2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
Size

184KB
MD5

bcdf430a378fa2151c59ed0dac1f8bc3
SHA1

5c6bc43908f5c13f7c93a54f578f403e8e2731d8
SHA256

2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630
SHA512

e03958f1f0961510fb8390a7e486d2786b4995d8717807f16aeac94011672221e476c1f2d79b580bf94ff304feedf68199d435557b82ff8540b11799fed94c14
SSDEEP

3072:31FZKKocj0w4dPaW28ILRT11hlnViFcn3:31noikPavLN11hlnViFc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-32994.exeUnicorn-61343.exeUnicorn-15672.exeUnicorn-13772.exeUnicorn-64919.exeUnicorn-40969.exeUnicorn-63611.exeUnicorn-17940.exeUnicorn-65002.exeUnicorn-30192.exeUnicorn-6242.exeUnicorn-4701.exeUnicorn-31344.exeUnicorn-46289.exeUnicorn-7415.exeUnicorn-22360.exeUnicorn-49003.exeUnicorn-3331.exeUnicorn-38142.exeUnicorn-56699.exeUnicorn-63476.exeUnicorn-17805.exeUnicorn-22443.exeUnicorn-60783.exeUnicorn-58645.exeUnicorn-34695.exeUnicorn-50477.exeUnicorn-46393.exeUnicorn-55116.exeUnicorn-9444.exeUnicorn-36087.exeUnicorn-16221.exeUnicorn-40446.exeUnicorn-25733.exeUnicorn-56782.exeUnicorn-32832.exeUnicorn-52698.exeUnicorn-42392.exeUnicorn-30140.exeUnicorn-4052.exeUnicorn-9527.exeUnicorn-47031.exeUnicorn-62812.exeUnicorn-5998.exeUnicorn-17696.exeUnicorn-13611.exeUnicorn-48422.exeUnicorn-28556.exeUnicorn-22334.exeUnicorn-22334.exeUnicorn-37478.exeUnicorn-38032.exeUnicorn-63928.exeUnicorn-21504.exeUnicorn-11198.exeUnicorn-31064.exeUnicorn-18812.exeUnicorn-18812.exeUnicorn-54177.exeUnicorn-15282.exeUnicorn-21526.exeUnicorn-21526.exeUnicorn-52807.exeUnicorn-3051.exe

pid	process
1740	Unicorn-32994.exe
1932	Unicorn-61343.exe
2916	Unicorn-15672.exe
2624	Unicorn-13772.exe
2784	Unicorn-64919.exe
2680	Unicorn-40969.exe
2260	Unicorn-63611.exe
2100	Unicorn-17940.exe
2912	Unicorn-65002.exe
2868	Unicorn-30192.exe
3000	Unicorn-6242.exe
2760	Unicorn-4701.exe
816	Unicorn-31344.exe
2308	Unicorn-46289.exe
2828	Unicorn-7415.exe
2960	Unicorn-22360.exe
1984	Unicorn-49003.exe
2088	Unicorn-3331.exe
776	Unicorn-38142.exe
2228	Unicorn-56699.exe
844	Unicorn-63476.exe
1772	Unicorn-17805.exe
1612	Unicorn-22443.exe
2432	Unicorn-60783.exe
912	Unicorn-58645.exe
1976	Unicorn-34695.exe
2576	Unicorn-50477.exe
812	Unicorn-46393.exe
1744	Unicorn-55116.exe
1796	Unicorn-9444.exe
2964	Unicorn-36087.exe
2320	Unicorn-16221.exe
2692	Unicorn-40446.exe
2928	Unicorn-25733.exe
2788	Unicorn-56782.exe
2632	Unicorn-32832.exe
2720	Unicorn-52698.exe
2572	Unicorn-42392.exe
2844	Unicorn-30140.exe
2864	Unicorn-4052.exe
2740	Unicorn-9527.exe
2172	Unicorn-47031.exe
744	Unicorn-62812.exe
2536	Unicorn-5998.exe
1620	Unicorn-17696.exe
1428	Unicorn-13611.exe
3064	Unicorn-48422.exe
3068	Unicorn-28556.exe
3036	Unicorn-22334.exe
2264	Unicorn-22334.exe
2248	Unicorn-37478.exe
848	Unicorn-38032.exe
316	Unicorn-63928.exe
2976	Unicorn-21504.exe
2968	Unicorn-11198.exe
880	Unicorn-31064.exe
2124	Unicorn-18812.exe
1568	Unicorn-18812.exe
1592	Unicorn-54177.exe
2428	Unicorn-15282.exe
2652	Unicorn-21526.exe
2500	Unicorn-21526.exe
2520	Unicorn-52807.exe
2540	Unicorn-3051.exe

