a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
Size

184KB
MD5

2fac418d195f735f08338c4fbc79a785
SHA1

3fabb26e8fa7daf20df50e760d745b67f390b9e4
SHA256

a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee
SHA512

2cd2ea34394ebed4256152f3d4f58cbb7f92bdc84f5f0b901cca7cdb1e9a598e4689a23f4cff1bccab6410d036fdb20be03b4a519539e269dd1776b2cdb63215
SSDEEP

1536:6BSS6KfS+3Hxo5x1VJOAlawSie9yvZc8lmddjPLj2Czetdhl5hj5nizpvC:G2Y3HxofLJOTjiQWeHPLj1sdhlnViF6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-31682.exeUnicorn-56612.exeUnicorn-21287.exeUnicorn-2645.exeUnicorn-761.exeUnicorn-20435.exeUnicorn-11431.exeUnicorn-62085.exeUnicorn-29221.exeUnicorn-9355.exeUnicorn-6859.exeUnicorn-17914.exeUnicorn-31789.exeUnicorn-19367.exeUnicorn-49579.exeUnicorn-64353.exeUnicorn-52423.exeUnicorn-39733.exeUnicorn-19867.exeUnicorn-35134.exeUnicorn-52924.exeUnicorn-46552.exeUnicorn-11995.exeUnicorn-14263.exeUnicorn-47512.exeUnicorn-47320.exeUnicorn-45950.exeUnicorn-10625.exeUnicorn-17129.exeUnicorn-34918.exeUnicorn-14860.exeUnicorn-50377.exeUnicorn-48649.exeUnicorn-31628.exeUnicorn-16169.exeUnicorn-45011.exeUnicorn-29551.exeUnicorn-49417.exeUnicorn-11954.exeUnicorn-64876.exeUnicorn-20201.exeUnicorn-35468.exeUnicorn-143.exeUnicorn-15602.exeUnicorn-17871.exeUnicorn-38071.exeUnicorn-3514.exeUnicorn-23188.exeUnicorn-3286.exeUnicorn-47889.exeUnicorn-35767.exeUnicorn-16477.exeUnicorn-2985.exeUnicorn-16669.exeUnicorn-6825.exeUnicorn-52305.exeUnicorn-55341.exeUnicorn-50961.exeUnicorn-21325.exeUnicorn-21901.exeUnicorn-30474.exeUnicorn-28336.exeUnicorn-28336.exeUnicorn-12876.exe

pid	process
1728	Unicorn-31682.exe
2616	Unicorn-56612.exe
2636	Unicorn-21287.exe
2544	Unicorn-2645.exe
876	Unicorn-761.exe
2520	Unicorn-20435.exe
288	Unicorn-11431.exe
2816	Unicorn-62085.exe
1244	Unicorn-29221.exe
2424	Unicorn-9355.exe
1612	Unicorn-6859.exe
524	Unicorn-17914.exe
304	Unicorn-31789.exe
3008	Unicorn-19367.exe
2340	Unicorn-49579.exe
2112	Unicorn-64353.exe
2924	Unicorn-52423.exe
2084	Unicorn-39733.exe
1088	Unicorn-19867.exe
2388	Unicorn-35134.exe
1544	Unicorn-52924.exe
2028	Unicorn-46552.exe
2008	Unicorn-11995.exe
1984	Unicorn-14263.exe
1516	Unicorn-47512.exe
2952	Unicorn-47320.exe
2180	Unicorn-45950.exe
1096	Unicorn-10625.exe
2300	Unicorn-17129.exe
2160	Unicorn-34918.exe
2772	Unicorn-14860.exe
2632	Unicorn-50377.exe
2536	Unicorn-48649.exe
2104	Unicorn-31628.exe
2504	Unicorn-16169.exe
2172	Unicorn-45011.exe
1640	Unicorn-29551.exe
1912	Unicorn-49417.exe
1552	Unicorn-11954.exe
1740	Unicorn-64876.exe
2828	Unicorn-20201.exe
1312	Unicorn-35468.exe
1616	Unicorn-143.exe
1072	Unicorn-15602.exe
2404	Unicorn-17871.exe
2928	Unicorn-38071.exe
2368	Unicorn-3514.exe
440	Unicorn-23188.exe
1752	Unicorn-3286.exe
1240	Unicorn-47889.exe
1604	Unicorn-35767.exe
2916	Unicorn-16477.exe
2912	Unicorn-2985.exe
1520	Unicorn-16669.exe
2312	Unicorn-6825.exe
1628	Unicorn-52305.exe
1960	Unicorn-55341.exe
2920	Unicorn-50961.exe
2640	Unicorn-21325.exe
2976	Unicorn-21901.exe
2512	Unicorn-30474.exe
884	Unicorn-28336.exe
2628	Unicorn-28336.exe
1348	Unicorn-12876.exe

