3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
Size

184KB
MD5

9b4d376f3466f815d9089b0ad5d1dec5
SHA1

6a139c93e4f8c8db0ab6f8a161caf3c4e6ff64f8
SHA256

3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced
SHA512

8c5101b3fa57f7cbfe0c311685d3e1bd89f0f96e654bde03d5e125621b3c6b5fdb116beb07b9ea5fff4ced7ae5e596a5dc8e26c57ee3477db89f55e533f95ca4
SSDEEP

3072:s9a3BxoJToOTdG4WegwLRKs5hlnViFzn3:s9ionJG4jLYs5hlnViFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-27749.exeUnicorn-56612.exeUnicorn-6020.exeUnicorn-19747.exeUnicorn-54557.exeUnicorn-34691.exeUnicorn-15423.exeUnicorn-46150.exeUnicorn-35289.exeUnicorn-4562.exeUnicorn-478.exeUnicorn-10675.exeUnicorn-25620.exeUnicorn-45486.exeUnicorn-60431.exeUnicorn-31842.exeUnicorn-51708.exeUnicorn-14759.exeUnicorn-50400.exeUnicorn-16981.exeUnicorn-53078.exeUnicorn-11490.exeUnicorn-26435.exeUnicorn-46301.exeUnicorn-50385.exeUnicorn-15574.exeUnicorn-61246.exeUnicorn-34603.exeUnicorn-56607.exeUnicorn-32487.exeUnicorn-62398.exeUnicorn-55621.exeUnicorn-390.exeUnicorn-21365.exeUnicorn-49399.exeUnicorn-64344.exeUnicorn-59705.exeUnicorn-28979.exeUnicorn-33063.exeUnicorn-48008.exeUnicorn-37147.exeUnicorn-37147.exeUnicorn-17281.exeUnicorn-52092.exeUnicorn-52092.exeUnicorn-24402.exeUnicorn-7250.exeUnicorn-8641.exeUnicorn-49674.exeUnicorn-64619.exeUnicorn-9196.exeUnicorn-33146.exeUnicorn-12725.exeUnicorn-47536.exeUnicorn-27670.exeUnicorn-62481.exeUnicorn-22840.exeUnicorn-37784.exeUnicorn-59596.exeUnicorn-9004.exeUnicorn-32954.exeUnicorn-47899.exeUnicorn-17172.exeUnicorn-6311.exe

pid	process
312	Unicorn-27749.exe
1836	Unicorn-56612.exe
2172	Unicorn-6020.exe
2604	Unicorn-19747.exe
2168	Unicorn-54557.exe
2756	Unicorn-34691.exe
3064	Unicorn-15423.exe
1056	Unicorn-46150.exe
2728	Unicorn-35289.exe
2824	Unicorn-4562.exe
2504	Unicorn-478.exe
896	Unicorn-10675.exe
1600	Unicorn-25620.exe
2332	Unicorn-45486.exe
1308	Unicorn-60431.exe
2352	Unicorn-31842.exe
2324	Unicorn-51708.exe
340	Unicorn-14759.exe
1012	Unicorn-50400.exe
2924	Unicorn-16981.exe
2340	Unicorn-53078.exe
2028	Unicorn-11490.exe
960	Unicorn-26435.exe
1664	Unicorn-46301.exe
2088	Unicorn-50385.exe
1964	Unicorn-15574.exe
1828	Unicorn-61246.exe
2204	Unicorn-34603.exe
1940	Unicorn-56607.exe
2016	Unicorn-32487.exe
2900	Unicorn-62398.exe
2384	Unicorn-55621.exe
2584	Unicorn-390.exe
1816	Unicorn-21365.exe
2236	Unicorn-49399.exe
2764	Unicorn-64344.exe
2456	Unicorn-59705.exe
2792	Unicorn-28979.exe
2852	Unicorn-33063.exe
2816	Unicorn-48008.exe
2696	Unicorn-37147.exe
1444	Unicorn-37147.exe
3052	Unicorn-17281.exe
2808	Unicorn-52092.exe
2012	Unicorn-52092.exe
3032	Unicorn-24402.exe
2004	Unicorn-7250.exe
1744	Unicorn-8641.exe
1064	Unicorn-49674.exe
2316	Unicorn-64619.exe
1624	Unicorn-9196.exe
1872	Unicorn-33146.exe
2380	Unicorn-12725.exe
2940	Unicorn-47536.exe
2064	Unicorn-27670.exe
1312	Unicorn-62481.exe
2520	Unicorn-22840.exe
1692	Unicorn-37784.exe
2104	Unicorn-59596.exe
2368	Unicorn-9004.exe
2748	Unicorn-32954.exe
2928	Unicorn-47899.exe
2576	Unicorn-17172.exe
2156	Unicorn-6311.exe

Loads dropped DLL 64 IoCs

Processes:

3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exeUnicorn-27749.exeUnicorn-56612.exeUnicorn-6020.exeWerFault.exeUnicorn-19747.exeUnicorn-54557.exeUnicorn-34691.exeWerFault.exeUnicorn-478.exeUnicorn-15423.exeUnicorn-46150.exeUnicorn-4562.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-35289.exeUnicorn-45486.exe

pid	process
1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
312	Unicorn-27749.exe
312	Unicorn-27749.exe
1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
1836	Unicorn-56612.exe
1836	Unicorn-56612.exe
2172	Unicorn-6020.exe
2172	Unicorn-6020.exe
312	Unicorn-27749.exe
312	Unicorn-27749.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
1836	Unicorn-56612.exe
2604	Unicorn-19747.exe
2172	Unicorn-6020.exe
1836	Unicorn-56612.exe
2172	Unicorn-6020.exe
2168	Unicorn-54557.exe
2604	Unicorn-19747.exe
2168	Unicorn-54557.exe
2756	Unicorn-34691.exe
2756	Unicorn-34691.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2504	Unicorn-478.exe
2604	Unicorn-19747.exe
2504	Unicorn-478.exe
2604	Unicorn-19747.exe
3064	Unicorn-15423.exe
3064	Unicorn-15423.exe
2168	Unicorn-54557.exe
2168	Unicorn-54557.exe
2756	Unicorn-34691.exe
2756	Unicorn-34691.exe
1056	Unicorn-46150.exe
1056	Unicorn-46150.exe
2824	Unicorn-4562.exe
2824	Unicorn-4562.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
1260	WerFault.exe
1260	WerFault.exe
1260	WerFault.exe
1260	WerFault.exe
1260	WerFault.exe
2728	Unicorn-35289.exe
2728	Unicorn-35289.exe
2332	Unicorn-45486.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2644	1512	WerFault.exe	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
2688	312	WerFault.exe	Unicorn-27749.exe
2864	1836	WerFault.exe	Unicorn-56612.exe
1864	2604	WerFault.exe	Unicorn-19747.exe
564	2168	WerFault.exe	Unicorn-54557.exe
1260	2756	WerFault.exe	Unicorn-34691.exe
1272	2504	WerFault.exe	Unicorn-478.exe
2216	3064	WerFault.exe	Unicorn-15423.exe
1608	2728	WerFault.exe	Unicorn-35289.exe
1944	2824	WerFault.exe	Unicorn-4562.exe
2540	1056	WerFault.exe	Unicorn-46150.exe
2100	2204	WerFault.exe	Unicorn-34603.exe
1536	2332	WerFault.exe	Unicorn-45486.exe
1968	2324	WerFault.exe	Unicorn-51708.exe
2076	1600	WerFault.exe	Unicorn-25620.exe
596	340	WerFault.exe	Unicorn-14759.exe
1284	896	WerFault.exe	Unicorn-10675.exe
584	1308	WerFault.exe	Unicorn-60431.exe
1656	2352	WerFault.exe	Unicorn-31842.exe
1792	1012	WerFault.exe	Unicorn-50400.exe
1120	2340	WerFault.exe	Unicorn-53078.exe
1788	2028	WerFault.exe	Unicorn-11490.exe
796	2924	WerFault.exe	Unicorn-16981.exe
2888	960	WerFault.exe	Unicorn-26435.exe
1856	1828	WerFault.exe	Unicorn-61246.exe
2376	2088	WerFault.exe	Unicorn-50385.exe
900	1940	WerFault.exe	Unicorn-56607.exe
2000	1964	WerFault.exe	Unicorn-15574.exe
1576	1664	WerFault.exe	Unicorn-46301.exe
2548	2016	WerFault.exe	Unicorn-32487.exe
888	2900	WerFault.exe	Unicorn-62398.exe
2084	2384	WerFault.exe	Unicorn-55621.exe
2948	2584	WerFault.exe	Unicorn-390.exe
1648	1816	WerFault.exe	Unicorn-21365.exe
1640	2236	WerFault.exe	Unicorn-49399.exe
1684	2764	WerFault.exe	Unicorn-64344.exe
296	2792	WerFault.exe	Unicorn-28979.exe
3076	2456	WerFault.exe	Unicorn-59705.exe
3132	1444	WerFault.exe	Unicorn-37147.exe
3172	2852	WerFault.exe	Unicorn-33063.exe
3208	2696	WerFault.exe	Unicorn-37147.exe
3216	2816	WerFault.exe	Unicorn-48008.exe
3244	2012	WerFault.exe	Unicorn-52092.exe
3260	3052	WerFault.exe	Unicorn-17281.exe
3340	2808	WerFault.exe	Unicorn-52092.exe
3960	592	WerFault.exe	Unicorn-64894.exe
3836	3032	WerFault.exe	Unicorn-24402.exe
3672	2004	WerFault.exe	Unicorn-7250.exe
3924	2316	WerFault.exe	Unicorn-64619.exe
3360	1064	WerFault.exe	Unicorn-49674.exe
3384	1624	WerFault.exe	Unicorn-9196.exe
3468	2896	WerFault.exe	Unicorn-43260.exe
3476	1312	WerFault.exe	Unicorn-62481.exe
3544	2520	WerFault.exe	Unicorn-22840.exe
3580	2576	WerFault.exe	Unicorn-17172.exe
3692	2748	WerFault.exe	Unicorn-32954.exe
3820	2804	WerFault.exe	Unicorn-12533.exe
3120	2380	WerFault.exe	Unicorn-12725.exe
3448	2156	WerFault.exe	Unicorn-6311.exe
3828	2740	WerFault.exe	Unicorn-51428.exe
3976	2064	WerFault.exe	Unicorn-27670.exe
3992	1744	WerFault.exe	Unicorn-8641.exe
3084	1872	WerFault.exe	Unicorn-33146.exe
3292	2940	WerFault.exe	Unicorn-47536.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exeUnicorn-27749.exeUnicorn-56612.exeUnicorn-6020.exeUnicorn-19747.exeUnicorn-54557.exeUnicorn-34691.exeUnicorn-15423.exeUnicorn-4562.exeUnicorn-478.exeUnicorn-46150.exeUnicorn-35289.exeUnicorn-45486.exeUnicorn-25620.exeUnicorn-10675.exeUnicorn-60431.exeUnicorn-31842.exeUnicorn-51708.exeUnicorn-14759.exeUnicorn-50400.exeUnicorn-16981.exeUnicorn-53078.exeUnicorn-11490.exeUnicorn-46301.exeUnicorn-26435.exeUnicorn-50385.exeUnicorn-15574.exeUnicorn-61246.exeUnicorn-56607.exeUnicorn-34603.exeUnicorn-32487.exeUnicorn-62398.exeUnicorn-55621.exeUnicorn-390.exeUnicorn-21365.exeUnicorn-49399.exeUnicorn-64344.exeUnicorn-59705.exeUnicorn-28979.exeUnicorn-33063.exeUnicorn-48008.exeUnicorn-37147.exeUnicorn-37147.exeUnicorn-17281.exeUnicorn-52092.exeUnicorn-52092.exeUnicorn-24402.exeUnicorn-7250.exeUnicorn-8641.exeUnicorn-49674.exeUnicorn-64619.exeUnicorn-9196.exeUnicorn-33146.exeUnicorn-12725.exeUnicorn-47536.exeUnicorn-27670.exeUnicorn-62481.exeUnicorn-22840.exeUnicorn-37784.exeUnicorn-59596.exeUnicorn-9004.exeUnicorn-47899.exeUnicorn-32954.exeUnicorn-17172.exe

pid	process
1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
312	Unicorn-27749.exe
1836	Unicorn-56612.exe
2172	Unicorn-6020.exe
2604	Unicorn-19747.exe
2168	Unicorn-54557.exe
2756	Unicorn-34691.exe
3064	Unicorn-15423.exe
2824	Unicorn-4562.exe
2504	Unicorn-478.exe
1056	Unicorn-46150.exe
2728	Unicorn-35289.exe
2332	Unicorn-45486.exe
1600	Unicorn-25620.exe
896	Unicorn-10675.exe
1308	Unicorn-60431.exe
2352	Unicorn-31842.exe
2324	Unicorn-51708.exe
340	Unicorn-14759.exe
1012	Unicorn-50400.exe
2924	Unicorn-16981.exe
2340	Unicorn-53078.exe
2028	Unicorn-11490.exe
1664	Unicorn-46301.exe
960	Unicorn-26435.exe
2088	Unicorn-50385.exe
1964	Unicorn-15574.exe
1828	Unicorn-61246.exe
1940	Unicorn-56607.exe
2204	Unicorn-34603.exe
2016	Unicorn-32487.exe
2900	Unicorn-62398.exe
2384	Unicorn-55621.exe
2584	Unicorn-390.exe
1816	Unicorn-21365.exe
2236	Unicorn-49399.exe
2764	Unicorn-64344.exe
2456	Unicorn-59705.exe
2792	Unicorn-28979.exe
2852	Unicorn-33063.exe
2816	Unicorn-48008.exe
1444	Unicorn-37147.exe
2696	Unicorn-37147.exe
3052	Unicorn-17281.exe
2012	Unicorn-52092.exe
2808	Unicorn-52092.exe
3032	Unicorn-24402.exe
2004	Unicorn-7250.exe
1744	Unicorn-8641.exe
1064	Unicorn-49674.exe
2316	Unicorn-64619.exe
1624	Unicorn-9196.exe
1872	Unicorn-33146.exe
2380	Unicorn-12725.exe
2940	Unicorn-47536.exe
2064	Unicorn-27670.exe
1312	Unicorn-62481.exe
2520	Unicorn-22840.exe
1692	Unicorn-37784.exe
2104	Unicorn-59596.exe
2368	Unicorn-9004.exe
2928	Unicorn-47899.exe
2748	Unicorn-32954.exe
2576	Unicorn-17172.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exeUnicorn-27749.exeUnicorn-56612.exeUnicorn-6020.exeUnicorn-19747.exeUnicorn-54557.exeUnicorn-34691.exeUnicorn-478.exe

description	pid	process	target process
PID 1512 wrote to memory of 312	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-27749.exe
PID 1512 wrote to memory of 312	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-27749.exe
PID 1512 wrote to memory of 312	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-27749.exe
PID 1512 wrote to memory of 312	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-27749.exe
PID 312 wrote to memory of 1836	312	Unicorn-27749.exe	Unicorn-56612.exe
PID 312 wrote to memory of 1836	312	Unicorn-27749.exe	Unicorn-56612.exe
PID 312 wrote to memory of 1836	312	Unicorn-27749.exe	Unicorn-56612.exe
PID 312 wrote to memory of 1836	312	Unicorn-27749.exe	Unicorn-56612.exe
PID 1512 wrote to memory of 2172	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-6020.exe
PID 1512 wrote to memory of 2172	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-6020.exe
PID 1512 wrote to memory of 2172	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-6020.exe
PID 1512 wrote to memory of 2172	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	Unicorn-6020.exe
PID 1512 wrote to memory of 2644	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	WerFault.exe
PID 1512 wrote to memory of 2644	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	WerFault.exe
PID 1512 wrote to memory of 2644	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	WerFault.exe
PID 1512 wrote to memory of 2644	1512	3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe	WerFault.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-56612.exe	Unicorn-19747.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-56612.exe	Unicorn-19747.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-56612.exe	Unicorn-19747.exe
PID 1836 wrote to memory of 2604	1836	Unicorn-56612.exe	Unicorn-19747.exe
PID 2172 wrote to memory of 2168	2172	Unicorn-6020.exe	Unicorn-54557.exe
PID 2172 wrote to memory of 2168	2172	Unicorn-6020.exe	Unicorn-54557.exe
PID 2172 wrote to memory of 2168	2172	Unicorn-6020.exe	Unicorn-54557.exe
PID 2172 wrote to memory of 2168	2172	Unicorn-6020.exe	Unicorn-54557.exe
PID 312 wrote to memory of 2756	312	Unicorn-27749.exe	Unicorn-34691.exe
PID 312 wrote to memory of 2756	312	Unicorn-27749.exe	Unicorn-34691.exe
PID 312 wrote to memory of 2756	312	Unicorn-27749.exe	Unicorn-34691.exe
PID 312 wrote to memory of 2756	312	Unicorn-27749.exe	Unicorn-34691.exe
PID 312 wrote to memory of 2688	312	Unicorn-27749.exe	WerFault.exe
PID 312 wrote to memory of 2688	312	Unicorn-27749.exe	WerFault.exe
PID 312 wrote to memory of 2688	312	Unicorn-27749.exe	WerFault.exe
PID 312 wrote to memory of 2688	312	Unicorn-27749.exe	WerFault.exe
PID 1836 wrote to memory of 1056	1836	Unicorn-56612.exe	Unicorn-46150.exe
PID 1836 wrote to memory of 1056	1836	Unicorn-56612.exe	Unicorn-46150.exe
PID 1836 wrote to memory of 1056	1836	Unicorn-56612.exe	Unicorn-46150.exe
PID 1836 wrote to memory of 1056	1836	Unicorn-56612.exe	Unicorn-46150.exe
PID 2172 wrote to memory of 3064	2172	Unicorn-6020.exe	Unicorn-15423.exe
PID 2172 wrote to memory of 3064	2172	Unicorn-6020.exe	Unicorn-15423.exe
PID 2172 wrote to memory of 3064	2172	Unicorn-6020.exe	Unicorn-15423.exe
PID 2172 wrote to memory of 3064	2172	Unicorn-6020.exe	Unicorn-15423.exe
PID 2604 wrote to memory of 2504	2604	Unicorn-19747.exe	Unicorn-478.exe
PID 2604 wrote to memory of 2504	2604	Unicorn-19747.exe	Unicorn-478.exe
PID 2604 wrote to memory of 2504	2604	Unicorn-19747.exe	Unicorn-478.exe
PID 2604 wrote to memory of 2504	2604	Unicorn-19747.exe	Unicorn-478.exe
PID 2168 wrote to memory of 2728	2168	Unicorn-54557.exe	Unicorn-35289.exe
PID 2168 wrote to memory of 2728	2168	Unicorn-54557.exe	Unicorn-35289.exe
PID 2168 wrote to memory of 2728	2168	Unicorn-54557.exe	Unicorn-35289.exe
PID 2168 wrote to memory of 2728	2168	Unicorn-54557.exe	Unicorn-35289.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-34691.exe	Unicorn-4562.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-34691.exe	Unicorn-4562.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-34691.exe	Unicorn-4562.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-34691.exe	Unicorn-4562.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-56612.exe	WerFault.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-56612.exe	WerFault.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-56612.exe	WerFault.exe
PID 1836 wrote to memory of 2864	1836	Unicorn-56612.exe	WerFault.exe
PID 2504 wrote to memory of 896	2504	Unicorn-478.exe	Unicorn-10675.exe
PID 2504 wrote to memory of 896	2504	Unicorn-478.exe	Unicorn-10675.exe
PID 2504 wrote to memory of 896	2504	Unicorn-478.exe	Unicorn-10675.exe
PID 2504 wrote to memory of 896	2504	Unicorn-478.exe	Unicorn-10675.exe
PID 2604 wrote to memory of 1600	2604	Unicorn-19747.exe	Unicorn-25620.exe
PID 2604 wrote to memory of 1600	2604	Unicorn-19747.exe	Unicorn-25620.exe
PID 2604 wrote to memory of 1600	2604	Unicorn-19747.exe	Unicorn-25620.exe
PID 2604 wrote to memory of 1600	2604	Unicorn-19747.exe	Unicorn-25620.exe

C:\Users\Admin\AppData\Local\Temp\3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe
"C:\Users\Admin\AppData\Local\Temp\3c2443b84f5a28784523587fc4cc5090832031c485a5fe724540abc6544d1ced.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
10⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
11⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
12⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
13⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
14⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
15⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 236
15⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
14⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 220
13⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
12⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
11⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
12⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
13⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
14⤵
PID:14376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
14⤵
PID:14848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
13⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
12⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
10⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
11⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
12⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
13⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
14⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
14⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
13⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
10⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
9⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
11⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
12⤵
PID:6688

C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
13⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
14⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
14⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 220
13⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
12⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
11⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
10⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
9⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
10⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
11⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
12⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
13⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
12⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 236
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
9⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
8⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-51428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51428.exe
8⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
9⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
10⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
11⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
12⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
13⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
14⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
14⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
13⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
12⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
11⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
10⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
11⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
12⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
13⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 220
13⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 220
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
11⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
10⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
10⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
11⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
12⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
13⤵
PID:14468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
13⤵
PID:14916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
12⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
9⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
11⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 236
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
9⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
8⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
7⤵
- Program crash
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
7⤵
- Program crash
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
6⤵
- Program crash
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
8⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
12⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
13⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 236
13⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
11⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
12⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 220
12⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
8⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
7⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
10⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
11⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
12⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 220
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
11⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
9⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
10⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 220
11⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 220
10⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
9⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
7⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 216
6⤵
- Program crash
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
8⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
8⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
10⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
11⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
12⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
13⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
12⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
10⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
11⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
12⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 220
12⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
11⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
- Program crash
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
7⤵
- Program crash
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
8⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
12⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
13⤵
PID:14360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10504 -s 216
13⤵
PID:14836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
12⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
11⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
12⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
8⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-19393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19393.exe
7⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
10⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
11⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
12⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
12⤵
PID:14556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 220
11⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 236
8⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
7⤵
- Program crash
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
6⤵
- Program crash
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15138.exe
8⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
11⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
12⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
10⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
11⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 220
12⤵
PID:14128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
11⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
10⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
8⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
7⤵
PID:592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
8⤵
- Program crash
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
7⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
8⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
10⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
11⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
11⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
10⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
8⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
7⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 220
6⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
5⤵
- Program crash
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
8⤵
- Executes dropped EXE
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
9⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
10⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
11⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
12⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
13⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
14⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 220
14⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
13⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
12⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
11⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
10⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
11⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
12⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
13⤵
PID:14776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
12⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
11⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220
9⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
8⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
11⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
12⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
13⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 236
13⤵
PID:14508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 220
11⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
9⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
8⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
7⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
8⤵
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
9⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
11⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
12⤵
PID:14696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 216
12⤵
PID:15080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
11⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
10⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
7⤵
- Program crash
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
12⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
13⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
13⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
11⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
12⤵
PID:14080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 204
11⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
9⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
11⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 220
12⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 220
11⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 220
8⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
7⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
10⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 200
11⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
8⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
7⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
6⤵
- Program crash
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
11⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
12⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
12⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
10⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
11⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
12⤵
PID:13960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
11⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
10⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
8⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
10⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
11⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
12⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
11⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
8⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
7⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
7⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
10⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
11⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
12⤵
PID:13804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
11⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
7⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
9⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
10⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
10⤵
PID:11384

C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
11⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11384 -s 216
11⤵
PID:14416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 220
10⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
9⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
8⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
7⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
6⤵
- Program crash
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
7⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
10⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 204
12⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
10⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
8⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
7⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
7⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
11⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
12⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 220
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
10⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
9⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
10⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
11⤵
PID:14116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 236
11⤵
PID:14612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
10⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
9⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
8⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
7⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
6⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
7⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
9⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-15001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15001.exe
10⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
11⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 220
11⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
9⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
8⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
8⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
9⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
10⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
11⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
11⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
10⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
9⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
8⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
7⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
6⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
7⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
9⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
10⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
11⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
11⤵
PID:14008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
10⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
9⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
8⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
7⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
8⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
9⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
10⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
10⤵
PID:13356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
9⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
8⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
7⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
6⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
5⤵
- Program crash
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
9⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
11⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
12⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
13⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
14⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
14⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 220
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
12⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
10⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
11⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
12⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
13⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
13⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 220
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
10⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
8⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
11⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
12⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
13⤵
PID:13948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
13⤵
PID:14452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 236
12⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
9⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
8⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
7⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
11⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
12⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
13⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 220
13⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
12⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
12⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
8⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
7⤵
- Program crash
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
7⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
11⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
12⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
13⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
13⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
12⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
9⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
10⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
11⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
12⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
12⤵
PID:14604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 220
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
9⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
9⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
11⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
12⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 220
12⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
11⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
10⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
7⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
10⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
11⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
11⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 236
10⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
10⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
11⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
11⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 220
9⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
8⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
7⤵
- Program crash
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
6⤵
- Program crash
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
5⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
11⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 216
12⤵
PID:13740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
9⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
10⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
11⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
11⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
10⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
9⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
8⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
9⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
10⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
11⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 220
11⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
10⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
9⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
8⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
6⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
6⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
7⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
10⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exe
11⤵
PID:10376

C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
12⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 216
12⤵
PID:14820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 236
11⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
10⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
9⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
10⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
11⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 220
10⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
9⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
8⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
7⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
6⤵
- Program crash
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
5⤵
- Program crash
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
11⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
12⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
13⤵
PID:14548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 216
13⤵
PID:14952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
10⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
12⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
12⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
7⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
11⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 216
12⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
11⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
9⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
10⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
11⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
11⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
10⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
9⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
8⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
7⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
10⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
11⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 236
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
11⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
8⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
7⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
8⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
9⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
10⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 220
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
10⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
9⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
8⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
6⤵
- Program crash
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
11⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
12⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 220
11⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
10⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
9⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
8⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
10⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
11⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
8⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
7⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
9⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
10⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
11⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 220
11⤵
PID:14584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 220
10⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
9⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
8⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
7⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
6⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
7⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
10⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
11⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
11⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
10⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
9⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
8⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
7⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
6⤵
- Program crash
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
5⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
7⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
8⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
10⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
11⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
12⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
12⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 220
11⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
9⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-39311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39311.exe
9⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
10⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
11⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
11⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
10⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
9⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
8⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
9⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
10⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
11⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
10⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
9⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
8⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
7⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
6⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
10⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
11⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
11⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
9⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
8⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
7⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
8⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
9⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 188
10⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 220
9⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
8⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
6⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
6⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
7⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
9⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
10⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
11⤵
PID:14428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
11⤵
PID:14872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
9⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
8⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
7⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
6⤵
- Program crash
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
5⤵
- Program crash
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
4⤵
- Program crash
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
2⤵
- Program crash
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe

Filesize
184KB

MD5
6614c4682e379bfd936c58dac9511935

SHA1
b0e8e3dd8e3c79d1122493fadaa35635bc0366cc

SHA256
247b8f0846119c395cbd7a2ef09a0b71b869e03be95169976edbbd82892eb4d8

SHA512
e67c465620c7a05d04d80f1dfa1ee723f2c840e9c566a0096933d2ceb9db44dd52ade05269ffee63776549f367243f8d6dfb320168b944fb24e3ad13ef3ac933

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe

Filesize
184KB

MD5
382618453e1cc651bfa8f96f3e1ecbc4

SHA1
d8cc809a55eb65267900b5303fe7cd6a197ad519

SHA256
c9fb23884e06cd6ac390eab49ff31a4724048204cf997ccc77bcd07a18334379

SHA512
6018a76d2e8ef5c5b4d5abc7a914fe5c244e2cafcbbcce00683208088ee7162f8212467951c40be2a0c00266c029423cde5e2ec2c738112668a394a366fc26a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe

Filesize
184KB

MD5
64c9c30d9c29474c51ef95c4bc9a8f39

SHA1
7023baa87010992548b6a1d5377e59b36a9073e9

SHA256
446a1ceb997e7f84bed2dd824a8c1d2014c0ecb6f8fcc56d62ac9d9ca3e58d1b

SHA512
bc62f702f4c47471f27c9c0ef463fc2f9c1ac536d3a0772e6598d0ff72920b7a64e5ce9178df6cdf2d69b824801ef6c9341c3f50966637822996befac30423b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe

Filesize
184KB

MD5
72ddcb83f5fe0faccd214b2bdf00b670

SHA1
721e496af2e64f38c5c01743379d86893256563f

SHA256
31573132e64cdb3ac46763dbc63b3c7388e3eb4b449050ff2729a3c20407f6cc

SHA512
6812c75d35f0fd37bfbdd8ed072ded0b0d6f42c01d3ebcfbc4cf914f7452321b8effd7431b1bc19442cd54269d4331d4c8a5dec314dec22e354c6e686853edbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe

Filesize
184KB

MD5
e61fffe3e4e851d433e3c206ca606088

SHA1
5b9ed44cc03671a67087097cf914df4dbbf980d7

SHA256
6beac24954f8c50f817830a4aab7ea32715f15ff3667e24fd830de5a649b33c0

SHA512
0fc232f2f45164b0b9693c2fb8ea37307b776116964ccfae906b404edc6f247b41ee588a9932c22008f0164f6df1338d05342c9797aa2b573068a960a1fdca77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe

Filesize
184KB

MD5
4b37c1800e733e10df80b5897eb38d51

SHA1
1752c77392bfa18afdf4513944a444b71e69ab42

SHA256
273303ae1764afb6d4dd3185b1c1588c62ff9451da042c292824aac16dc0399b

SHA512
b5d2b8fd23b2a964e47ad5669af6ffeea0387f7a4dd40c737e3b3379aeba46f808ae62ff41c7a9c250b146efc714c950b69a7a63fc02f3401c5f28743a435ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe

Filesize
184KB

MD5
f8993036a23df0aa4c890ff4a692635d

SHA1
9b7617563dda6f252b6d957ba95f823f3052871f

SHA256
b6f311192de22f9791230500132a2eda0b600f9e2c3748396088aadda233acc7

SHA512
362a096da61015cbfdb2b4f2208bb30c97d4b886571ea9307893a56385454c8c96f51d013cfe48e1783ed27d269af35069f62e9cbf4c42cb0395f39d3084b76f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe

Filesize
184KB

MD5
399caf369f6e4ebb6cb5424b34dcc142

SHA1
08554daf4bb394d81f575e8a9d1e1f111bf5421c

SHA256
72819d6b06d5c6b6a3870865aaaa64f9515602ed0a85d3f88c1310e42513373c

SHA512
b6ebd1fc16a5d1a90f4b3f334424bd0ca690a82f3abc6d4f48cabb569de8178d1c7de325255c63ef077370635ddcde54f5e0478780f73340a9551b15a8ce1823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe

Filesize
184KB

MD5
943cdef85d869c3bca4f293f11327744

SHA1
c37e8e8ed5d9b9f92206b178be919d824c3097c0

SHA256
93c06641b650735678eb254fceab8b1b89144cd83b523ec8c0f68b6dbd04d66c

SHA512
543bcefdfa94058daae5fa30b0bb1e6ab120111bec5448ce5fe1a5f8fd8142400da9b20cd821361b178256ac616720d25ea0bd29b3a0b9589ceb0ab536d6d351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe

Filesize
184KB

MD5
c76e519a566e63c09fa45979ddfa599d

SHA1
9393b1670501a3bbe2c157abdccd5faee031e285

SHA256
f637c7d94c8d3dfe1bc166bdd4a0d87423d7ddf8a30dbd8fef89ea4f95bcd9bb

SHA512
35ff68885ec0b9f3de538cb5a75967beb1742cff7796d360a0d0783c79a0e3433b32901a0df2187e652b1f2c14ef9ac89767fb5d030208bec869bafdb6ace0c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe

Filesize
184KB

MD5
a26e260ab509e10cc991b37829fc8407

SHA1
c7ca4d0511c68486a0266f7a8da71c979ae9e369

SHA256
fa099b4320afe3519c5ff04aa9aa55f36f34612d3d52e34c063885ae4b9c2c8e

SHA512
94a08082a1ef8bc4ab20f42923cecc56782dee72b7cdbcf02c0dbe8bf9ec16e0d9ff5aff8b21b1e8a95e309199bdee1356762a5f7d0eef259218ba67629f3f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe

Filesize
184KB

MD5
10943dcc4fbcf85dd8ae3fd7d9318bd2

SHA1
54d47e21c5624b3bc233fac3b289e70a189c8701

SHA256
244ec64d35f849ae81f35a2d8fdcabffcec5eebb03de8006f5b8accc866b41ea

SHA512
5f2f1f63aa95d8e3c79464e34d4d91d7227294b71cc42bfc1543d0107c7b15ad4851ec1d4bab44c5ae10e5d561ee148da2743aa44e87d9387b58a3273ce93901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe

Filesize
184KB

MD5
25e4b20c3d74a4e7fe2fe753d2d437b7

SHA1
7799374be33eb87d6c4baf40f058b58361cf0454

SHA256
83a7e15e2fd589bc3c26c7e224b7d1070bb8337bd2e286df3adcf05758ba8991

SHA512
937a42b665ad0e3f7af615e9165f284c16223cba44b15b91993b67827681bda967f1fbb8e8a67497eb40348c537b0fc1a0b5de6bded16c44014d100154f6421f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe

Filesize
184KB

MD5
ea328486727c96200fa93900db68ea05

SHA1
8876c0f12d680e1dc24b414af4b2b22d2e055b93

SHA256
e240d85af0f0de325c67bf32ca04d6399e382f4ab5e71399705854da5ae7537a

SHA512
146a55a04cf30e4f82d12ea5f2bd3fe2fda75a17fcb5feb04e1044dcfe4376a651fda96242da357cbd8d7a96673bc0dd3b552fada93b880639bc9213f978eea4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe

Filesize
184KB

MD5
7155ba8ebb0827a92f09790d5a5ed861

SHA1
fb66ead596f135c14ab591e417a233691bdcb6ba

SHA256
afac2f62eaa793e7a687fe9b5439d17f1d9c2c6a69f2d48afb611aa5350eeef9

SHA512
5ca9e157a22ef8212a7735cf01182383e8c33dd5b5e47823654f19d00a0d5567b6688353ddfa77406d2035baac19c3d4f37f36e2e522702ff5e51c4c5ef133cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe

Filesize
184KB

MD5
b9d9fde7e21c7607a4d745ba770b57c7

SHA1
b58edc8119d5c35c1736f8196748eae7540e131e

SHA256
d8be8b2c5bcbe0dcddf1317b501f22940d4f44535a8458de834f570c888f1035

SHA512
45f2c88c91f2d768e94939a5d4ae457513e9d5a790bf399fb2b4141d90f670d20ecf68268067754e77531babb7b67d6774c5ed6bed7dfd772cc8cca6ccf1be0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe

Filesize
184KB

MD5
e3e98aa4b292e85fc5d1238ac2dd2c3d

SHA1
b656a616501548888de4601894e913e8fe35246d

SHA256
077d4b3502c9b1f9e1f4dcde59131011e3cd1cbdcad3e54efe1c62901830fcca

SHA512
093eede35d735df3de1a3f3c1f97fae53333d5d45ae8dcdd6e941c0ecded6baead649fb88f392a11ab390a103017b351413b7f25933632d56b902dd4264ae6cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe

Filesize
184KB

MD5
a8c069b0004d9fab3bf868607c2863c9

SHA1
e63e60eb98132c16b8dd89163794688a87c141ae

SHA256
b7c8e906e98079b5c1f4d28b7e0c3db395f8f5b315ff5f7491a03c4f08422930

SHA512
21460d1bc89ad578a00977a045f6f6069ee4204087e9b1602480f6121f28aca66da62557d85515913ca4f8469293dda37907d5534f9bec157dc0f41adbe60cee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe

Filesize
184KB

MD5
280d9f196dd8f549b199c6b5e793bcaa

SHA1
0bc8c46a2640d27cfe7cbabd1eeb8e15f754cc66

SHA256
f0d119e09b1710cb97f368327bcf592095e9003d1cc9b31e5389a6ecbfc80513

SHA512
9f7b5219534093d137b65afd920406ec40473bcda42240a9dce6f76a69e7f9f7acff1904018ecaa589337770f15e1aa07ead79e040a3ca2aefd679f597319592

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe

Filesize
184KB

MD5
49fe2c0ee30b86af7553b23c8a4c14b3

SHA1
caea1becef01e7bdd8c43ddf40b7612a47568688

SHA256
e7071a6059c616e34ea97ccb340fa43ba155ad63c018ec74819076048a8ddf2c

SHA512
0610a9ebbad85b40a9a0cacc9fcadc71361c698c75448644679da8412d5d15d03b093c036c3b4dbacba96955e94ee0b04c57afbeb63f333f90e01b63fbbdd14a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-478.exe

Filesize
184KB

MD5
f508b7db9e4830e218f3ead4a9a4e074

SHA1
0037b358da4be3b376f17eeabb30b6f999dbf2c8

SHA256
39163bb847df878d981bbaa435143d0bb268f949576b078f3a8a1aebb507d75d

SHA512
bfc9384a4a18895947cd37fffbeeff3ae40d9eeacf1526d2af1ec04c01193c7160f649066cb2a2e71f575fd50c60abb369fe7e66fdafd48256ae509f4b56176e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe

Filesize
184KB

MD5
763d9dce5e10d056a49f669053678ac0

SHA1
8c5be16aa08def6c820f9cab9f3f813f6b7000e4

SHA256
60327b9605802b7b4274f5367829a35ef0f959339baf62b65403831f8a610017

SHA512
3f4206c6464b1c644c57876cb6c17ca4e83671f8dac8ef8a7d883ea251e592d622cf6b32e40339b157e9747525fb2c3056b8e03df36cccee967b44d1d3d7b4e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe

Filesize
184KB

MD5
f7c7bea23dd860ff44c9346e020f8f50

SHA1
e049591ff6ba98c534a13eed21935026af1eac71

SHA256
a66acf13e1b4432f28bc1dc617dc26322da68690faac278f8f05a9d6c65b0b7c

SHA512
55d477ad12846101ed8edddba80f337c02eb60e11b9ae18aad543fae4f0d1f56b8fd9befac81f15ec6ab35b34f028d4eeb86725e5e6244d96d67c331997cc1dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe

Filesize
184KB

MD5
7a853d7650c9bd8e4357136b5a122451

SHA1
c4e0dd135eace627ca83a2c4b690724a6a4170e2

SHA256
97f1178b71f68746f2cd18762de95492911788a29c120b40ba0457f468cbf30e

SHA512
e85589a6270202711a3518a1d49b50e6d3399a42407b44c89d15b9c54896778f7538b506ee4be9d36762c51b4c1752877ec87a4b0d5969cec7307f4a469c0d7a

Download Submit