8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be

Analysis

max time kernel
126s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
Size

184KB
MD5

7c28cf7106988a24672ff04018997102
SHA1

1081a1c36c8402fefc5431fc8603b6bd5fa4ee73
SHA256

8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be
SHA512

d605625df8985ea552a7860177cd04b18a61644cf47962323c1d54c7021bad2b91cffe72ac2827982373991153f26182ef08e5599e0b3d37ef94571766f86c1f
SSDEEP

3072:gZa8cRomVPxvdHtWW+SfxcSXhlnViFtn3:gZco0VHtXf+SXhlnViFt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-13130.exeUnicorn-8771.exeUnicorn-59363.exeUnicorn-24444.exeUnicorn-59254.exeUnicorn-8662.exeUnicorn-24527.exeUnicorn-8745.exeUnicorn-63421.exeUnicorn-49223.exeUnicorn-29357.exeUnicorn-23733.exeUnicorn-26425.exeUnicorn-35985.exeUnicorn-40069.exeUnicorn-7951.exeUnicorn-27817.exeUnicorn-27817.exeUnicorn-42761.exeUnicorn-58626.exeUnicorn-57235.exeUnicorn-15648.exeUnicorn-52980.exeUnicorn-2388.exeUnicorn-57064.exeUnicorn-6472.exeUnicorn-44812.exeUnicorn-59757.exeUnicorn-14085.exeUnicorn-14085.exeUnicorn-29030.exeUnicorn-48896.exeUnicorn-42913.exeUnicorn-57858.exeUnicorn-65471.exeUnicorn-4018.exeUnicorn-18963.exeUnicorn-51081.exeUnicorn-489.exeUnicorn-45051.exeUnicorn-45051.exeUnicorn-59996.exeUnicorn-42721.exeUnicorn-65279.exeUnicorn-3826.exeUnicorn-38637.exeUnicorn-4381.exeUnicorn-24247.exeUnicorn-39191.exeUnicorn-59057.exeUnicorn-8465.exeUnicorn-28331.exeUnicorn-43275.exeUnicorn-25591.exeUnicorn-17423.exeUnicorn-32367.exeUnicorn-22253.exeUnicorn-42119.exeUnicorn-11392.exeUnicorn-42673.exeUnicorn-19561.exeUnicorn-23645.exeUnicorn-9062.exeUnicorn-24007.exe

pid	process
2332	Unicorn-13130.exe
2960	Unicorn-8771.exe
2224	Unicorn-59363.exe
2716	Unicorn-24444.exe
2728	Unicorn-59254.exe
2712	Unicorn-8662.exe
2136	Unicorn-24527.exe
2708	Unicorn-8745.exe
2900	Unicorn-63421.exe
1816	Unicorn-49223.exe
2008	Unicorn-29357.exe
1632	Unicorn-23733.exe
1764	Unicorn-26425.exe
2248	Unicorn-35985.exe
2832	Unicorn-40069.exe
2284	Unicorn-7951.exe
540	Unicorn-27817.exe
2160	Unicorn-27817.exe
780	Unicorn-42761.exe
1124	Unicorn-58626.exe
1236	Unicorn-57235.exe
1772	Unicorn-15648.exe
1616	Unicorn-52980.exe
1652	Unicorn-2388.exe
864	Unicorn-57064.exe
2992	Unicorn-6472.exe
2104	Unicorn-44812.exe
2280	Unicorn-59757.exe
3064	Unicorn-14085.exe
2088	Unicorn-14085.exe
1524	Unicorn-29030.exe
2164	Unicorn-48896.exe
2656	Unicorn-42913.exe
2612	Unicorn-57858.exe
2772	Unicorn-65471.exe
2724	Unicorn-4018.exe
2696	Unicorn-18963.exe
2484	Unicorn-51081.exe
2192	Unicorn-489.exe
1316	Unicorn-45051.exe
2556	Unicorn-45051.exe
2784	Unicorn-59996.exe
1992	Unicorn-42721.exe
2752	Unicorn-65279.exe
2172	Unicorn-3826.exe
2516	Unicorn-38637.exe
308	Unicorn-4381.exe
2544	Unicorn-24247.exe
1520	Unicorn-39191.exe
1580	Unicorn-59057.exe
2232	Unicorn-8465.exe
1964	Unicorn-28331.exe
2264	Unicorn-43275.exe
1336	Unicorn-25591.exe
1716	Unicorn-17423.exe
992	Unicorn-32367.exe
2904	Unicorn-22253.exe
2916	Unicorn-42119.exe
1296	Unicorn-11392.exe
2508	Unicorn-42673.exe
1280	Unicorn-19561.exe
2200	Unicorn-23645.exe
2004	Unicorn-9062.exe
1152	Unicorn-24007.exe

Loads dropped DLL 64 IoCs

Processes:

