f8f068d9b8896bbccb3b0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
Filesize
184KB

MD5
2dcecdf1fd65034cc2907a47da8c0517

SHA1
f6cc5498ada2c71bb5c703180a2c39e964a807fd

SHA256
b60c2d3a731e25f5bbee70dbd86d0a5ef4d0cbe3dfb7eb7f4785f5b0c841b2c5

SHA512
1a17c9fdcf7bd94c08b497c37b4b9a666a78d0e3329e7b6b2def4819fced48c4f01827c9582fa92fd459b68255ff0e1aa53b8da4778b5eef4dc3d1dd6376f602

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
Filesize
184KB

MD5
48f29b3d10cef067fbfca710268f13c2

SHA1
45dcc05c76f972c8c7c1fc23ca4716b2b259e017

SHA256
19cf687b85f05ab704c2a573b791041b5710ef1dc93faf807f433bca599fd8f8

SHA512
074450cfa2d306a2c88a4b37ab761a602f8f7aaa5201596bcb21d30ac23e420be06e56b66184d8167bdd03eb07bf759e648ae7779b79ebce4bdd69128c215966

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
Filesize
184KB

MD5
2a47dce8234ec0a8005b42742d46619a

SHA1
27f6748780a4de848eab31d16faac8f16e659254

SHA256
09ad55b8cc67a69c446df652a62171146ad3878e1fb67d0d975f7e4f115f0c5a

SHA512
3e2576cb26f6cd6ea66a7a775acdd858140e5adc6534ed5ebc7f8a7e1e6d992f7dc3e04bddddcefecde03ee585696472ca2e147a792e1b726f87a9b5eb06e1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
Filesize
184KB

MD5
3e00f0f67ae0fb49dc91dd35d234de6c

SHA1
d04c74eb3052044245f008b8ef3bb0f378e9ecb3

SHA256
51792bb8a73ece2a8babb3a36c97d33fdc4435af32d8de5257fdb57d0728fd2e

SHA512
3a74a42de76647cae8159f17e8926052c7aa2cf23b046189b4045cff26780daaa3f49e87bf23dd11a1d26d2817d3e10d600d774e4cf582670fa5660a9e76343a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
Filesize
184KB

MD5
059fd3b11d67b6d29d2ed715eeb83e31

SHA1
11798aec6bdc401e5e50ab55d0eadf3052f6961e

SHA256
30f474bd8c62552bddd0036a61e6a8bf2eda524bbae6185ae496faeb665e32be

SHA512
1160e95ad350180e8d6f7b8fd7e8d01bccec04ba423b9604e96761a3de8c9d5c4b60065e17338804c44e62558ec4040f3fa4d023bdd95de200604332139b0b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
Filesize
184KB

MD5
a368e73e629b94e8b27645cec12d42c3

SHA1
6879292b593218d70753f86240da3d3b19179a37

SHA256
8680d2eff5b42a2df3b241c07f65c47108e4ddde169c06be740a22a7a0ecd357

SHA512
72d2e34595338496bb116a6076e98a1c5288dfcfaea47ebbd6b0924233d17d511d0654c4526f60553f36accd7bd9cf6ddb4c68a24647598bfa7652790c019990

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
Filesize
184KB

MD5
49cf6069b9defbca7b7dc027defb0b3f

SHA1
17d7fbd95212e68e3f4caeedc7649d3d872e4710

SHA256
29910ce861178c4101f21d161947f613e7bca20f64ace83fc746f3b55a36c0fb

SHA512
19f99937e4fa0c50f70fafea2b4bbbb54e94b88d34e07d5bb29cc80b9d7fad9c0e18f9533e3e7f255d946ff83e571a39f0dd3f28db8db24bdcf8a8d6c43b297e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
Filesize
184KB

MD5
9067064004455543d0c3194acd567122

SHA1
41b2f5b3dff299812926ee24ca54c8e92837f6c9

SHA256
d2b729dccf003da62aba5ca2c0c51a8fab6b08589626295a2023fef73c897f8f

SHA512
46de810f3357418162d8a8ff8cf5090052bada83bb07d67a6937d1feb27fe3168a06e7cf0fd4c1a87051e1f6e2c6fc62d35e2083ac3cb9d92c6899fc9cb6a6c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
Filesize
184KB

MD5
5a0749942f71fa11300c8513641f2939

SHA1
004faddd2122df77d71604f996a0f9480673c00a

SHA256
c3b91b1ee9564b7e2f129522f7f18e48f4f571ea865bae9a094f28e1c472aaa2

SHA512
dea74351f696c64eaff5b9d986eb67f7452e69307e4a04312519366d8d550ad67d65d5949a1fbe8d0f1aeb6f9d323e26d8b4c9bd3cacd7eb15d0827b62902ee9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
Filesize
184KB

MD5
42c320497db0333f7efe36468eed1c8d

SHA1
60bf7265d88280705678cfd227aef29025caa03f

SHA256
28088e59f1db7ec66d16d689035dde86ec5b1f4aaa8870fadf0d3d54d56e2ccd

SHA512
243169baffa02df9cf0b23a7fd93c3c532e2f1db987bf116cefc09db2b2cdfc8ff134a908091e3b924f6f109cdd0a330c3d5a372f26b58f09853213b9d981596