Loads dropped DLL 64 IoCs

Processes:

a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exeUnicorn-31682.exeUnicorn-56612.exeUnicorn-21287.exeWerFault.exeUnicorn-761.exeUnicorn-2645.exeUnicorn-20435.exeWerFault.exeWerFault.exeUnicorn-62085.exeUnicorn-11431.exeUnicorn-6859.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
1728	Unicorn-31682.exe
2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
1728	Unicorn-31682.exe
2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
2616	Unicorn-56612.exe
2616	Unicorn-56612.exe
1728	Unicorn-31682.exe
1728	Unicorn-31682.exe
2636	Unicorn-21287.exe
2636	Unicorn-21287.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
876	Unicorn-761.exe
876	Unicorn-761.exe
2544	Unicorn-2645.exe
2544	Unicorn-2645.exe
2616	Unicorn-56612.exe
2616	Unicorn-56612.exe
2520	Unicorn-20435.exe
2520	Unicorn-20435.exe
2636	Unicorn-21287.exe
2636	Unicorn-21287.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
2816	Unicorn-62085.exe
2816	Unicorn-62085.exe
2544	Unicorn-2645.exe
2544	Unicorn-2645.exe
288	Unicorn-11431.exe
288	Unicorn-11431.exe
2520	Unicorn-20435.exe
2520	Unicorn-20435.exe
876	Unicorn-761.exe
876	Unicorn-761.exe
1612	Unicorn-6859.exe
1612	Unicorn-6859.exe
2260	WerFault.exe
2260	WerFault.exe
2260	WerFault.exe
2260	WerFault.exe
2260	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1856	WerFault.exe
1540	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2288	2064	WerFault.exe	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
2472	1728	WerFault.exe	Unicorn-31682.exe
2436	2616	WerFault.exe	Unicorn-56612.exe
576	2636	WerFault.exe	Unicorn-21287.exe
2260	876	WerFault.exe	Unicorn-761.exe
1856	2544	WerFault.exe	Unicorn-2645.exe
1540	2520	WerFault.exe	Unicorn-20435.exe
1580	2816	WerFault.exe	Unicorn-62085.exe
2132	288	WerFault.exe	Unicorn-11431.exe
1588	1244	WerFault.exe	Unicorn-29221.exe
2280	2424	WerFault.exe	Unicorn-9355.exe
1684	1612	WerFault.exe	Unicorn-6859.exe
1816	524	WerFault.exe	Unicorn-17914.exe
2876	3008	WerFault.exe	Unicorn-19367.exe
808	304	WerFault.exe	Unicorn-31789.exe
1668	2340	WerFault.exe	Unicorn-49579.exe
2984	2112	WerFault.exe	Unicorn-64353.exe
2812	2924	WerFault.exe	Unicorn-52423.exe
2380	1088	WerFault.exe	Unicorn-19867.exe
2352	2084	WerFault.exe	Unicorn-39733.exe
2468	1544	WerFault.exe	Unicorn-52924.exe
2344	2388	WerFault.exe	Unicorn-35134.exe
2016	2008	WerFault.exe	Unicorn-11995.exe
300	2028	WerFault.exe	Unicorn-46552.exe
1632	1984	WerFault.exe	Unicorn-14263.exe
864	2180	WerFault.exe	Unicorn-45950.exe
2216	1516	WerFault.exe	Unicorn-47512.exe
640	2952	WerFault.exe	Unicorn-47320.exe