8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exeUnicorn-13130.exeUnicorn-8771.exeUnicorn-59363.exeWerFault.exeUnicorn-59254.exeUnicorn-24444.exeUnicorn-8662.exeWerFault.exeWerFault.exeUnicorn-24527.exeUnicorn-8745.exeUnicorn-63421.exeUnicorn-29357.exeUnicorn-49223.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
2332	Unicorn-13130.exe
2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
2332	Unicorn-13130.exe
2960	Unicorn-8771.exe
2960	Unicorn-8771.exe
2224	Unicorn-59363.exe
2224	Unicorn-59363.exe
2332	Unicorn-13130.exe
2332	Unicorn-13130.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2728	Unicorn-59254.exe
2728	Unicorn-59254.exe
2224	Unicorn-59363.exe
2224	Unicorn-59363.exe
2716	Unicorn-24444.exe
2716	Unicorn-24444.exe
2712	Unicorn-8662.exe
2712	Unicorn-8662.exe
2960	Unicorn-8771.exe
2960	Unicorn-8771.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
852	WerFault.exe
1900	WerFault.exe
2136	Unicorn-24527.exe
2136	Unicorn-24527.exe
2728	Unicorn-59254.exe
2728	Unicorn-59254.exe
2708	Unicorn-8745.exe
2708	Unicorn-8745.exe
2900	Unicorn-63421.exe
2900	Unicorn-63421.exe
2716	Unicorn-24444.exe
2716	Unicorn-24444.exe
2008	Unicorn-29357.exe
1816	Unicorn-49223.exe
2008	Unicorn-29357.exe
1816	Unicorn-49223.exe
2712	Unicorn-8662.exe
2712	Unicorn-8662.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
916	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2804	2912	WerFault.exe	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
2528	2332	WerFault.exe	Unicorn-13130.exe
852	2960	WerFault.exe	Unicorn-8771.exe
1900	2224	WerFault.exe	Unicorn-59363.exe
1776	2728	WerFault.exe	Unicorn-59254.exe
2344	2716	WerFault.exe	Unicorn-24444.exe
916	2712	WerFault.exe	Unicorn-8662.exe
1712	2136	WerFault.exe	Unicorn-24527.exe
1976	2708	WerFault.exe	Unicorn-8745.exe
2848	2900	WerFault.exe	Unicorn-63421.exe
2792	1816	WerFault.exe	Unicorn-49223.exe
2548	2008	WerFault.exe	Unicorn-29357.exe
2404	2752	WerFault.exe	Unicorn-65279.exe
2028	1632	WerFault.exe	Unicorn-23733.exe
3016	1764	WerFault.exe	Unicorn-26425.exe
1552	2248	WerFault.exe	Unicorn-35985.exe
568	2832	WerFault.exe	Unicorn-40069.exe
2156	2160	WerFault.exe	Unicorn-27817.exe
892	2284	WerFault.exe	Unicorn-7951.exe
1696	540	WerFault.exe	Unicorn-27817.exe
1508	780	WerFault.exe	Unicorn-42761.exe
2488	2772	WerFault.exe	Unicorn-65471.exe
2412	1124	WerFault.exe	Unicorn-58626.exe
2540	1236	WerFault.exe	Unicorn-57235.exe
1424	1772	WerFault.exe	Unicorn-15648.exe
1556	1616	WerFault.exe	Unicorn-52980.exe
384	1652	WerFault.exe	Unicorn-2388.exe
1428	864	WerFault.exe	Unicorn-57064.exe
2036	2992	WerFault.exe	Unicorn-6472.exe
2808	2280	WerFault.exe	Unicorn-59757.exe
2364	2088	WerFault.exe	Unicorn-14085.exe
1504	2164	WerFault.exe	Unicorn-48896.exe
2924	3064	WerFault.exe	Unicorn-14085.exe
2400	2104	WerFault.exe	Unicorn-44812.exe
3228	2252	WerFault.exe	Unicorn-34313.exe
3516	2612	WerFault.exe	Unicorn-57858.exe
3532	2656	WerFault.exe	Unicorn-42913.exe
3552	2724	WerFault.exe	Unicorn-4018.exe
3616	2696	WerFault.exe	Unicorn-18963.exe
3668	2192	WerFault.exe	Unicorn-489.exe
3680	2484	WerFault.exe	Unicorn-51081.exe
3696	2556	WerFault.exe	Unicorn-45051.exe
3764	1316	WerFault.exe	Unicorn-45051.exe
3788	1964	WerFault.exe	Unicorn-28331.exe
3796	1992	WerFault.exe	Unicorn-42721.exe
3876	2264	WerFault.exe	Unicorn-43275.exe
3892	2232	WerFault.exe	Unicorn-8465.exe
3220	2784	WerFault.exe	Unicorn-59996.exe
3408	1520	WerFault.exe	Unicorn-39191.exe
3416	2172	WerFault.exe	Unicorn-3826.exe
3468	1524	WerFault.exe	Unicorn-29030.exe
1784	2544	WerFault.exe	Unicorn-24247.exe
3544	308	WerFault.exe	Unicorn-4381.exe
3624	1580	WerFault.exe	Unicorn-59057.exe
3732	2516	WerFault.exe	Unicorn-38637.exe
4068	2004	WerFault.exe	Unicorn-9062.exe
3196	2904	WerFault.exe	Unicorn-22253.exe
3152	2916	WerFault.exe	Unicorn-42119.exe
4012	992	WerFault.exe	Unicorn-32367.exe
3640	2200	WerFault.exe	Unicorn-23645.exe
3648	1704	WerFault.exe	Unicorn-39789.exe
3940	1296	WerFault.exe	Unicorn-11392.exe
4104	1256	WerFault.exe	Unicorn-47957.exe
4164	2180	WerFault.exe	Unicorn-25975.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exeUnicorn-13130.exeUnicorn-8771.exeUnicorn-59363.exeUnicorn-59254.exeUnicorn-24444.exeUnicorn-8662.exeUnicorn-24527.exeUnicorn-8745.exeUnicorn-49223.exeUnicorn-29357.exeUnicorn-63421.exeUnicorn-23733.exeUnicorn-26425.exeUnicorn-35985.exeUnicorn-40069.exeUnicorn-7951.exeUnicorn-27817.exeUnicorn-27817.exeUnicorn-42761.exeUnicorn-58626.exeUnicorn-57235.exeUnicorn-15648.exeUnicorn-52980.exeUnicorn-2388.exeUnicorn-6472.exeUnicorn-57064.exeUnicorn-14085.exeUnicorn-14085.exeUnicorn-44812.exeUnicorn-59757.exeUnicorn-48896.exeUnicorn-29030.exeUnicorn-42913.exeUnicorn-57858.exeUnicorn-65471.exeUnicorn-4018.exeUnicorn-18963.exeUnicorn-51081.exeUnicorn-489.exeUnicorn-45051.exeUnicorn-45051.exeUnicorn-59996.exeUnicorn-42721.exeUnicorn-65279.exeUnicorn-3826.exeUnicorn-38637.exeUnicorn-4381.exeUnicorn-39191.exeUnicorn-43275.exeUnicorn-8465.exeUnicorn-24247.exeUnicorn-59057.exeUnicorn-28331.exeUnicorn-25591.exeUnicorn-17423.exeUnicorn-32367.exeUnicorn-22253.exeUnicorn-11392.exeUnicorn-42119.exeUnicorn-42673.exeUnicorn-19561.exeUnicorn-23645.exeUnicorn-9062.exe