Loads dropped DLL 64 IoCs

Processes:

2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exeUnicorn-32994.exeUnicorn-61343.exeUnicorn-15672.exeWerFault.exeUnicorn-13772.exeUnicorn-40969.exeUnicorn-64919.exeWerFault.exeWerFault.exeUnicorn-63611.exeUnicorn-17940.exeUnicorn-65002.exeUnicorn-30192.exeUnicorn-6242.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
1740	Unicorn-32994.exe
1740	Unicorn-32994.exe
1932	Unicorn-61343.exe
1932	Unicorn-61343.exe
2916	Unicorn-15672.exe
2916	Unicorn-15672.exe
1740	Unicorn-32994.exe
1740	Unicorn-32994.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
1932	Unicorn-61343.exe
2624	Unicorn-13772.exe
1932	Unicorn-61343.exe
2624	Unicorn-13772.exe
2680	Unicorn-40969.exe
2784	Unicorn-64919.exe
2680	Unicorn-40969.exe
2784	Unicorn-64919.exe
2916	Unicorn-15672.exe
2916	Unicorn-15672.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
2260	Unicorn-63611.exe
2260	Unicorn-63611.exe
2100	Unicorn-17940.exe
2100	Unicorn-17940.exe
2624	Unicorn-13772.exe
2624	Unicorn-13772.exe
2912	Unicorn-65002.exe
2912	Unicorn-65002.exe
2784	Unicorn-64919.exe
2784	Unicorn-64919.exe
2680	Unicorn-40969.exe
2680	Unicorn-40969.exe
2868	Unicorn-30192.exe
2868	Unicorn-30192.exe
3000	Unicorn-6242.exe
3000	Unicorn-6242.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1776	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2708	2376	WerFault.exe	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
2524	1740	WerFault.exe	Unicorn-32994.exe
1628	1932	WerFault.exe	Unicorn-61343.exe
1444	2916	WerFault.exe	Unicorn-15672.exe
628	2624	WerFault.exe	Unicorn-13772.exe
1084	2680	WerFault.exe	Unicorn-40969.exe
1776	2784	WerFault.exe	Unicorn-64919.exe
1040	2260	WerFault.exe	Unicorn-63611.exe
2328	2100	WerFault.exe	Unicorn-17940.exe
2364	2912	WerFault.exe	Unicorn-65002.exe
2348	2868	WerFault.exe	Unicorn-30192.exe
2640	3000	WerFault.exe	Unicorn-6242.exe
264	2760	WerFault.exe	Unicorn-4701.exe
768	816	WerFault.exe	Unicorn-31344.exe
996	2308	WerFault.exe	Unicorn-46289.exe
1484	776	WerFault.exe	Unicorn-38142.exe
1536	2828	WerFault.exe	Unicorn-7415.exe
1060	2088	WerFault.exe	Unicorn-3331.exe
1388	1984	WerFault.exe	Unicorn-49003.exe
2556	2228	WerFault.exe	Unicorn-56699.exe
1120	844	WerFault.exe	Unicorn-63476.exe
1324	1772	WerFault.exe	Unicorn-17805.exe
1532	1612	WerFault.exe	Unicorn-22443.exe
2292	2432	WerFault.exe	Unicorn-60783.exe
1704	912	WerFault.exe	Unicorn-58645.exe
1936	2576	WerFault.exe	Unicorn-50477.exe
2648	2964	WerFault.exe	Unicorn-36087.exe
2804	1744	WerFault.exe	Unicorn-55116.exe
2672	1796	WerFault.exe	Unicorn-9444.exe