2956	1096	WerFault.exe	Unicorn-10625.exe
2408	2300	WerFault.exe	Unicorn-17129.exe
2892	2772	WerFault.exe	Unicorn-14860.exe
1324	2160	WerFault.exe	Unicorn-34918.exe
1008	2536	WerFault.exe	Unicorn-48649.exe
1872	2632	WerFault.exe	Unicorn-50377.exe
3148	2828	WerFault.exe	Unicorn-20201.exe
3164	1640	WerFault.exe	Unicorn-29551.exe
3172	1912	WerFault.exe	Unicorn-49417.exe
3208	1616	WerFault.exe	Unicorn-143.exe
3220	1740	WerFault.exe	Unicorn-64876.exe
3312	1312	WerFault.exe	Unicorn-35468.exe
3848	1552	WerFault.exe	Unicorn-11954.exe
3872	2504	WerFault.exe	Unicorn-16169.exe
3972	2172	WerFault.exe	Unicorn-45011.exe
3980	2104	WerFault.exe	Unicorn-31628.exe
4024	1072	WerFault.exe	Unicorn-15602.exe
3216	2404	WerFault.exe	Unicorn-17871.exe
3756	1128	WerFault.exe	Unicorn-42102.exe
3768	1800	WerFault.exe	Unicorn-59124.exe
3920	2848	WerFault.exe	Unicorn-26259.exe
4040	2512	WerFault.exe	Unicorn-30474.exe
4060	1652	WerFault.exe	Unicorn-26259.exe
3188	2640	WerFault.exe	Unicorn-21325.exe
3292	2428	WerFault.exe	Unicorn-256.exe
3368	2440	WerFault.exe	Unicorn-41526.exe
3604	2912	WerFault.exe	Unicorn-2985.exe
3684	2368	WerFault.exe	Unicorn-3514.exe
2432	2264	WerFault.exe	Unicorn-41019.exe
3280	1240	WerFault.exe	Unicorn-47889.exe
3308	2140	WerFault.exe	Unicorn-58808.exe
3460	1520	WerFault.exe	Unicorn-16669.exe
3388	1752	WerFault.exe	Unicorn-3286.exe
4056	2712	WerFault.exe	Unicorn-26328.exe
3744	2916	WerFault.exe	Unicorn-16477.exe
4100	2572	WerFault.exe	Unicorn-59576.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exeUnicorn-31682.exeUnicorn-56612.exeUnicorn-21287.exeUnicorn-2645.exeUnicorn-761.exeUnicorn-20435.exeUnicorn-11431.exeUnicorn-62085.exeUnicorn-29221.exeUnicorn-6859.exeUnicorn-9355.exeUnicorn-17914.exeUnicorn-31789.exeUnicorn-19367.exeUnicorn-49579.exeUnicorn-64353.exeUnicorn-52423.exeUnicorn-39733.exeUnicorn-19867.exeUnicorn-35134.exeUnicorn-52924.exeUnicorn-46552.exeUnicorn-11995.exeUnicorn-14263.exeUnicorn-47512.exeUnicorn-45950.exeUnicorn-47320.exeUnicorn-10625.exeUnicorn-17129.exeUnicorn-34918.exeUnicorn-14860.exeUnicorn-50377.exeUnicorn-48649.exeUnicorn-31628.exeUnicorn-16169.exeUnicorn-45011.exeUnicorn-29551.exeUnicorn-64876.exeUnicorn-11954.exeUnicorn-35468.exeUnicorn-49417.exeUnicorn-143.exeUnicorn-15602.exeUnicorn-20201.exeUnicorn-17871.exeUnicorn-38071.exeUnicorn-23188.exeUnicorn-3514.exeUnicorn-3286.exeUnicorn-47889.exeUnicorn-35767.exeUnicorn-16477.exeUnicorn-2985.exeUnicorn-16669.exeUnicorn-6825.exeUnicorn-52305.exeUnicorn-55341.exeUnicorn-50961.exeUnicorn-21325.exeUnicorn-21901.exeUnicorn-28336.exeUnicorn-30474.exeUnicorn-28336.exe

pid	process
2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
1728	Unicorn-31682.exe
2616	Unicorn-56612.exe
2636	Unicorn-21287.exe
2544	Unicorn-2645.exe
876	Unicorn-761.exe
2520	Unicorn-20435.exe
288	Unicorn-11431.exe
2816	Unicorn-62085.exe
1244	Unicorn-29221.exe
1612	Unicorn-6859.exe
2424	Unicorn-9355.exe
524	Unicorn-17914.exe
304	Unicorn-31789.exe
3008	Unicorn-19367.exe
2340	Unicorn-49579.exe
2112	Unicorn-64353.exe
2924	Unicorn-52423.exe
2084	Unicorn-39733.exe
1088	Unicorn-19867.exe
2388	Unicorn-35134.exe
1544	Unicorn-52924.exe
2028	Unicorn-46552.exe
2008	Unicorn-11995.exe
1984	Unicorn-14263.exe
1516	Unicorn-47512.exe
2180	Unicorn-45950.exe
2952	Unicorn-47320.exe
1096	Unicorn-10625.exe
2300	Unicorn-17129.exe
2160	Unicorn-34918.exe
2772	Unicorn-14860.exe
2632	Unicorn-50377.exe
2536	Unicorn-48649.exe
2104	Unicorn-31628.exe
2504	Unicorn-16169.exe
2172	Unicorn-45011.exe
1640	Unicorn-29551.exe
1740	Unicorn-64876.exe
1552	Unicorn-11954.exe
1312	Unicorn-35468.exe
1912	Unicorn-49417.exe
1616	Unicorn-143.exe
1072	Unicorn-15602.exe
2828	Unicorn-20201.exe
2404	Unicorn-17871.exe
2928	Unicorn-38071.exe
440	Unicorn-23188.exe
2368	Unicorn-3514.exe
1752	Unicorn-3286.exe
1240	Unicorn-47889.exe
1604	Unicorn-35767.exe
2916	Unicorn-16477.exe
2912	Unicorn-2985.exe
1520	Unicorn-16669.exe
2312	Unicorn-6825.exe
1628	Unicorn-52305.exe
1960	Unicorn-55341.exe
2920	Unicorn-50961.exe
2640	Unicorn-21325.exe
2976	Unicorn-21901.exe
2628	Unicorn-28336.exe
2512	Unicorn-30474.exe
884	Unicorn-28336.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exeUnicorn-31682.exeUnicorn-56612.exeUnicorn-21287.exeUnicorn-761.exeUnicorn-2645.exeUnicorn-20435.exeUnicorn-62085.exe