pid	process
2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
2332	Unicorn-13130.exe
2960	Unicorn-8771.exe
2224	Unicorn-59363.exe
2728	Unicorn-59254.exe
2716	Unicorn-24444.exe
2712	Unicorn-8662.exe
2136	Unicorn-24527.exe
2708	Unicorn-8745.exe
1816	Unicorn-49223.exe
2008	Unicorn-29357.exe
2900	Unicorn-63421.exe
1632	Unicorn-23733.exe
1764	Unicorn-26425.exe
2248	Unicorn-35985.exe
2832	Unicorn-40069.exe
2284	Unicorn-7951.exe
540	Unicorn-27817.exe
2160	Unicorn-27817.exe
780	Unicorn-42761.exe
1124	Unicorn-58626.exe
1236	Unicorn-57235.exe
1772	Unicorn-15648.exe
1616	Unicorn-52980.exe
1652	Unicorn-2388.exe
2992	Unicorn-6472.exe
864	Unicorn-57064.exe
2088	Unicorn-14085.exe
3064	Unicorn-14085.exe
2104	Unicorn-44812.exe
2280	Unicorn-59757.exe
2164	Unicorn-48896.exe
1524	Unicorn-29030.exe
2656	Unicorn-42913.exe
2612	Unicorn-57858.exe
2772	Unicorn-65471.exe
2724	Unicorn-4018.exe
2696	Unicorn-18963.exe
2484	Unicorn-51081.exe
2192	Unicorn-489.exe
1316	Unicorn-45051.exe
2556	Unicorn-45051.exe
2784	Unicorn-59996.exe
1992	Unicorn-42721.exe
2752	Unicorn-65279.exe
2172	Unicorn-3826.exe
2516	Unicorn-38637.exe
308	Unicorn-4381.exe
1520	Unicorn-39191.exe
2264	Unicorn-43275.exe
2232	Unicorn-8465.exe
2544	Unicorn-24247.exe
1580	Unicorn-59057.exe
1964	Unicorn-28331.exe
1336	Unicorn-25591.exe
1716	Unicorn-17423.exe
992	Unicorn-32367.exe
2904	Unicorn-22253.exe
1296	Unicorn-11392.exe
2916	Unicorn-42119.exe
2508	Unicorn-42673.exe
1280	Unicorn-19561.exe
2200	Unicorn-23645.exe
2004	Unicorn-9062.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exeUnicorn-13130.exeUnicorn-8771.exeUnicorn-59363.exeUnicorn-59254.exeUnicorn-24444.exeUnicorn-8662.exeUnicorn-24527.exe