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
Filesize
184KB

MD5
7f68b76b799d53e063ee5efedb72db3e

SHA1
f64fb612949f584fbe7833e2610ad8eece3b3059

SHA256
6cd5c4da010958ac988904097e07a030faf5a345718a490ef4076aa32fa772ee

SHA512
73216fc5dac22d13f2183a2619f5abc02431af28793cf8e4041562ddc213bfb9cd2511122370def2649079be9190fb8674eb5c0cf4836df7ac9c67f70807ba2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
Filesize
184KB

MD5
da01082b6e1fa6eddc19ebe4fdc9b38b

SHA1
15bf2e7a20c5be8095c24db77c8afa2d53fd41d5

SHA256
3c0dc33e2c30837abaeb3aa02813cf70e0bb76e8aacbae7d4782383d739ca811

SHA512
382547f23b0b1463f09da0a1ca258a0e02c5c45da351dff34a486392f364d1b677bf35d14b987e5a59509758ad6671395d20d61db56f2b72598c7badf651f88a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
Filesize
184KB

MD5
4248c6c919c2f9c34da4de5344cf5a2f

SHA1
b167b9610e866116ba2ee127bed73930edcc3a43

SHA256
6732d4247ceb733a94b929ec6add4506414853f47df3716acb68435aec9e3144

SHA512
0d0cf74ddd15290537a22c606a6fba219daa16017203aa9a5c23ada252f1babd9b612b338b006cb348d0ce00afa9c1caec2ddf4cc7e354ddf42fefa39712a1c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
Filesize
184KB

MD5
6e8daac13bf845e8b9e750fcb0b43b27

SHA1
bcb087b7043114b2b2cc31185bd14f29a0b3f4c2

SHA256
fd571d1f43cbd3dfc9fd91d4b0beb01b3ce127547f2a130f1a1cf53fe9530707

SHA512
63f3f78336de5a7c187011cd9e1423b73eb3a5b202d7d589e2bb9aeba3d1c4b11c2b53ad2c83c50f54d00f3c889ba8b3abb85884e2641435c3f2aaa40452d530

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
Filesize
184KB

MD5
898aef4cc9e7137137d28708d708081c

SHA1
982e977ad22415a7a836acfee658dca58e8cead6

SHA256
aa8f40afc2dfa1e25bcc2e5d78287671ac459900ce1182a6ed6fcebfccbfb93c

SHA512
1f876a4864225d20ff4cc2a9d01aef62ae44d9bf5ad6e3bf199b8d986e22932017f05b4425989969c08956d7c6a7e043a5a3375c22d39d01372fba14b659ad1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
Filesize
184KB

MD5
bbdd6b8b92ca7a52b275595528c17f18

SHA1
14273168951dfeed57c56045a4d84e86a5e2fbe8

SHA256
41a5d25e351bb06aa1c921bb9058e874b9a081fc13b99786cde2191bc802db4c

SHA512
0c7d2260a8e1ef74417547ecbe3d9c69181e02ea1ab0a09628878dcdf2070c759bc5df8f45b1be649f282e2ef69795df6195d6361d62f02744f19ab13a8be132

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
Filesize
184KB

MD5
bb3ba96933e80dec5e332491e0440a10

SHA1
973f6cc8d9d35f1e28d2efcfcd93302071be8cc9

SHA256
ae70b6124980555eca3f52af2ab196afc53cc3c95c38825869cfefcc09b31d37

SHA512
00e511a083091cb6bc45674aa654e4bdb922e88a8feecd8c535730b4da61555b31b25c854c367bb63d640204f268746859127144899aefd9e5b18641d3050b46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
Filesize
184KB

MD5
7f06af263d81b5cefed965cbd5807c28

SHA1
f07ee1701713f570a27299c59bca310b588d73a2

SHA256
2c7612d2ea56d55389ef37ef5c226944c6f934375c49f1f11e030f793c91f376

SHA512
ef5241c2bc738a26db4ee84a1c079b592a939f7034d6d3c5362dc8fcad9c5ed6377d6757ad6a19b9deaa89389926a07466357bdc77534bb2c959bf50c23bc576

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
Filesize
184KB

MD5
0541b6d1aff329cb7ed3b822093639dc

SHA1
8b15f1bfb1051dc5901b3a7de58248f786feb24d

SHA256
427728a6c9a892c2e461ef348f73e7d074989652013c39e34ada62020436d09d

SHA512
154d16b57e9e5209e9afa96ad8d3b236fef62106b3b54c1ee5995dfcba426b410dc75703f8ca250a659835ed4797451f639f1c2291949a6e86703612fbc9b7a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
Filesize
184KB

MD5
3f6ab5d91cdf4b4f36ea6dd5ebb3b194

SHA1
3545c20b674cb0798810f970f3ca80d7c1d9e818

SHA256
dc1635eac538f181a8db347680c1fc7dfb1a0b7c71c7cf81ca184f9aecc05c8a

SHA512
30795d5e156ea799bb5d7c85e66d495630d3f485a3c843c816a19805c46f5db2ec414898fdfe7b21d8718ddbd639e7b0aa0116fcb9dc647ea6929aac6b43a469

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads