3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
Size

184KB
MD5

07b5fe7422315fed1ba6262872bed9bc
SHA1

3700dceae9f53dde34083cbda8a53e44deb5017e
SHA256

3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9
SHA512

70ddf2f4edc84099b6b4ebf74404200b7f60fb1d293feb89c61888717095ea5f72ef7aec74201ebd27d2a93860f756a6808b0038235d3bf0c3ecc9926151a78d
SSDEEP

3072:KixfY8ofV9oFbFqQenwEcis4hlnVnFgnX:KixoEVFqUEbs4hlnVnFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-60095.exeUnicorn-56094.exeUnicorn-5502.exeUnicorn-54039.exeUnicorn-44802.exeUnicorn-24936.exeUnicorn-63914.exeUnicorn-48969.exeUnicorn-53053.exeUnicorn-2461.exeUnicorn-4646.exeUnicorn-1953.exeUnicorn-57952.exeUnicorn-42170.exeUnicorn-583.exeUnicorn-15528.exeUnicorn-35394.exeUnicorn-33832.exeUnicorn-48222.exeUnicorn-63167.exeUnicorn-36546.exeUnicorn-53629.exeUnicorn-20210.exeUnicorn-56966.exeUnicorn-26240.exeUnicorn-41184.exeUnicorn-10458.exeUnicorn-30324.exeUnicorn-54527.exeUnicorn-3935.exeUnicorn-8040.exeUnicorn-8040.exeUnicorn-22985.exeUnicorn-61325.exeUnicorn-10733.exeUnicorn-65409.exeUnicorn-9986.exeUnicorn-59742.exeUnicorn-36629.exeUnicorn-38575.exeUnicorn-7848.exeUnicorn-42659.exeUnicorn-22793.exeUnicorn-16017.exeUnicorn-30961.exeUnicorn-19800.exeUnicorn-34744.exeUnicorn-54610.exeUnicorn-40988.exeUnicorn-25206.exeUnicorn-51102.exeUnicorn-26406.exeUnicorn-14708.exeUnicorn-10069.exeUnicorn-39212.exeUnicorn-36520.exeUnicorn-51465.exeUnicorn-42742.exeUnicorn-26960.exeUnicorn-20184.exeUnicorn-57708.exeUnicorn-37842.exeUnicorn-61792.exeUnicorn-31066.exe

pid	process
2292	Unicorn-60095.exe
2748	Unicorn-56094.exe
2644	Unicorn-5502.exe
2104	Unicorn-54039.exe
2740	Unicorn-44802.exe
380	Unicorn-24936.exe
2524	Unicorn-63914.exe
2792	Unicorn-48969.exe
2744	Unicorn-53053.exe
3020	Unicorn-2461.exe
1448	Unicorn-4646.exe
1664	Unicorn-1953.exe
2076	Unicorn-57952.exe
2884	Unicorn-42170.exe
2140	Unicorn-583.exe
2936	Unicorn-15528.exe
1264	Unicorn-35394.exe
556	Unicorn-33832.exe
920	Unicorn-48222.exe
1084	Unicorn-63167.exe
2204	Unicorn-36546.exe
1560	Unicorn-53629.exe
1384	Unicorn-20210.exe
2976	Unicorn-56966.exe
1672	Unicorn-26240.exe
2376	Unicorn-41184.exe
2932	Unicorn-10458.exe
988	Unicorn-30324.exe
2052	Unicorn-54527.exe
1340	Unicorn-3935.exe
1060	Unicorn-8040.exe
2396	Unicorn-8040.exe
2148	Unicorn-22985.exe
2652	Unicorn-61325.exe
2564	Unicorn-10733.exe
2648	Unicorn-65409.exe
2556	Unicorn-9986.exe
2580	Unicorn-59742.exe
2624	Unicorn-36629.exe
1764	Unicorn-38575.exe
2860	Unicorn-7848.exe
2016	Unicorn-42659.exe
2880	Unicorn-22793.exe
348	Unicorn-16017.exe
1704	Unicorn-30961.exe
1752	Unicorn-19800.exe
2284	Unicorn-34744.exe
2372	Unicorn-54610.exe
1168	Unicorn-40988.exe
1660	Unicorn-25206.exe
2040	Unicorn-51102.exe
1928	Unicorn-26406.exe
1668	Unicorn-14708.exe
1736	Unicorn-10069.exe
2232	Unicorn-39212.exe
2256	Unicorn-36520.exe
2264	Unicorn-51465.exe
2844	Unicorn-42742.exe
2144	Unicorn-26960.exe
2572	Unicorn-20184.exe
2816	Unicorn-57708.exe
2824	Unicorn-37842.exe
2828	Unicorn-61792.exe
2028	Unicorn-31066.exe

Loads dropped DLL 64 IoCs

Processes:

3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exeUnicorn-60095.exeUnicorn-56094.exeUnicorn-5502.exeWerFault.exeUnicorn-24936.exeUnicorn-54039.exeWerFault.exeWerFault.exeUnicorn-44802.exeUnicorn-63914.exeUnicorn-53053.exeUnicorn-48969.exeUnicorn-2461.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
2292	Unicorn-60095.exe
2292	Unicorn-60095.exe
2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
2748	Unicorn-56094.exe
2748	Unicorn-56094.exe
2292	Unicorn-60095.exe
2644	Unicorn-5502.exe
2644	Unicorn-5502.exe
2292	Unicorn-60095.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
2644	Unicorn-5502.exe
380	Unicorn-24936.exe
2644	Unicorn-5502.exe
380	Unicorn-24936.exe
2104	Unicorn-54039.exe
2104	Unicorn-54039.exe
2748	Unicorn-56094.exe
2748	Unicorn-56094.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
2336	WerFault.exe
2000	WerFault.exe
2740	Unicorn-44802.exe
2740	Unicorn-44802.exe
2524	Unicorn-63914.exe
2524	Unicorn-63914.exe
2744	Unicorn-53053.exe
2744	Unicorn-53053.exe
2104	Unicorn-54039.exe
2104	Unicorn-54039.exe
2792	Unicorn-48969.exe
2792	Unicorn-48969.exe
380	Unicorn-24936.exe
3020	Unicorn-2461.exe
380	Unicorn-24936.exe
3020	Unicorn-2461.exe
1500	WerFault.exe
584	WerFault.exe
1500	WerFault.exe
584	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
1500	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2760	2420	WerFault.exe	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
3004	2292	WerFault.exe	Unicorn-60095.exe
2000	2748	WerFault.exe	Unicorn-56094.exe
2336	2644	WerFault.exe	Unicorn-5502.exe
584	380	WerFault.exe	Unicorn-24936.exe
1500	2740	WerFault.exe	Unicorn-44802.exe
1916	2104	WerFault.exe	Unicorn-54039.exe
876	2140	WerFault.exe	Unicorn-583.exe
1520	2524	WerFault.exe	Unicorn-63914.exe
3064	2744	WerFault.exe	Unicorn-53053.exe
2724	2792	WerFault.exe	Unicorn-48969.exe
2356	3020	WerFault.exe	Unicorn-2461.exe
2512	2976	WerFault.exe	Unicorn-56966.exe
1696	1448	WerFault.exe	Unicorn-4646.exe
1564	1664	WerFault.exe	Unicorn-1953.exe
332	2076	WerFault.exe	Unicorn-57952.exe
408	2884	WerFault.exe	Unicorn-42170.exe
356	1264	WerFault.exe	Unicorn-35394.exe
2084	2936	WerFault.exe	Unicorn-15528.exe
1524	2648	WerFault.exe	Unicorn-65409.exe
2904	2624	WerFault.exe	Unicorn-36629.exe
1976	556	WerFault.exe	Unicorn-33832.exe
600	920	WerFault.exe	Unicorn-48222.exe
680	1084	WerFault.exe	Unicorn-63167.exe
572	2204	WerFault.exe	Unicorn-36546.exe
2968	1560	WerFault.exe	Unicorn-53629.exe
1624	1384	WerFault.exe	Unicorn-20210.exe
2700	1708	WerFault.exe	Unicorn-64506.exe
2608	2932	WerFault.exe	Unicorn-10458.exe
2568	1672	WerFault.exe	Unicorn-26240.exe
2304	2376	WerFault.exe	Unicorn-41184.exe
2892	988	WerFault.exe	Unicorn-30324.exe
1680	3000	WerFault.exe	Unicorn-31066.exe
2332	2052	WerFault.exe	Unicorn-54527.exe
1904	2028	WerFault.exe	Unicorn-31066.exe
2288	1340	WerFault.exe	Unicorn-3935.exe
2328	2396	WerFault.exe	Unicorn-8040.exe
3092	2148	WerFault.exe	Unicorn-22985.exe
3108	2556	WerFault.exe	Unicorn-9986.exe
3124	2564	WerFault.exe	Unicorn-10733.exe
3132	2652	WerFault.exe	Unicorn-61325.exe
3188	1060	WerFault.exe	Unicorn-8040.exe
3212	348	WerFault.exe	Unicorn-16017.exe
3668	2860	WerFault.exe	Unicorn-7848.exe
3704	1704	WerFault.exe	Unicorn-30961.exe
3728	2580	WerFault.exe	Unicorn-59742.exe
3816	2880	WerFault.exe	Unicorn-22793.exe
3824	1764	WerFault.exe	Unicorn-38575.exe
3896	2016	WerFault.exe	Unicorn-42659.exe
3616	1752	WerFault.exe	Unicorn-19800.exe
3428	2256	WerFault.exe	Unicorn-36520.exe
3488	2372	WerFault.exe	Unicorn-54610.exe
3688	2264	WerFault.exe	Unicorn-51465.exe
3744	2844	WerFault.exe	Unicorn-42742.exe
3880	2344	WerFault.exe	Unicorn-39234.exe
3936	2828	WerFault.exe	Unicorn-61792.exe
3660	1660	WerFault.exe	Unicorn-25206.exe
4068	2284	WerFault.exe	Unicorn-34744.exe
3344	1928	WerFault.exe	Unicorn-26406.exe
3484	2040	WerFault.exe	Unicorn-51102.exe
3592	1736	WerFault.exe	Unicorn-10069.exe
3764	868	WerFault.exe	Unicorn-230.exe
3852	2816	WerFault.exe	Unicorn-57708.exe
3080	1856	WerFault.exe	Unicorn-11413.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exeUnicorn-60095.exeUnicorn-56094.exeUnicorn-5502.exeUnicorn-24936.exeUnicorn-44802.exeUnicorn-54039.exeUnicorn-63914.exeUnicorn-53053.exeUnicorn-48969.exeUnicorn-2461.exeUnicorn-4646.exeUnicorn-1953.exeUnicorn-57952.exeUnicorn-42170.exeUnicorn-583.exeUnicorn-35394.exeUnicorn-15528.exeUnicorn-33832.exeUnicorn-48222.exeUnicorn-63167.exeUnicorn-36546.exeUnicorn-53629.exeUnicorn-20210.exeUnicorn-56966.exeUnicorn-26240.exeUnicorn-41184.exeUnicorn-10458.exeUnicorn-30324.exeUnicorn-54527.exeUnicorn-3935.exeUnicorn-8040.exeUnicorn-8040.exeUnicorn-22985.exeUnicorn-61325.exeUnicorn-10733.exeUnicorn-65409.exeUnicorn-9986.exeUnicorn-59742.exeUnicorn-36629.exeUnicorn-38575.exeUnicorn-42659.exeUnicorn-7848.exeUnicorn-22793.exeUnicorn-16017.exeUnicorn-30961.exeUnicorn-19800.exeUnicorn-34744.exeUnicorn-54610.exeUnicorn-40988.exeUnicorn-25206.exeUnicorn-51102.exeUnicorn-26406.exeUnicorn-14708.exeUnicorn-10069.exeUnicorn-39212.exeUnicorn-36520.exeUnicorn-51465.exeUnicorn-42742.exeUnicorn-26960.exeUnicorn-20184.exeUnicorn-57708.exeUnicorn-37842.exeUnicorn-31066.exe

pid	process
2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
2292	Unicorn-60095.exe
2748	Unicorn-56094.exe
2644	Unicorn-5502.exe
380	Unicorn-24936.exe
2740	Unicorn-44802.exe
2104	Unicorn-54039.exe
2524	Unicorn-63914.exe
2744	Unicorn-53053.exe
2792	Unicorn-48969.exe
3020	Unicorn-2461.exe
1448	Unicorn-4646.exe
1664	Unicorn-1953.exe
2076	Unicorn-57952.exe
2884	Unicorn-42170.exe
2140	Unicorn-583.exe
1264	Unicorn-35394.exe
2936	Unicorn-15528.exe
556	Unicorn-33832.exe
920	Unicorn-48222.exe
1084	Unicorn-63167.exe
2204	Unicorn-36546.exe
1560	Unicorn-53629.exe
1384	Unicorn-20210.exe
2976	Unicorn-56966.exe
1672	Unicorn-26240.exe
2376	Unicorn-41184.exe
2932	Unicorn-10458.exe
988	Unicorn-30324.exe
2052	Unicorn-54527.exe
1340	Unicorn-3935.exe
1060	Unicorn-8040.exe
2396	Unicorn-8040.exe
2148	Unicorn-22985.exe
2652	Unicorn-61325.exe
2564	Unicorn-10733.exe
2648	Unicorn-65409.exe
2556	Unicorn-9986.exe
2580	Unicorn-59742.exe
2624	Unicorn-36629.exe
1764	Unicorn-38575.exe
2016	Unicorn-42659.exe
2860	Unicorn-7848.exe
2880	Unicorn-22793.exe
348	Unicorn-16017.exe
1704	Unicorn-30961.exe
1752	Unicorn-19800.exe
2284	Unicorn-34744.exe
2372	Unicorn-54610.exe
1168	Unicorn-40988.exe
1660	Unicorn-25206.exe
2040	Unicorn-51102.exe
1928	Unicorn-26406.exe
1668	Unicorn-14708.exe
1736	Unicorn-10069.exe
2232	Unicorn-39212.exe
2256	Unicorn-36520.exe
2264	Unicorn-51465.exe
2844	Unicorn-42742.exe
2144	Unicorn-26960.exe
2572	Unicorn-20184.exe
2816	Unicorn-57708.exe
2824	Unicorn-37842.exe
2028	Unicorn-31066.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exeUnicorn-60095.exeUnicorn-56094.exeUnicorn-5502.exeUnicorn-24936.exeUnicorn-54039.exeUnicorn-44802.exeUnicorn-63914.exe

description	pid	process	target process
PID 2420 wrote to memory of 2292	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-60095.exe
PID 2420 wrote to memory of 2292	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-60095.exe
PID 2420 wrote to memory of 2292	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-60095.exe
PID 2420 wrote to memory of 2292	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-60095.exe
PID 2292 wrote to memory of 2748	2292	Unicorn-60095.exe	Unicorn-56094.exe
PID 2292 wrote to memory of 2748	2292	Unicorn-60095.exe	Unicorn-56094.exe
PID 2292 wrote to memory of 2748	2292	Unicorn-60095.exe	Unicorn-56094.exe
PID 2292 wrote to memory of 2748	2292	Unicorn-60095.exe	Unicorn-56094.exe
PID 2420 wrote to memory of 2644	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-5502.exe
PID 2420 wrote to memory of 2644	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-5502.exe
PID 2420 wrote to memory of 2644	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-5502.exe
PID 2420 wrote to memory of 2644	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	Unicorn-5502.exe
PID 2420 wrote to memory of 2760	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	WerFault.exe
PID 2420 wrote to memory of 2760	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	WerFault.exe
PID 2420 wrote to memory of 2760	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	WerFault.exe
PID 2420 wrote to memory of 2760	2420	3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe	WerFault.exe
PID 2748 wrote to memory of 2104	2748	Unicorn-56094.exe	Unicorn-54039.exe
PID 2748 wrote to memory of 2104	2748	Unicorn-56094.exe	Unicorn-54039.exe
PID 2748 wrote to memory of 2104	2748	Unicorn-56094.exe	Unicorn-54039.exe
PID 2748 wrote to memory of 2104	2748	Unicorn-56094.exe	Unicorn-54039.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-5502.exe	Unicorn-44802.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-5502.exe	Unicorn-44802.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-5502.exe	Unicorn-44802.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-5502.exe	Unicorn-44802.exe
PID 2292 wrote to memory of 380	2292	Unicorn-60095.exe	Unicorn-24936.exe
PID 2292 wrote to memory of 380	2292	Unicorn-60095.exe	Unicorn-24936.exe
PID 2292 wrote to memory of 380	2292	Unicorn-60095.exe	Unicorn-24936.exe
PID 2292 wrote to memory of 380	2292	Unicorn-60095.exe	Unicorn-24936.exe
PID 2292 wrote to memory of 3004	2292	Unicorn-60095.exe	WerFault.exe
PID 2292 wrote to memory of 3004	2292	Unicorn-60095.exe	WerFault.exe
PID 2292 wrote to memory of 3004	2292	Unicorn-60095.exe	WerFault.exe
PID 2292 wrote to memory of 3004	2292	Unicorn-60095.exe	WerFault.exe
PID 2644 wrote to memory of 2524	2644	Unicorn-5502.exe	Unicorn-63914.exe
PID 2644 wrote to memory of 2524	2644	Unicorn-5502.exe	Unicorn-63914.exe
PID 2644 wrote to memory of 2524	2644	Unicorn-5502.exe	Unicorn-63914.exe
PID 2644 wrote to memory of 2524	2644	Unicorn-5502.exe	Unicorn-63914.exe
PID 380 wrote to memory of 2792	380	Unicorn-24936.exe	Unicorn-48969.exe
PID 380 wrote to memory of 2792	380	Unicorn-24936.exe	Unicorn-48969.exe
PID 380 wrote to memory of 2792	380	Unicorn-24936.exe	Unicorn-48969.exe
PID 380 wrote to memory of 2792	380	Unicorn-24936.exe	Unicorn-48969.exe
PID 2104 wrote to memory of 2744	2104	Unicorn-54039.exe	Unicorn-53053.exe
PID 2104 wrote to memory of 2744	2104	Unicorn-54039.exe	Unicorn-53053.exe
PID 2104 wrote to memory of 2744	2104	Unicorn-54039.exe	Unicorn-53053.exe
PID 2104 wrote to memory of 2744	2104	Unicorn-54039.exe	Unicorn-53053.exe
PID 2748 wrote to memory of 3020	2748	Unicorn-56094.exe	Unicorn-2461.exe
PID 2748 wrote to memory of 3020	2748	Unicorn-56094.exe	Unicorn-2461.exe
PID 2748 wrote to memory of 3020	2748	Unicorn-56094.exe	Unicorn-2461.exe
PID 2748 wrote to memory of 3020	2748	Unicorn-56094.exe	Unicorn-2461.exe
PID 2748 wrote to memory of 2000	2748	Unicorn-56094.exe	WerFault.exe
PID 2748 wrote to memory of 2000	2748	Unicorn-56094.exe	WerFault.exe
PID 2748 wrote to memory of 2000	2748	Unicorn-56094.exe	WerFault.exe
PID 2748 wrote to memory of 2000	2748	Unicorn-56094.exe	WerFault.exe
PID 2644 wrote to memory of 2336	2644	Unicorn-5502.exe	WerFault.exe
PID 2644 wrote to memory of 2336	2644	Unicorn-5502.exe	WerFault.exe
PID 2644 wrote to memory of 2336	2644	Unicorn-5502.exe	WerFault.exe
PID 2644 wrote to memory of 2336	2644	Unicorn-5502.exe	WerFault.exe
PID 2740 wrote to memory of 1448	2740	Unicorn-44802.exe	Unicorn-4646.exe
PID 2740 wrote to memory of 1448	2740	Unicorn-44802.exe	Unicorn-4646.exe
PID 2740 wrote to memory of 1448	2740	Unicorn-44802.exe	Unicorn-4646.exe
PID 2740 wrote to memory of 1448	2740	Unicorn-44802.exe	Unicorn-4646.exe
PID 2524 wrote to memory of 1664	2524	Unicorn-63914.exe	Unicorn-1953.exe
PID 2524 wrote to memory of 1664	2524	Unicorn-63914.exe	Unicorn-1953.exe
PID 2524 wrote to memory of 1664	2524	Unicorn-63914.exe	Unicorn-1953.exe
PID 2524 wrote to memory of 1664	2524	Unicorn-63914.exe	Unicorn-1953.exe

C:\Users\Admin\AppData\Local\Temp\3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe
"C:\Users\Admin\AppData\Local\Temp\3b01575e1eabc47d624036872427608d55bc28197caa8dc35c6816f04ec540d9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
10⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
11⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
12⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
13⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
14⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
15⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
15⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
14⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
13⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
12⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
11⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
10⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
11⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
12⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
13⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
14⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
13⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
12⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
11⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
10⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
9⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
11⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
12⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
13⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
14⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
14⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
13⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
12⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
11⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
10⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 220
9⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
9⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
11⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
12⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
13⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
14⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
15⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 216
15⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
14⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 236
13⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
12⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
11⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
9⤵
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 220
10⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
9⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
8⤵
- Program crash
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
8⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
11⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
12⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
13⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
12⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
11⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
9⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
8⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
7⤵
- Program crash
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
8⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
11⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
12⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
13⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 216
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
10⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
9⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
- Program crash
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
7⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
6⤵
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
9⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
10⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
11⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
12⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
13⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
14⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
14⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
13⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
12⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
11⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
10⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
11⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
12⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
13⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
14⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
13⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
12⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
9⤵
- Program crash
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
12⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
13⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
14⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 236
13⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
9⤵
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
8⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
11⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
12⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
13⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
14⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 236
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
12⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
11⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
11⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 236
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
10⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
8⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
7⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
11⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
12⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
13⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
13⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
12⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
9⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
8⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-7199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7199.exe
7⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
10⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 216
12⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 236
10⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
7⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
6⤵
- Program crash
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
9⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
10⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
11⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
12⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
13⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
14⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 236
14⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 236
13⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
12⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
11⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
11⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
12⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
13⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
12⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
8⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
11⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
12⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 236
13⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
9⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
8⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
12⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
13⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
13⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
10⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
11⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
12⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
12⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
11⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
8⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 220
7⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
11⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
12⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
13⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
12⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
10⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
11⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
12⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 236
11⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
8⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
7⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
10⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
12⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 236
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
11⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
8⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
6⤵
- Program crash
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
7⤵
- Executes dropped EXE
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
8⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
9⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
10⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
11⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
12⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 216
9⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
- Program crash
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
7⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
9⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
10⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
11⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
12⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 216
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 236
11⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
10⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
9⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
8⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
6⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
11⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
12⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
12⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
11⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
10⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
7⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
8⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
9⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
10⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
11⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
10⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
9⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
8⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
6⤵
- Program crash
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
5⤵
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
9⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
10⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
11⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
12⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
13⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
14⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
14⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
13⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
12⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
11⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
10⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
9⤵
- Program crash
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
8⤵
- Program crash
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
7⤵
- Program crash
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
6⤵
- Program crash
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
7⤵
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
8⤵
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
7⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
11⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
12⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 236
12⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
11⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
10⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
8⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
7⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
6⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
9⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
10⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
11⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
12⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
11⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
9⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
7⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
9⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
10⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
11⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 216
11⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 236
10⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
8⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
7⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
6⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
5⤵
- Program crash
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-30324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30324.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
8⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
11⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
12⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
13⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
14⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 216
14⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
13⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
12⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 224
12⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
11⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
7⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
10⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
11⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
12⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
13⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
8⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
7⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
6⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
11⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
10⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
8⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
9⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
10⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
11⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
10⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
9⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
8⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
6⤵
- Program crash
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
6⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
11⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 216
12⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
9⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
8⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
7⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
6⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
7⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
8⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
9⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
10⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
11⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
11⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
10⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
8⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
7⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
6⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
5⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
8⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
13⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
12⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
9⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
8⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
7⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
12⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
13⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
10⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
11⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 216
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
8⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
- Program crash
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
7⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
10⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
11⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
12⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
11⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
9⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
8⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
9⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
10⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
11⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 236
11⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
10⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
9⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
8⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
7⤵
- Program crash
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
6⤵
- Program crash
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
7⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
10⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
11⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
11⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
9⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
10⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
11⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
7⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
6⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
7⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16479.exe
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-62467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62467.exe
9⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
10⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
11⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 236
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
10⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
9⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
8⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
7⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
6⤵
- Program crash
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
5⤵
- Program crash
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-48222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48222.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
8⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
11⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
12⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 236
11⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-43956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43956.exe
7⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
11⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-49528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49528.exe
12⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
12⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
11⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
8⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
7⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
10⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
11⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
12⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
11⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
8⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
7⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
8⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
9⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
10⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
11⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
12⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
12⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
10⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
9⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
8⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
6⤵
- Program crash
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-16967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16967.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
11⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
12⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
13⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
10⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
9⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
7⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
10⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
11⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
12⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
11⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
9⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
8⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
7⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
6⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
9⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
10⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
11⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
9⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
7⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
6⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
5⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
7⤵
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 188
8⤵
- Program crash
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
7⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
6⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
7⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
10⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
11⤵
PID:10280

C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
12⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
9⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
8⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
7⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 220
6⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-25206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25206.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exe
6⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
9⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
10⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
11⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
11⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
10⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 236
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
8⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
6⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
7⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-41663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41663.exe
8⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
9⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
10⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
11⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
10⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
9⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
8⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
7⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
6⤵
- Program crash
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 220
5⤵
- Program crash
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
4⤵
- Program crash
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
2⤵
- Program crash
PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe

Filesize
184KB

MD5
85bc1925678e96d3b6e44c5adcd74af8

SHA1
a3272f34335023bb059583b77589f8e593122c5c

SHA256
628116861861b885a1734088853568adfc0b76a4a251f42d1ea81904872ae62c

SHA512
2780ef274ce1569bbcb61428bc867732caf74cad635655c54575cc3ba6ca487f3529a055692c95c690075d416291dad3c645cd88e70f24cae343af2a18a7d6a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe

Filesize
184KB

MD5
b2ee9ec8c75b8b273532790fb0111ead

SHA1
80f995dfa8e099b821755e663958d408dedb6eab

SHA256
bbf6716200a5d4aceb73653260b02b3ab3b6dc085a6c4d0ea62263618e7ac596

SHA512
cee9e4557f917d7fb6f8d55e1ee667cc9cecde401f9ffb2a412bf727f1b3bfc973b8717d7b78a0037e3bd73dc9018a3dab945268f52514fe07ca810eb2b16611

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe

Filesize
184KB

MD5
314228a555e263c14097d94a268a5f58

SHA1
f410e051d559ee96d144688c9a3fd33624bcbaea

SHA256
667baa657aa9fc80846de306207768f7d859ea11e60fd27b237775d8c08d3e8e

SHA512
03415d6b4fb6a414a82841eda60726f4036e409b3de145bde60c04710b70fd212eaff682a2682a941f24109b07778d8671d8a3e022bb2c701078deef45b739a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe

Filesize
184KB

MD5
fee89654c0d024fff4de3d2f2dcdf965

SHA1
6de2cd2cb324289453136a5ecdc6ae90f99e6aae

SHA256
2e5010c96566a92ab78d1dfed46f1aaeaeec6b90de934d458f888db18f52500e

SHA512
885eb1634d5d2e9f61665b7a73f50da16232772b1922ddf845e4d842133859e99ee2750d2351f8690ceec83bd303c79accdb3923043e243605c482a86776d3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe

Filesize
184KB

MD5
f6b0720a3e1cedb51eced3540a1f3add

SHA1
c9460a10d771314fd58c33185d5396e9bd14a695

SHA256
67bc8eae208c6bc38af4b0ba76a1be5006cc152a3ae5a32c0f01bef340f6e7ca

SHA512
f901b14180de5c76141b0fa5e9220145b791b1546fd4f5dc7a20a90a8d3df3a65d0cc44ace888c471c92553f87455d5845dd541cd71c6b1d29ac3a9033978a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe

Filesize
184KB

MD5
fd3aef62b1921d2df0a7faeacf48e44e

SHA1
e9a55e7b5ec173d8ade154521f9eba1c8f9b23eb

SHA256
9d92a3a18fc32cd06ccb78bd6dc498f17cc947aca9ff09419633bb20506a6e2b

SHA512
6b63e7c44697f49a419ff4c529bd180e3c2b8a5320415c4d160a28949a32cdde3ad2b4266ce53870b6029a8600bf3b75b16806ce9790a1e9bb052758c97feac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe

Filesize
184KB

MD5
5ff50bbb789a253686ea1f272615bbf0

SHA1
431fe70904b2eb15ac65633c45404cad9ef19bc8

SHA256
b8b4f61ceb206e08b693ca4f54d9d5605c7242fe12036f0a9c6a58d9546ad90a

SHA512
6f74694893d501473e35d3736efc72d86b2494d819989cdbbb6fab383175160136cb047cb4f49eb2b98da439216aaad4dae3249d573a918a6e0ec2dedce2afd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe

Filesize
184KB

MD5
3151fb400321eb90d92f0db82f10fd63

SHA1
50695f5547cc38d5dac2e4758392c7d98da64272

SHA256
692b2581e4aaff9b0c08672b184f37934196fd48da8dd3f3f8434d87d3b1b0f2

SHA512
c61b34447e7f1fcdf0cd23032573f5850a6a043992b084018ef6f37564208cccb09a1ed6b070f14471886288077d874dbdafc831c8a5a8872a7cd090b390b80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe

Filesize
184KB

MD5
16af2da6635a2fb59312b02a1ec4145a

SHA1
abcff389a4508335f7d0456c7a7c6c3a878a0f58

SHA256
e2a6469d331a38a99e7748b93f3c05593e7eb3d748e32ef735f91a8c9fa9b901

SHA512
74ab12e2dfa1ea6abc2030cb68d63d0c39b5a42608cc0f9670299a072548a10302d0ddff35ede285ecc546d40f93cbb5ebc54d7ea4901880bf8151e16c3de669

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe

Filesize
184KB

MD5
8731f8c96fa7609d2884f37a5bc495b5

SHA1
a6e5a8b44dcd9751f1e0613d5587b262f08e2498

SHA256
84611bf104365d4831ba5153853d254fecade0b777b89cec75ac9e56fd003dd3

SHA512
685b22f32f9eeebf7dfc09fd6bf2d3549c8aa6c627a59ac25dc508ae04a27ba10256c2dbb71f2f97627efeb85d827c8f7589c1aaf287822c41389b89a6aaab4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe

Filesize
184KB

MD5
b0319720ff293e8c54309aa61eaff915

SHA1
50e718642c6f7b442fc711816b3bd8a27a22af4d

SHA256
62d73b76339039dbc8623d73f73e0264d5ccf1084a7eecf33d14d879f03b4d82

SHA512
9a2d89d3d182dd91011697ec25a25bb1af5648e0f1f25caa9f717564df537fa1fafc011d6777333642116ed36f7c6d1e6263863e3c55d067ef38bfe2fa4124a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe

Filesize
184KB

MD5
3513440c0b009df92e62a02860820182

SHA1
c9b0d9257e2f21d07c6f14c3a50070172eee1ee4

SHA256
4c96b7b4dd79c5a00cabf59b1e98e42997f3d80b883c18e22b5a7fecaeff4033

SHA512
8e95b286ded813409e6ddbfef457716815d7f19339b9f4f4a3482103c9b70ee19c73e72d765c846fe4321e3aaa80009688d92a2a96f4b297fac2bd59e5e78b1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe

Filesize
184KB

MD5
3373e85f7363bd5c6496b153f15ca2df

SHA1
25df7950202ea8e8a27a846c5a9387887b07a297

SHA256
a98dc61f7d1f0b2387d85f55515d8985c159d86c220ac09f97acfbb3cebd4dff

SHA512
82880cf4c7a92f19e28567b02ec27d83690fc1722403c7c042a9d7ee6d775dfa59e81f47443f93c1e4acb1d0e415a6fd21ec971e693175a99cb87eb19de9b374

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe

Filesize
184KB

MD5
3e6a181bc0f78bf648a258c50f7a908a

SHA1
0a55d68896b12f9a44409476d2ef40b03030fdcd

SHA256
5e8209e80552ef2c5e53daab4bb023602eb185894588445672f25f7cf0c1f819

SHA512
b8b305f3dd227266a9019779bf4a1739181dfb94a7e3baa8216fd5c66c0f3d2ee3af5594135a84bd1cc0dce55ecbb57ef8c3ed6419122f146386d650fce4aa59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe

Filesize
184KB

MD5
ed4c8f56bab1dd937b7baa7caf731cf4

SHA1
a4410b29d7514f4892bb45578691803c6de6b35e

SHA256
99400c62756ea6758091baaa77bc1565b8f2815f0475a94bbbb17164dab5b59d

SHA512
8dab072783cdb3d5fff8868058b3b8454f4e30adbcde938b459f09619f05d14b08d2f079e8f58df356d7e619fdb5f4f84bcead75df33cdb163cf4c9d8caaa870

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe

Filesize
184KB

MD5
83b6f1cc7c91140db5b305dae534ebd0

SHA1
99e9ead257ac5e2a8d82dc01a33aac91d559ce40

SHA256
2f9338aef37093f87c72519e7c82f6b437b0db15e613855457802dc164aea589

SHA512
f98ba696cda0a713b5182e2f822160ff5a6da74dd2a9655bf74a179a15ca735cdb161d9853edde1ad7b1ac0b0f71fe66829db427bebefe6d6efc54726e6f7788

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe

Filesize
184KB

MD5
8d679bb368469c4e13177908998ac1f1

SHA1
edd4568a53b3b066617373dabc536518f8f11bb7

SHA256
c8e63e4b5f2f13ed02b4b6d0a596457f70f48234ff0a403f8daa1300ea803032

SHA512
9d8de2bdbeb8089e879ca163b21b4c18e922c3d54255327396aba2704c278a1cd68894e509ad8bd22793a67f401530b7f2f7b17e2609b03dc248913ba15fc1bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe

Filesize
184KB

MD5
d0013ad61d9c2a300b72d1f0397a8a32

SHA1
11ed0881254f34bc200516a4195e8a0706d6913e

SHA256
91a7be361c944b2d7f097f811b65b722c329a05e61187f2f69d0c006772e54e2

SHA512
7dea784e4807e40f275e46745a6a33e28a07b8f846cfd5a0ef11bef25c0de6dfb5dc8143e937475f7a60888956624c393cf3a6c8be39de5f3439fef6caa21294

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe

Filesize
184KB

MD5
f5e1a470e1e019b81a8eb7796120cc0a

SHA1
b2cd3980ad8ddf5537648d5a2c2909b8656a84dd

SHA256
cb35c9519e037134f084ab8d70674b25aea166f374546c53fe99243a1cbc2f37

SHA512
0d7f8e7a5a739df380e981a880ade361babb2c9eb04fe93bc434fc2c399f80e7012f89081fc1a18b4758aaa1b0e46d2e315c2c473d614ddd72698148ce57a08d

Download Submit