description	pid	process	target process
PID 2912 wrote to memory of 2332	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-13130.exe
PID 2912 wrote to memory of 2332	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-13130.exe
PID 2912 wrote to memory of 2332	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-13130.exe
PID 2912 wrote to memory of 2332	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-13130.exe
PID 2912 wrote to memory of 2960	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-8771.exe
PID 2912 wrote to memory of 2960	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-8771.exe
PID 2912 wrote to memory of 2960	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-8771.exe
PID 2912 wrote to memory of 2960	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	Unicorn-8771.exe
PID 2332 wrote to memory of 2224	2332	Unicorn-13130.exe	Unicorn-59363.exe
PID 2332 wrote to memory of 2224	2332	Unicorn-13130.exe	Unicorn-59363.exe
PID 2332 wrote to memory of 2224	2332	Unicorn-13130.exe	Unicorn-59363.exe
PID 2332 wrote to memory of 2224	2332	Unicorn-13130.exe	Unicorn-59363.exe
PID 2912 wrote to memory of 2804	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	WerFault.exe
PID 2912 wrote to memory of 2804	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	WerFault.exe
PID 2912 wrote to memory of 2804	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	WerFault.exe
PID 2912 wrote to memory of 2804	2912	8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe	WerFault.exe
PID 2960 wrote to memory of 2716	2960	Unicorn-8771.exe	Unicorn-24444.exe
PID 2960 wrote to memory of 2716	2960	Unicorn-8771.exe	Unicorn-24444.exe
PID 2960 wrote to memory of 2716	2960	Unicorn-8771.exe	Unicorn-24444.exe
PID 2960 wrote to memory of 2716	2960	Unicorn-8771.exe	Unicorn-24444.exe
PID 2224 wrote to memory of 2728	2224	Unicorn-59363.exe	Unicorn-59254.exe
PID 2224 wrote to memory of 2728	2224	Unicorn-59363.exe	Unicorn-59254.exe
PID 2224 wrote to memory of 2728	2224	Unicorn-59363.exe	Unicorn-59254.exe
PID 2224 wrote to memory of 2728	2224	Unicorn-59363.exe	Unicorn-59254.exe
PID 2332 wrote to memory of 2712	2332	Unicorn-13130.exe	Unicorn-8662.exe
PID 2332 wrote to memory of 2712	2332	Unicorn-13130.exe	Unicorn-8662.exe
PID 2332 wrote to memory of 2712	2332	Unicorn-13130.exe	Unicorn-8662.exe
PID 2332 wrote to memory of 2712	2332	Unicorn-13130.exe	Unicorn-8662.exe
PID 2332 wrote to memory of 2528	2332	Unicorn-13130.exe	WerFault.exe
PID 2332 wrote to memory of 2528	2332	Unicorn-13130.exe	WerFault.exe
PID 2332 wrote to memory of 2528	2332	Unicorn-13130.exe	WerFault.exe
PID 2332 wrote to memory of 2528	2332	Unicorn-13130.exe	WerFault.exe
PID 2728 wrote to memory of 2136	2728	Unicorn-59254.exe	Unicorn-24527.exe
PID 2728 wrote to memory of 2136	2728	Unicorn-59254.exe	Unicorn-24527.exe
PID 2728 wrote to memory of 2136	2728	Unicorn-59254.exe	Unicorn-24527.exe
PID 2728 wrote to memory of 2136	2728	Unicorn-59254.exe	Unicorn-24527.exe
PID 2224 wrote to memory of 2708	2224	Unicorn-59363.exe	Unicorn-8745.exe
PID 2224 wrote to memory of 2708	2224	Unicorn-59363.exe	Unicorn-8745.exe
PID 2224 wrote to memory of 2708	2224	Unicorn-59363.exe	Unicorn-8745.exe
PID 2224 wrote to memory of 2708	2224	Unicorn-59363.exe	Unicorn-8745.exe
PID 2716 wrote to memory of 2900	2716	Unicorn-24444.exe	Unicorn-63421.exe
PID 2716 wrote to memory of 2900	2716	Unicorn-24444.exe	Unicorn-63421.exe
PID 2716 wrote to memory of 2900	2716	Unicorn-24444.exe	Unicorn-63421.exe
PID 2716 wrote to memory of 2900	2716	Unicorn-24444.exe	Unicorn-63421.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-8662.exe	Unicorn-49223.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-8662.exe	Unicorn-49223.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-8662.exe	Unicorn-49223.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-8662.exe	Unicorn-49223.exe
PID 2960 wrote to memory of 2008	2960	Unicorn-8771.exe	Unicorn-29357.exe
PID 2960 wrote to memory of 2008	2960	Unicorn-8771.exe	Unicorn-29357.exe
PID 2960 wrote to memory of 2008	2960	Unicorn-8771.exe	Unicorn-29357.exe
PID 2960 wrote to memory of 2008	2960	Unicorn-8771.exe	Unicorn-29357.exe
PID 2960 wrote to memory of 852	2960	Unicorn-8771.exe	WerFault.exe
PID 2960 wrote to memory of 852	2960	Unicorn-8771.exe	WerFault.exe
PID 2960 wrote to memory of 852	2960	Unicorn-8771.exe	WerFault.exe
PID 2960 wrote to memory of 852	2960	Unicorn-8771.exe	WerFault.exe
PID 2224 wrote to memory of 1900	2224	Unicorn-59363.exe	WerFault.exe
PID 2224 wrote to memory of 1900	2224	Unicorn-59363.exe	WerFault.exe
PID 2224 wrote to memory of 1900	2224	Unicorn-59363.exe	WerFault.exe
PID 2224 wrote to memory of 1900	2224	Unicorn-59363.exe	WerFault.exe
PID 2136 wrote to memory of 1632	2136	Unicorn-24527.exe	Unicorn-23733.exe
PID 2136 wrote to memory of 1632	2136	Unicorn-24527.exe	Unicorn-23733.exe
PID 2136 wrote to memory of 1632	2136	Unicorn-24527.exe	Unicorn-23733.exe
PID 2136 wrote to memory of 1632	2136	Unicorn-24527.exe	Unicorn-23733.exe

C:\Users\Admin\AppData\Local\Temp\8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe
"C:\Users\Admin\AppData\Local\Temp\8656933995aad8fcdd3b9b0984dbb209bebd9045d24cccb45daa9323206bc3be.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
10⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
11⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
12⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
13⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
14⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
15⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
15⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
14⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
13⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
12⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
11⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-36617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36617.exe
10⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
11⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
12⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2358.exe
13⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
14⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
14⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
12⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
11⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
9⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
10⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
11⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
12⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
13⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
14⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
14⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
11⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
10⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
9⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
9⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
8⤵
- Program crash
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
9⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
11⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
12⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
13⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
14⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 236
14⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
13⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
12⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
11⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
11⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
12⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
13⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
13⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 236
12⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 220
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
8⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
11⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
12⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
13⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 236
13⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
12⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
11⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
10⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
9⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
8⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
7⤵
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-57235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57235.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
8⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42673.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
11⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
12⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
13⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 216
13⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 236
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
9⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 224
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
8⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
7⤵
- Program crash
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
6⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
9⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
10⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
11⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
12⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-14802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14802.exe
13⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
14⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
14⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
13⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
12⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
11⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
10⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
11⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
12⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
13⤵
PID:12100

C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
14⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12100 -s 216
14⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 220
12⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
10⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
9⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
8⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
11⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
12⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
13⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
13⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
8⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
8⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-38585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38585.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
11⤵
PID:6688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
12⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
13⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
13⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 236
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
11⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe
12⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
12⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
10⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
7⤵
- Program crash
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
11⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
12⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
13⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 216
13⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 236
12⤵
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
10⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
8⤵
- Program crash
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
7⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
11⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
12⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 216
12⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
8⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
7⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
6⤵
- Program crash
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
9⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
11⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
12⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
13⤵
PID:12112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
14⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
13⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 220
12⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
10⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 220
9⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
8⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
11⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
12⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
13⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
13⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
9⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
8⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
7⤵
- Executes dropped EXE
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
8⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
12⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
13⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
13⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 236
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
11⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
11⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
12⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 236
12⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 220
8⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
7⤵
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
10⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
11⤵
PID:9624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
11⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
9⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
7⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
10⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
11⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
12⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
12⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
- Program crash
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
6⤵
- Program crash
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
7⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
8⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
11⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
12⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
13⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
13⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
11⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
11⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
12⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 216
12⤵
PID:13824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
10⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
10⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
11⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-6860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6860.exe
12⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11296 -s 216
12⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
11⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
8⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
7⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
6⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
7⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
10⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
11⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
12⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 236
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
8⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
9⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
10⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
11⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 236
10⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
9⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
7⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
6⤵
- Program crash
PID:384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
5⤵
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
9⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
10⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-20791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20791.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
12⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58487.exe
13⤵
PID:11776

C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
14⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11776 -s 216
14⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
13⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
12⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
11⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
11⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
12⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
13⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
13⤵
PID:14012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 220
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
8⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
11⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
12⤵
PID:11380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
13⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11380 -s 216
13⤵
PID:13832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
12⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
9⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
8⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
7⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
8⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
7⤵
- Program crash
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
7⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
8⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
10⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
12⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
13⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 216
13⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 236
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
10⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
11⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
12⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
12⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 236
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
9⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
8⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
7⤵
- Program crash
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
6⤵
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
7⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
10⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 220
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
10⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
9⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-6307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6307.exe
10⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
11⤵
PID:11664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
12⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11664 -s 216
12⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
8⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
6⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
7⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
10⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
11⤵
PID:11960

C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
12⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11960 -s 216
12⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 220
10⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
8⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
7⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
8⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
9⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
10⤵
PID:11968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11968 -s 220
11⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
10⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 220
9⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
8⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
6⤵
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
5⤵
- Program crash
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
11⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 212
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
9⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
10⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
11⤵
PID:12072

C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
12⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12072 -s 216
12⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
10⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
9⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
8⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
7⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
9⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
10⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
11⤵
PID:11616

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
12⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11616 -s 220
12⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
10⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
8⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
- Program crash
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
6⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-30189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30189.exe
10⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
11⤵
PID:11340

C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11340 -s 216
12⤵
PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
8⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
9⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
10⤵
PID:11488

C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
11⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11488 -s 216
11⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
10⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
9⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
8⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
6⤵
- Program crash
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
6⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
7⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
10⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
11⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
12⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 220
12⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 236
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
7⤵
- Program crash
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
6⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
7⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
8⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
9⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
10⤵
PID:11332

C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
11⤵
PID:13800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 220
10⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
9⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 220
8⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
7⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 220
6⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
5⤵
- Program crash
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
9⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
11⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
12⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
13⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
14⤵
PID:11628

C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
15⤵
PID:14144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 236
14⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
13⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
12⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
11⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
11⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
12⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
13⤵
PID:11796

C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
14⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 236
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
10⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
11⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
12⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
13⤵
PID:12268

C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
14⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 220
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
12⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
9⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
8⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
10⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
12⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
13⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
13⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 236
12⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
11⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
9⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
7⤵
- Program crash
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
7⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
11⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
12⤵
PID:12180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
13⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12180 -s 220
13⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
9⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
8⤵
- Program crash
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
7⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
10⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
11⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
12⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11580 -s 216
12⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
11⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-39789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39789.exe
7⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
8⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-56421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56421.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 188
12⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 236
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
8⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
7⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
10⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
11⤵
PID:11320

C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
12⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11320 -s 216
12⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
11⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
7⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
6⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
7⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
11⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
12⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
12⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 236
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
10⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
8⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
7⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-20791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20791.exe
8⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
9⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
10⤵
PID:11840

C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
11⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11840 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
10⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
9⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
8⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
6⤵
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
5⤵
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
12⤵
PID:11724

C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
13⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11724 -s 216
13⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
11⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
10⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
11⤵
PID:11880

C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
12⤵
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11880 -s 216
12⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 220
11⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
10⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 220
9⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
8⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
10⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
11⤵
PID:11748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11748 -s 216
12⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
11⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
9⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
8⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
6⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
10⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
11⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
12⤵
PID:13396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 236
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
7⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
8⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
9⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
10⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
11⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
11⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 236
10⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
9⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
8⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
7⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
6⤵
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
7⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
10⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
11⤵
PID:11888

C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
12⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11888 -s 220
12⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 220
11⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
10⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
8⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
8⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
9⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
10⤵
PID:11536

C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
11⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11536 -s 216
11⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
10⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
9⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
8⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 220
7⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
6⤵
- Program crash
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
5⤵
- Program crash
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-29357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29357.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
7⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-277.exe
11⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
12⤵
PID:11912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
13⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11912 -s 216
13⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
12⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 220
11⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
9⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
10⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
11⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
12⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10296 -s 216
12⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
10⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
7⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
10⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
11⤵
PID:11408

C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
12⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11408 -s 216
12⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 236
11⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
10⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 236
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
7⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
6⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
10⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
11⤵
PID:11736

C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
12⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11736 -s 216
12⤵
PID:14316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
11⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
10⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
8⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
8⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
9⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
10⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 220
11⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 236
10⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
9⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
8⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
7⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
6⤵
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
6⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
7⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
10⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
11⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
12⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 236
11⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
10⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 216
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
7⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
6⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
7⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
8⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
9⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
10⤵
PID:12240

C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
11⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 220
10⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
9⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
8⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
7⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
6⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 220
5⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 200
6⤵
- Program crash
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
5⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
4⤵
- Program crash
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
2⤵
- Program crash
PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe

Filesize
184KB

MD5
fe7116511243ad94349182221de8da21

SHA1
d1f63ff9086ec273a44272a6c257c195ee16db4a

SHA256
eadadc292c597f986a3c1de8f06aadd36ae65271c9d9efe57a647a60a6cd405d

SHA512
b2beaa15e03443d35ddcfb4a374c366e1b88d2eaf6bfeb278d28763a8e2f34d44c011eee574b40629eb2b64ce1dc98b0d88826c0f3d792632c952e7b510bcd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29357.exe

Filesize
184KB

MD5
d82baba5f6a9593d7a2783ef07a36ca8

SHA1
238ca26ac7757126861b034cd4ae4f4697af0eb9

SHA256
6200b0511212c9ce9ac23551c4e5bdaadd063359de7c8480b02a3c851480c3f5

SHA512
46f1a92559ea239ba9b46f4082d6a54996401190a69fd20f1d29a50c8a675753e198ceaa9c022f01f7cbd55f140ff3aa7236f0f011acbd8309880cc2a869dece

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe

Filesize
184KB

MD5
05aba49c3ac482ee4cfb092b3e99a8c0

SHA1
101e549352f451f353dfe16376d80a8976ef740e

SHA256
02311ba2534e8bac5c4654df41d6454ae24dde5449668356cc0b5e98b1109991

SHA512
944a0f48805a7bb8a70e773bf3cc05273b3375226672cd7ccab93463500e605a00df421cf15c03207da0fb0331bc4250d7a4699d9593d185804d0d74ab37082b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe

Filesize
184KB

MD5
fb5966af60a265647cf92deafb70cd1d

SHA1
106089649eb7fc741516fc69f93d1924eda28eda

SHA256
ec752002ee659a7e3f547f4b8ce5305805f7189c349f3fa8aee2cd8d132d1439

SHA512
ab0c7b92b5c3f2a4aa536ace4d54b12f7757587adc2e5875a16c86b4ce7682bcdadf4d9ac9b241e4d31f6bfb382b4df5c0a321bcaebab5819392e6dae8ed09d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe

Filesize
184KB

MD5
cd001c4834f0b3653d088815e45810d0

SHA1
8289dfd45402503f71882a92076b6735768b6ce9

SHA256
da7ff3762854e7e5bd461b5a16de579820964ba07ba5d26fe1b2768d3dcb8891

SHA512
d06e2eec853f7e5bc2f3cfb7483e39f051ee5e7c6c9bf64abc19e46f1d9356581734a49b1974f4c4f98bd68c0d51a0afce9deb24348419515a4918ef6d201501

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe

Filesize
184KB

MD5
043980bc46c71aac1756b31e3c1bf77f

SHA1
ac65d4b5d4cf451b16b05e1b85bdcd19fbeddd20

SHA256
4cbd87e55a3cb11204472905fc065605d03b629e787e741aa9e110ae52c882c0

SHA512
f8451e237bdbbcb29803148281ef8200e6c851f14d9f8fc36fc7c9846f27989114fd528affc481c9d99336619821bb38fd755768982aae41ed6722aef8da28fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe

Filesize
184KB

MD5
cbbb8350315e13aec5a76460d33c0975

SHA1
5600651fb139259025fbfd5af6d91ac38e32caef

SHA256
68dd0030a373af7ce61e458b37d312a0269e837691d076484c0fd878ec0a5c5b

SHA512
e2649c6e3a699f71fee2f2469de7a2afe8b2f2b93aee24acefe1b3c2d2ca520bba0c77384c305bafb53bd287ff181a3c2e3d52a84828b5003d16775c4d2b6d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe

Filesize
184KB

MD5
30d58b852fe4c4e1b388ee030bc53711

SHA1
3e411331a951efd90635895ed43a6929901a6d23

SHA256
0c65ec683af87b42776cfb6e81cf8a63d8475dd3aba9baa56dd84b71616cc952

SHA512
fce18fb6fa0ab655105686e3d5e50b256336f419517b93fd76fb49406a102f4ec87516a9ff031c891f5f6acd404312ca29114c11f3b7157f0733497a5c75e702

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe

Filesize
184KB

MD5
5e02bc92c7d930a34800d498e342d600

SHA1
4b0f1526f1e03cc16388b70db82a4767292b9c8f

SHA256
d53acec72e66bd32ae8ed365c3595480e3726e17f68b0c22078ec452912a7ff0

SHA512
264ff68adc8ea3b0847681bec9b35829fa68d5b0dc7d3f5eb5407c1e2f27a530761253534ac04169fed122038dc118637e54f057a6532cad61f494cd887f3b96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe

Filesize
184KB

MD5
a18e2d44888f85d7c3209e07292f1926

SHA1
ffa9bde040ece21ab07ee8b0f3c24cb4d7e77c05

SHA256
c76be3556dfeb5ea94e2abc2dbba6e421bb7b71eb4a7598f4704580384a7d264

SHA512
7477d51b76bcae6b74fd3a3906b4ec5129a4b6bf474388f64895214e22aedeba9dddad82c4313a67bac78afff56a62ece6d6d97d9609317aba16352d94238f9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe

Filesize
184KB

MD5
73d44c82379cc3090262cace3b5a65dc

SHA1
ec003f8b4ebbfb8eeb25c48e567e36a00d0d1b44

SHA256
317dc54bad996259605489180bfec42e2f4bae5bb83d32792c1ae697c22fd84c

SHA512
1bb5de3bd8b68f9343c60bdb178580863d05b6df58a168f3e4ea177de3fb28af6a516b68be5fc24332cd5a77f6cfa63365d2b0c62d50422c82ec49f197c81deb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe

Filesize
184KB

MD5
3b125f614da44441e7586b5dcdc89f69

SHA1
764a1e2bbe57fe34df5c40e7b77b0cb640fa9c3c

SHA256
5a999bccdd961fc326654cf40fab972c55928d1448e2f79d93c5bb8b0f19f376

SHA512
cd6198ae1e41e89c1c5feab0f3d69c11038b9180733e5f1ca9afdc0d9a222e765fa32003f748c05079d09652dce035c78a1f1183f9a8ba09e6067aae0d98c9a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe

Filesize
184KB

MD5
b2c4405ee09b8f6c137ce279b3385c74

SHA1
be4652493f0f5414adc9c71fb038d51830e38526

SHA256
f0dc760f86839e1f466d53e2e6a35b01fb2f2a8cfc1b1cfc4c2d4cc3bf1d7738

SHA512
3b2f293ae8931ff8f530b969dff20785ad0e06fb3706cd97c5f428848b99d47618dd51ff19aeaf9936db61a5e3f905416ff7aff6698b651598cb8a6d57087d26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe

Filesize
184KB

MD5
d61b4f2970b8417cfd3e585168dcbaac

SHA1
c8077facaed6a3a575ba5b96a2e2dcc95acd9bfc

SHA256
68ed4be862a7a78da251a0dbe775ecb43ef53e761fe59c6b8bb27f984622f91b

SHA512
c59471e1fb35977dd1310842fd1853330e950c8e65880d4cc91af57009a05045a17257db8d7c0b79d3b618a6646f70ded45cd7dc4ceb4bda265c61fbd9636e1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe

Filesize
184KB

MD5
bb4541652024a59680e554db75c5b2ee

SHA1
49930d4755088c19155d1366b0c8353cdf110e17

SHA256
c3dbb81dc7ce7e2eaf65a932c3ce9b0f34ae98949a7b96789bfc454fe6ae97c3

SHA512
03f80a303ed3486046b88d2bc4dfbff3e7802602f320180dc67c216b2dfb3ba75fe747f8fac51562901d726aab5b346be9a87b748c941204b0a326deef47dd17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe

Filesize
184KB

MD5
923f407b90b662b089c23fbe94c33c47

SHA1
b388a2d8294cf4063097ba321288a56271c5c720

SHA256
1c0427f444c7582caa62e629a2aed6ef723a7469795ba031962fd4d9f880f7ca

SHA512
d3abfcebfa32feaea0b89104460634c4cf9658965d0cf0a92eaa21759fb56ccdc6adfbb8961a502c37b99f985da6196517b726b45b9ada0db9f5e6f820518915

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe

Filesize
184KB

MD5
1854a9ed325ead3e1c28c5bce8d21ff6

SHA1
6d8767eb29446e89006fede857796699b3dca161

SHA256
d23904187954d225aae210feef267143cbea1ca8b4a4b9b0a60bcb0c6f3b469d

SHA512
a5f4605aae7eed2e773d521168e5d5f8dd9b972227fa2db1a1267bea3a27c99a9f09af45c1c7f64dec6af34c75c40c15143ae69c267b6a0365aa8eb823f208df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe

Filesize
184KB

MD5
453a7d77c3bacfe04a30a963bd6cb215

SHA1
c73129eae8d4d164e2f31143000acf50023ba58a

SHA256
2e4087631143b0d41a07baac620431b85425143d141f38a98c0fd8b0fe22916e

SHA512
a9fd9f86f78176f4696b9d1e3b07f24971124de7b092df297b120c17ef8c87c4e749d3b72af5cb6ca2e741a84d18102f04697294938ba83cf579ddfbfc5a5bfc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe

Filesize
184KB

MD5
68d420bb5afac1ec326140eb66d5c599

SHA1
99463886be78a627f9cd0f326e6d9b043f9463f6

SHA256
54ec25a24fd8e8e30e5cb66e2107f974f8da6f5b2a577459bd864c05defc4d4f

SHA512
4a4642d186cf7b9363d128ea36efd46b73c7fb917bd47fa1b0d2dd1924a39c5a8f076ac641c67dbceef646dccb36da7d25d466ad59498e8d94e91ed1c561f2d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe

Filesize
184KB

MD5
7a6b30e81622d1b7f9c1291468b70786

SHA1
5f2427d13734f21d415acb55a365ea704449808c

SHA256
9da99eb047156a8bf308602d4649cb1b1640357d1b5ef0b090ba3bddbbde015b

SHA512
122465928a26ebbc45a0e5c136a5c285f5b62dcbaf899802abb383651b49ad991cf0aba038597276e89c6b27bd1f840ef36f9db8112f42ecbed6c5bc2de08e9d

Download Submit