2560	812	WerFault.exe	Unicorn-46393.exe
2096	2320	WerFault.exe	Unicorn-16221.exe
1696	2692	WerFault.exe	Unicorn-40446.exe
2668	2928	WerFault.exe	Unicorn-25733.exe
1644	2632	WerFault.exe	Unicorn-32832.exe
1332	2720	WerFault.exe	Unicorn-52698.exe
300	2788	WerFault.exe	Unicorn-56782.exe
3088	3064	WerFault.exe	Unicorn-48422.exe
3096	2844	WerFault.exe	Unicorn-30140.exe
3136	2740	WerFault.exe	Unicorn-9527.exe
3200	2172	WerFault.exe	Unicorn-47031.exe
3480	2572	WerFault.exe	Unicorn-42392.exe
3724	2864	WerFault.exe	Unicorn-4052.exe
3948	2248	WerFault.exe	Unicorn-37478.exe
3988	848	WerFault.exe	Unicorn-38032.exe
3304	744	WerFault.exe	Unicorn-62812.exe
3332	2536	WerFault.exe	Unicorn-5998.exe
3412	1428	WerFault.exe	Unicorn-13611.exe
3444	880	WerFault.exe	Unicorn-31064.exe
3472	2688	WerFault.exe	Unicorn-38416.exe
3496	2508	WerFault.exe	Unicorn-11774.exe
3564	3068	WerFault.exe	Unicorn-28556.exe
3572	2264	WerFault.exe	Unicorn-22334.exe
3612	568	WerFault.exe	Unicorn-54198.exe
3632	832	WerFault.exe	Unicorn-9081.exe
3676	2124	WerFault.exe	Unicorn-18812.exe
3772	1804	WerFault.exe	Unicorn-39808.exe
3832	2780	WerFault.exe	Unicorn-62366.exe
3852	1064	WerFault.exe	Unicorn-17250.exe
3868	1812	WerFault.exe	Unicorn-19942.exe
3888	1780	WerFault.exe	Unicorn-58837.exe
3912	2500	WerFault.exe	Unicorn-21526.exe
3160	2976	WerFault.exe	Unicorn-21504.exe
3712	1620	WerFault.exe	Unicorn-17696.exe
3956	2652	WerFault.exe	Unicorn-21526.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exeUnicorn-32994.exeUnicorn-61343.exeUnicorn-15672.exeUnicorn-13772.exeUnicorn-64919.exeUnicorn-40969.exeUnicorn-63611.exeUnicorn-17940.exeUnicorn-65002.exeUnicorn-6242.exeUnicorn-30192.exeUnicorn-4701.exeUnicorn-31344.exeUnicorn-46289.exeUnicorn-7415.exeUnicorn-22360.exeUnicorn-38142.exeUnicorn-49003.exeUnicorn-3331.exeUnicorn-56699.exeUnicorn-63476.exeUnicorn-17805.exeUnicorn-22443.exeUnicorn-60783.exeUnicorn-58645.exeUnicorn-34695.exeUnicorn-50477.exeUnicorn-46393.exeUnicorn-55116.exeUnicorn-9444.exeUnicorn-36087.exeUnicorn-16221.exeUnicorn-40446.exeUnicorn-25733.exeUnicorn-32832.exeUnicorn-56782.exeUnicorn-52698.exeUnicorn-42392.exeUnicorn-30140.exeUnicorn-4052.exeUnicorn-9527.exeUnicorn-47031.exeUnicorn-62812.exeUnicorn-5998.exeUnicorn-17696.exeUnicorn-13611.exeUnicorn-48422.exeUnicorn-28556.exeUnicorn-22334.exeUnicorn-37478.exeUnicorn-38032.exeUnicorn-63928.exeUnicorn-21504.exeUnicorn-31064.exeUnicorn-11198.exeUnicorn-18812.exeUnicorn-18812.exeUnicorn-54177.exeUnicorn-15282.exeUnicorn-21526.exeUnicorn-21526.exeUnicorn-52807.exeUnicorn-11774.exe

pid	process
2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
1740	Unicorn-32994.exe
1932	Unicorn-61343.exe
2916	Unicorn-15672.exe
2624	Unicorn-13772.exe
2784	Unicorn-64919.exe
2680	Unicorn-40969.exe
2260	Unicorn-63611.exe
2100	Unicorn-17940.exe
2912	Unicorn-65002.exe
3000	Unicorn-6242.exe
2868	Unicorn-30192.exe
2760	Unicorn-4701.exe
816	Unicorn-31344.exe
2308	Unicorn-46289.exe
2828	Unicorn-7415.exe
2960	Unicorn-22360.exe
776	Unicorn-38142.exe
1984	Unicorn-49003.exe
2088	Unicorn-3331.exe
2228	Unicorn-56699.exe
844	Unicorn-63476.exe
1772	Unicorn-17805.exe
1612	Unicorn-22443.exe
2432	Unicorn-60783.exe
912	Unicorn-58645.exe
1976	Unicorn-34695.exe
2576	Unicorn-50477.exe
812	Unicorn-46393.exe
1744	Unicorn-55116.exe
1796	Unicorn-9444.exe
2964	Unicorn-36087.exe
2320	Unicorn-16221.exe
2692	Unicorn-40446.exe
2928	Unicorn-25733.exe
2632	Unicorn-32832.exe
2788	Unicorn-56782.exe
2720	Unicorn-52698.exe
2572	Unicorn-42392.exe
2844	Unicorn-30140.exe
2864	Unicorn-4052.exe
2740	Unicorn-9527.exe
2172	Unicorn-47031.exe
744	Unicorn-62812.exe
2536	Unicorn-5998.exe
1620	Unicorn-17696.exe
1428	Unicorn-13611.exe
3064	Unicorn-48422.exe
3068	Unicorn-28556.exe
2264	Unicorn-22334.exe
2248	Unicorn-37478.exe
848	Unicorn-38032.exe
316	Unicorn-63928.exe
2976	Unicorn-21504.exe
880	Unicorn-31064.exe
2968	Unicorn-11198.exe
1568	Unicorn-18812.exe
2124	Unicorn-18812.exe
1592	Unicorn-54177.exe
2428	Unicorn-15282.exe
2652	Unicorn-21526.exe
2500	Unicorn-21526.exe
2520	Unicorn-52807.exe
2508	Unicorn-11774.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exeUnicorn-32994.exeUnicorn-61343.exeUnicorn-15672.exeUnicorn-13772.exeUnicorn-40969.exeUnicorn-64919.exeUnicorn-63611.exe

description	pid	process	target process
PID 2376 wrote to memory of 1740	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-32994.exe
PID 2376 wrote to memory of 1740	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-32994.exe
PID 2376 wrote to memory of 1740	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-32994.exe
PID 2376 wrote to memory of 1740	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-32994.exe
PID 2376 wrote to memory of 1932	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-61343.exe
PID 2376 wrote to memory of 1932	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-61343.exe
PID 2376 wrote to memory of 1932	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-61343.exe
PID 2376 wrote to memory of 1932	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	Unicorn-61343.exe
PID 1740 wrote to memory of 2916	1740	Unicorn-32994.exe	Unicorn-15672.exe
PID 1740 wrote to memory of 2916	1740	Unicorn-32994.exe	Unicorn-15672.exe
PID 1740 wrote to memory of 2916	1740	Unicorn-32994.exe	Unicorn-15672.exe
PID 1740 wrote to memory of 2916	1740	Unicorn-32994.exe	Unicorn-15672.exe
PID 2376 wrote to memory of 2708	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	WerFault.exe
PID 2376 wrote to memory of 2708	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	WerFault.exe
PID 2376 wrote to memory of 2708	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	WerFault.exe
PID 2376 wrote to memory of 2708	2376	2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe	WerFault.exe
PID 1932 wrote to memory of 2624	1932	Unicorn-61343.exe	Unicorn-13772.exe
PID 1932 wrote to memory of 2624	1932	Unicorn-61343.exe	Unicorn-13772.exe
PID 1932 wrote to memory of 2624	1932	Unicorn-61343.exe	Unicorn-13772.exe
PID 1932 wrote to memory of 2624	1932	Unicorn-61343.exe	Unicorn-13772.exe
PID 2916 wrote to memory of 2784	2916	Unicorn-15672.exe	Unicorn-64919.exe
PID 2916 wrote to memory of 2784	2916	Unicorn-15672.exe	Unicorn-64919.exe
PID 2916 wrote to memory of 2784	2916	Unicorn-15672.exe	Unicorn-64919.exe
PID 2916 wrote to memory of 2784	2916	Unicorn-15672.exe	Unicorn-64919.exe
PID 1740 wrote to memory of 2680	1740	Unicorn-32994.exe	Unicorn-40969.exe
PID 1740 wrote to memory of 2680	1740	Unicorn-32994.exe	Unicorn-40969.exe
PID 1740 wrote to memory of 2680	1740	Unicorn-32994.exe	Unicorn-40969.exe
PID 1740 wrote to memory of 2680	1740	Unicorn-32994.exe	Unicorn-40969.exe
PID 1740 wrote to memory of 2524	1740	Unicorn-32994.exe	WerFault.exe
PID 1740 wrote to memory of 2524	1740	Unicorn-32994.exe	WerFault.exe
PID 1740 wrote to memory of 2524	1740	Unicorn-32994.exe	WerFault.exe
PID 1740 wrote to memory of 2524	1740	Unicorn-32994.exe	WerFault.exe
PID 1932 wrote to memory of 2260	1932	Unicorn-61343.exe	Unicorn-63611.exe
PID 1932 wrote to memory of 2260	1932	Unicorn-61343.exe	Unicorn-63611.exe
PID 1932 wrote to memory of 2260	1932	Unicorn-61343.exe	Unicorn-63611.exe
PID 1932 wrote to memory of 2260	1932	Unicorn-61343.exe	Unicorn-63611.exe
PID 2624 wrote to memory of 2100	2624	Unicorn-13772.exe	Unicorn-17940.exe
PID 2624 wrote to memory of 2100	2624	Unicorn-13772.exe	Unicorn-17940.exe
PID 2624 wrote to memory of 2100	2624	Unicorn-13772.exe	Unicorn-17940.exe
PID 2624 wrote to memory of 2100	2624	Unicorn-13772.exe	Unicorn-17940.exe
PID 2680 wrote to memory of 2868	2680	Unicorn-40969.exe	Unicorn-30192.exe
PID 2680 wrote to memory of 2868	2680	Unicorn-40969.exe	Unicorn-30192.exe
PID 2680 wrote to memory of 2868	2680	Unicorn-40969.exe	Unicorn-30192.exe
PID 2680 wrote to memory of 2868	2680	Unicorn-40969.exe	Unicorn-30192.exe
PID 2784 wrote to memory of 2912	2784	Unicorn-64919.exe	Unicorn-65002.exe
PID 2784 wrote to memory of 2912	2784	Unicorn-64919.exe	Unicorn-65002.exe
PID 2784 wrote to memory of 2912	2784	Unicorn-64919.exe	Unicorn-65002.exe
PID 2784 wrote to memory of 2912	2784	Unicorn-64919.exe	Unicorn-65002.exe
PID 2916 wrote to memory of 3000	2916	Unicorn-15672.exe	Unicorn-6242.exe
PID 2916 wrote to memory of 3000	2916	Unicorn-15672.exe	Unicorn-6242.exe
PID 2916 wrote to memory of 3000	2916	Unicorn-15672.exe	Unicorn-6242.exe
PID 2916 wrote to memory of 3000	2916	Unicorn-15672.exe	Unicorn-6242.exe
PID 1932 wrote to memory of 1628	1932	Unicorn-61343.exe	WerFault.exe
PID 1932 wrote to memory of 1628	1932	Unicorn-61343.exe	WerFault.exe
PID 1932 wrote to memory of 1628	1932	Unicorn-61343.exe	WerFault.exe
PID 1932 wrote to memory of 1628	1932	Unicorn-61343.exe	WerFault.exe
PID 2916 wrote to memory of 1444	2916	Unicorn-15672.exe	WerFault.exe
PID 2916 wrote to memory of 1444	2916	Unicorn-15672.exe	WerFault.exe
PID 2916 wrote to memory of 1444	2916	Unicorn-15672.exe	WerFault.exe
PID 2916 wrote to memory of 1444	2916	Unicorn-15672.exe	WerFault.exe
PID 2260 wrote to memory of 2760	2260	Unicorn-63611.exe	Unicorn-4701.exe
PID 2260 wrote to memory of 2760	2260	Unicorn-63611.exe	Unicorn-4701.exe
PID 2260 wrote to memory of 2760	2260	Unicorn-63611.exe	Unicorn-4701.exe
PID 2260 wrote to memory of 2760	2260	Unicorn-63611.exe	Unicorn-4701.exe

C:\Users\Admin\AppData\Local\Temp\2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe
"C:\Users\Admin\AppData\Local\Temp\2c3056b0c3ded26456e3b0f43789d90675765636d2f7f17dc40408310282c630.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
9⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
11⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
12⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
13⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
14⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 212
15⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 220
14⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
13⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
12⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
11⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
11⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
12⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
13⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
14⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
14⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
13⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
11⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-48835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48835.exe
10⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
11⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 220
13⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
12⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
11⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
10⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
9⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
8⤵
- Program crash
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
8⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
9⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
11⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
12⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
13⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
14⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
14⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
13⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
12⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
11⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
9⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
8⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-34009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34009.exe
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
11⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-8384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8384.exe
13⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
13⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
8⤵
- Program crash
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
7⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
8⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
9⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
11⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
12⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
13⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
14⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
14⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
13⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
12⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
11⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
10⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
11⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
12⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
13⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
13⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
12⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
8⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
7⤵
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
6⤵
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:744

C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
8⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
9⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
12⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
13⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 220
14⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
13⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
12⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
11⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
10⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
9⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
8⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
9⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
11⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
12⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 220
13⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
12⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
11⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 216
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
8⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
7⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
8⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
11⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
12⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
11⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
9⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
8⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
7⤵
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-2314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2314.exe
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
10⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
11⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
12⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
13⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
9⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
8⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
7⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
9⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
10⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
11⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
12⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 220
11⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
7⤵
- Program crash
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
8⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
9⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
10⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
11⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
12⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
13⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
14⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
14⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
13⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
11⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
10⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
13⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
13⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
12⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 240
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-3985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3985.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
10⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
11⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
12⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exe
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
12⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
11⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
10⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
9⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
7⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
8⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
10⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
11⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
12⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
13⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
11⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
9⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
8⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
7⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
8⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-4260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4260.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
11⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
12⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
13⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
12⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
10⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
8⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
8⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 220
9⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
6⤵
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
5⤵
- Program crash
PID:2640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
8⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
11⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
12⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
13⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
13⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
11⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
8⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
11⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
12⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 212
13⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
9⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
7⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
8⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
11⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
12⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
12⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
13⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 220
12⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
8⤵
- Program crash
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
7⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
6⤵
- Executes dropped EXE
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
6⤵
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
7⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
11⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
12⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
13⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 236
13⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 236
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
8⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
7⤵
- Program crash
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
6⤵
- Program crash
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
5⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
7⤵
- Executes dropped EXE
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
8⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
10⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
11⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
12⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 216
13⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
12⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 236
11⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
11⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
12⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
7⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
10⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
9⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
8⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
7⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
7⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
10⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
11⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
10⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
8⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
7⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
6⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
6⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
7⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
10⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
11⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
8⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
7⤵
- Program crash
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
6⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
7⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
10⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
10⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 236
8⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
7⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
6⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
5⤵
- Program crash
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
9⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
11⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
12⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
13⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
14⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
15⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
15⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
14⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
13⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
12⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
11⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
10⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
11⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
12⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
13⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
14⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
14⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
13⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
12⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
11⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
10⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
11⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
12⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
13⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
14⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
14⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
13⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
12⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
11⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
9⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
8⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
11⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
12⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
13⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
14⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 236
14⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
13⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
12⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
8⤵
- Program crash
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
10⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
11⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
12⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
13⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
14⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
12⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
11⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
10⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
11⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
11⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
8⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
7⤵
- Program crash
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
7⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
11⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
12⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 236
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 236
12⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 240
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
9⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
8⤵
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
6⤵
- Program crash
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
8⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-42688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42688.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
11⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
12⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
13⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
13⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
12⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 236
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
10⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
11⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
11⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
10⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
7⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
11⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 220
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
11⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
8⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
7⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
6⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
10⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
11⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
12⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
8⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
7⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
11⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
12⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
11⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
8⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
7⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
7⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
8⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
9⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
10⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
11⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
10⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
9⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
8⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
7⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
6⤵
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
7⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
9⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
10⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
11⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 236
10⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
9⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 220
8⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
7⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
6⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
7⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
8⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
9⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
10⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
10⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
9⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
8⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
7⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
6⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
5⤵
- Program crash
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
9⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
11⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
12⤵
PID:9704

C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
13⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
12⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
11⤵
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
9⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-64431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64431.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
11⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
10⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
8⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
7⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
7⤵
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
8⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
11⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
12⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 220
13⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
12⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
9⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
7⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
10⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
11⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
12⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
11⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
8⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
7⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
6⤵
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
8⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
11⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
12⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
13⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
12⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
10⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
12⤵
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
10⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
7⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
10⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
11⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 220
11⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
10⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
9⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
8⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
7⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
6⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
7⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41902.exe
9⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
10⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
11⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
12⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
11⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-27373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27373.exe
7⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
8⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
9⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
10⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
11⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
9⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
8⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
7⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
6⤵
- Program crash
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
5⤵
- Program crash
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
7⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
10⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
12⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
10⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
8⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
7⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
6⤵
- Program crash
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
6⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
6⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
7⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
8⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
9⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
10⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
9⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
8⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
7⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
6⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
5⤵
- Program crash
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
4⤵
- Program crash
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
2⤵
- Program crash
PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe

Filesize
184KB

MD5
b07c1d434eca49c9d1d23335315c3e84

SHA1
bb3545c926cd75999b387d8f8e02038cd0744787

SHA256
0b969745290174dedadbaba0d9099057949c6e516719f3ed9bd42c34149601de

SHA512
4fb80ef345aa739321942905cd9d15d550f74c2e07e3673dbfe3a3a59baca73a19b49a4b2c2cbcc0ea80186320f358b4c1d933822946f1f0052732d0eb2b4185

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe

Filesize
184KB

MD5
f67a5cf0f5d580b995561032f3345a64

SHA1
0f1af9ef89377662ec919839127bcb37b8dae011

SHA256
ab7afc07575893c85221207ce0b0af633c38c61ab4ea1bcbbfaca0616c8b982e

SHA512
8158656e86eadfa26b607372371085f1ef6bcdc1f03fc9d50bae9876868bfae43e877d5abbc0f7c7ff17caa62be6bab1a39aeb2c704b99d361c05e92f9b7023c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe

Filesize
184KB

MD5
bafb3e02cae51ce9817d2f04208161ee

SHA1
afebdf87fe22230f8ac9dbacd02bf82412ebad85

SHA256
3b26e4668deaea1b01dcffda58cca585dbeddec5dfd19a7f5dac456e53c9da46

SHA512
3fe66c14020f02f6cdea15016c98a6b9a54a59b5824ace376649f36beb3165222eb8a22b10c4352b1e281909d53d8afe4370dfc6cbd4bfee4bda4e3a6c617a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe

Filesize
184KB

MD5
7ec09a5e390dba7cabb32e96f6c65449

SHA1
f44474a8b89dc28649587f27cfcc6e2970eaacb5

SHA256
76137c9844f41063e8ca244b2bf269f9084f6e817a332846482b498998e5d598

SHA512
5ec512afc7e3d7ffbed21017886246f87b5eabfb638540f4829555b75e69c2641a69716fec43b9e70d237ceda95a36b1bb68e3ddbbbf3d7e9f97afd9fa7ce433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe

Filesize
184KB

MD5
62d35fa391734a8af0da5c08661b1529

SHA1
8dadd5595adb0de8e74b6a2b150f23496dfebd57

SHA256
2de0dc2bff51eaba25009b99a494f239e04823416238d42ae2a7629335ed4c62

SHA512
b23407172d7b7f89acb30248d1d9a6f84cb8331973b20781a3d07962b869ecdb253d5d31c71cbbb4b90aeb08594eb0c0617180859ce03d1f9386101baf815cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe

Filesize
184KB

MD5
f9f34545be8c884288432c969e8026f4

SHA1
299c1e8816545e23f8d6ff9465b2c1281c3ad081

SHA256
162460ac1004c0153c7ee604b2741840c9b95e26c0b418c425cad3433860e081

SHA512
fc0d5ace0f52fb7f82c936a971ab09aa5addfab0c17bda0e5c9348ef42a2381b2980a84a83712695ca882afa6d07941a7ba59f53f4aad7c3f86b26d46224d391

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe

Filesize
184KB

MD5
c674cedeb68b7f6eed8a26cff9c3650e

SHA1
f5de6646c3e6eae88c66b4bf7efa335766bc8e8b

SHA256
31c3ba699bd4fce07682960fc2a0cf8abdf1985d2565cf1e1ad401e74dfde6c5

SHA512
6a79417ff0797b12657784c329397e9b432a4da98edd8faade64509adc71ff06e3774ff229f9992329cf21c988f2e0df48c72a1c3afdd4e0abbccbc481b72d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe

Filesize
184KB

MD5
e11067508036ae0674b4bc216d752400

SHA1
249b7b40b923c9161aad805493a34b05e83d6cca

SHA256
fafe4c22cdf9ed4826714747b60f4636a0a3c0fb784795f3006c6eed249d78b7

SHA512
6359f84421ce7cd717d6c4bc162b54a4a0b7775911e28d509914ff70aef51ea51e82a9cb1a7cc7707d4f44d43272ac3a907222cea2b3036e46f428c83de68893

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe

Filesize
184KB

MD5
55aeb6fe8301f47e1d37d9da98505f20

SHA1
6cecb970663a40090908043c3f4b6891413e59b1

SHA256
b2b7a2558672de2da583cbdaec1796ca3b6aff2d6f1b2e76591aef1ae8966c30

SHA512
4c1e6dc5289e3072db2521d9d9dd96518f59a607c93fad2908438b230248c751cd0c1066f6c1165e72c13ae999c816cf2e53fb54cc134415abbf52acaf04ed09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe

Filesize
184KB

MD5
ef4222bcc01ccbc1516fdf0c8d74a207

SHA1
7ff03b97873c4c2872d3f21efb5fc0eda667ccfc

SHA256
699afcd566d102060b5f0fba4cc806f459a5938cb6d4497ac120b5eb2ac60c2d

SHA512
7a53610c84176a313feeec84cf3a4f94056bf4ea111262b8f40ec65af8995e53bb6ddf457ccc234b39c747eef41b5644458e4f59724314964ea6eae92e19e243

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe

Filesize
184KB

MD5
d031d917bc5cb370560a42484b072732

SHA1
2cba54424208050668df76a4a85385dfc66fb4ec

SHA256
0c41eed2efa8f6368dc73430b61b5cefbeaa4df5fab74e82697bf0d52590261b

SHA512
5f8c6ab252ba3b936250045f5b915c5d1d072433335d7c34ffb427676fde485f572979fca1b6f8135bd865b718a092858477b094742a94e5e18ccc87430cd20c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe

Filesize
184KB

MD5
5b7bff78d0bcd7032eaa01a1786ab282

SHA1
3737f581426b05f168173a141c77d32eba001650

SHA256
dafaf915ebf54e1ee9ea08e7d2484303ab3880520cce68b5bef2a21c33631ea3

SHA512
e9178c85708cdb9e4b4a22a6fbb1e211afe34d3a7f4d2e845b7907d1b393051463093bd1b65ad794c14a49c81d2278caa03ebe26c2e0556eb431d5ebe3ac2289

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe

Filesize
184KB

MD5
01bdb8c4ed066e32b5e7ec5edb3b23db

SHA1
6a6554192e9f9ee2febf9363c05e58e88e9167fe

SHA256
1ee82722fd27692143995d62ecb98c99bfc8239e38ec1a47041ed7db17753ad3

SHA512
023d1436f2b4209a7bf69ecf25c7761a51e38d016662c991b1aef4197d69948ad6e6e8d215e0b23faa5f40fbf09d39c72444c8882f4a67f60e32d32fd073a631

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe

Filesize
184KB

MD5
9c7c7635945dec9efb272449bc166725

SHA1
49f1f08bf6aa291f9ef4cad6c50f575de5a3907a

SHA256
3301f147c6740f369023cbc5dd1da132bb3b5971a414e9b2af618de0488c705d

SHA512
4687d0986e054924f01bfbf0fbb5a99d98aa95a5d4f6056e3183550c18cb46bf7f33e822d3be7674ca15d42f48c72e8ff4020bb0601f5f109589b6ccfcc88c23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe

Filesize
184KB

MD5
7645616d6bb05fde65bcfac0f6e5aba4

SHA1
8faaff9482646dbb7f10a5e4821e64bd3b1dacf1

SHA256
37684cd401b86408311795028d05a91bce155213b340b548f02d584d133b189b

SHA512
59b079f8ace3af6380aec988c94922839703d1cf7d3af037f2de5aaee8d32540550ef7f12f4c553161242ae6edd36ab534364680a51e2078edaca612dcea48c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe

Filesize
184KB

MD5
30f5a372ea029782b896e59618ad4629

SHA1
20097c19026b6e21e6dd7eecaead82a6fec24254

SHA256
371fdb737daf6f69d385dec8b94f9260783755458aa54616eaaf7f0df98f6b10

SHA512
8ceb9f64b60b1847ebf90ae9100af3d5bede4637f2ee6f026318cc466924fd18938316b9bd0434e4686828bbdcb8d8bca482a8ab808aa5306a87c160981fbac2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe

Filesize
184KB

MD5
311b87741899395ac752d6e106d3e1d2

SHA1
e6a971946639fea6b408fe2f416236a5fd50443c

SHA256
9eca8fc24ecde117da11f2fec7f258f18fbdc03a3e67ad380f9fa1c76463c76c

SHA512
341cc1c365b30ee0dbadefa67561c0c14dccb44cdd1ce696e232b7fc5abc0a746b8da9165a8715bf8e4ba55b44141d59b49043ac2c5b054b9731be3c78303ff5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe

Filesize
184KB

MD5
e594d2a1276c38d19b81bdfa7068616b

SHA1
993aac539001d8d9d4b10943fe3dd3970c5ed098

SHA256
240be112de7fb9c9a6e8ba3b81636e800b0f8966502abb072e9f7658d4597c5c

SHA512
00c398ae2fa43f5c5ecd3782595dd2d84b66554f2e0bdb3c74e9d973b5c7838f9e91429c04cb4369e9e6b97721b98336d2461d58f047dc044900d71e3b216abf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe

Filesize
184KB

MD5
65e093610844650667b3c06977fc2661

SHA1
ede1828a1c72aa7d61d083a849f64bc16635f854

SHA256
78feec8badafe2369db42c402c410275f5424851fad135ac2aeb5d98720cea04

SHA512
8daf77ece93c280b1d645db27c5cbaa1b0c6466902d22fb22c7f2f4059b5525e70dc3db1cc3af1631d77d7f0ab02fc849f85a71e195a553b1b9e7d83691872c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe

Filesize
184KB

MD5
d289ac7eebf0cfebeb9037d735f040aa

SHA1
9ed6889574369cee14d2ef8b6cd5e6b54a790140

SHA256
883996ecbd70a6b8f7e590e3707dd6e8a6ef77bdb326c03eb4dd69dc96f4ec47

SHA512
2de35e00cc0e8c3dd47fd50d98a7d61bda0b8d0145f9e9c262150d35d33da79e3f584ea5d30b21223d51231b20738ea3e2d54db057dfe684b92ad6383241c68d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe

Filesize
184KB

MD5
7c375d1def3b9ddcadfb1d17dd395d66

SHA1
7c4cedb500d835d81bfcea6272a73095f64335af

SHA256
064ba4bad5fc1215631e08329718aec9f772f0fb8ac4ce53d7f32da890990fbd

SHA512
a613075711c1c346dcb0e5d6591132954722ac3157ba13e8e9184e7821a67563629c048b39a9c41b287ed4be048f03fb4889588e5ad123fd1d6281cead4b6a39

Download Submit