description	pid	process	target process
PID 2064 wrote to memory of 1728	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-31682.exe
PID 2064 wrote to memory of 1728	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-31682.exe
PID 2064 wrote to memory of 1728	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-31682.exe
PID 2064 wrote to memory of 1728	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-31682.exe
PID 1728 wrote to memory of 2616	1728	Unicorn-31682.exe	Unicorn-56612.exe
PID 1728 wrote to memory of 2616	1728	Unicorn-31682.exe	Unicorn-56612.exe
PID 1728 wrote to memory of 2616	1728	Unicorn-31682.exe	Unicorn-56612.exe
PID 1728 wrote to memory of 2616	1728	Unicorn-31682.exe	Unicorn-56612.exe
PID 2064 wrote to memory of 2636	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-21287.exe
PID 2064 wrote to memory of 2636	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-21287.exe
PID 2064 wrote to memory of 2636	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-21287.exe
PID 2064 wrote to memory of 2636	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	Unicorn-21287.exe
PID 2064 wrote to memory of 2288	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	WerFault.exe
PID 2064 wrote to memory of 2288	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	WerFault.exe
PID 2064 wrote to memory of 2288	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	WerFault.exe
PID 2064 wrote to memory of 2288	2064	a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe	WerFault.exe
PID 2616 wrote to memory of 2544	2616	Unicorn-56612.exe	Unicorn-2645.exe
PID 2616 wrote to memory of 2544	2616	Unicorn-56612.exe	Unicorn-2645.exe
PID 2616 wrote to memory of 2544	2616	Unicorn-56612.exe	Unicorn-2645.exe
PID 2616 wrote to memory of 2544	2616	Unicorn-56612.exe	Unicorn-2645.exe
PID 1728 wrote to memory of 876	1728	Unicorn-31682.exe	Unicorn-761.exe
PID 1728 wrote to memory of 876	1728	Unicorn-31682.exe	Unicorn-761.exe
PID 1728 wrote to memory of 876	1728	Unicorn-31682.exe	Unicorn-761.exe
PID 1728 wrote to memory of 876	1728	Unicorn-31682.exe	Unicorn-761.exe
PID 2636 wrote to memory of 2520	2636	Unicorn-21287.exe	Unicorn-20435.exe
PID 2636 wrote to memory of 2520	2636	Unicorn-21287.exe	Unicorn-20435.exe
PID 2636 wrote to memory of 2520	2636	Unicorn-21287.exe	Unicorn-20435.exe
PID 2636 wrote to memory of 2520	2636	Unicorn-21287.exe	Unicorn-20435.exe
PID 1728 wrote to memory of 2472	1728	Unicorn-31682.exe	WerFault.exe
PID 1728 wrote to memory of 2472	1728	Unicorn-31682.exe	WerFault.exe
PID 1728 wrote to memory of 2472	1728	Unicorn-31682.exe	WerFault.exe
PID 1728 wrote to memory of 2472	1728	Unicorn-31682.exe	WerFault.exe
PID 876 wrote to memory of 288	876	Unicorn-761.exe	Unicorn-11431.exe
PID 876 wrote to memory of 288	876	Unicorn-761.exe	Unicorn-11431.exe
PID 876 wrote to memory of 288	876	Unicorn-761.exe	Unicorn-11431.exe
PID 876 wrote to memory of 288	876	Unicorn-761.exe	Unicorn-11431.exe
PID 2544 wrote to memory of 2816	2544	Unicorn-2645.exe	Unicorn-62085.exe
PID 2544 wrote to memory of 2816	2544	Unicorn-2645.exe	Unicorn-62085.exe
PID 2544 wrote to memory of 2816	2544	Unicorn-2645.exe	Unicorn-62085.exe
PID 2544 wrote to memory of 2816	2544	Unicorn-2645.exe	Unicorn-62085.exe
PID 2616 wrote to memory of 2424	2616	Unicorn-56612.exe	Unicorn-9355.exe
PID 2616 wrote to memory of 2424	2616	Unicorn-56612.exe	Unicorn-9355.exe
PID 2616 wrote to memory of 2424	2616	Unicorn-56612.exe	Unicorn-9355.exe
PID 2616 wrote to memory of 2424	2616	Unicorn-56612.exe	Unicorn-9355.exe
PID 2520 wrote to memory of 1244	2520	Unicorn-20435.exe	Unicorn-29221.exe
PID 2520 wrote to memory of 1244	2520	Unicorn-20435.exe	Unicorn-29221.exe
PID 2520 wrote to memory of 1244	2520	Unicorn-20435.exe	Unicorn-29221.exe
PID 2520 wrote to memory of 1244	2520	Unicorn-20435.exe	Unicorn-29221.exe
PID 2636 wrote to memory of 1612	2636	Unicorn-21287.exe	Unicorn-6859.exe
PID 2636 wrote to memory of 1612	2636	Unicorn-21287.exe	Unicorn-6859.exe
PID 2636 wrote to memory of 1612	2636	Unicorn-21287.exe	Unicorn-6859.exe
PID 2636 wrote to memory of 1612	2636	Unicorn-21287.exe	Unicorn-6859.exe
PID 2616 wrote to memory of 2436	2616	Unicorn-56612.exe	WerFault.exe
PID 2616 wrote to memory of 2436	2616	Unicorn-56612.exe	WerFault.exe
PID 2616 wrote to memory of 2436	2616	Unicorn-56612.exe	WerFault.exe
PID 2616 wrote to memory of 2436	2616	Unicorn-56612.exe	WerFault.exe
PID 2636 wrote to memory of 576	2636	Unicorn-21287.exe	WerFault.exe
PID 2636 wrote to memory of 576	2636	Unicorn-21287.exe	WerFault.exe
PID 2636 wrote to memory of 576	2636	Unicorn-21287.exe	WerFault.exe
PID 2636 wrote to memory of 576	2636	Unicorn-21287.exe	WerFault.exe
PID 2816 wrote to memory of 524	2816	Unicorn-62085.exe	Unicorn-17914.exe
PID 2816 wrote to memory of 524	2816	Unicorn-62085.exe	Unicorn-17914.exe
PID 2816 wrote to memory of 524	2816	Unicorn-62085.exe	Unicorn-17914.exe
PID 2816 wrote to memory of 524	2816	Unicorn-62085.exe	Unicorn-17914.exe

C:\Users\Admin\AppData\Local\Temp\a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe
"C:\Users\Admin\AppData\Local\Temp\a44974e49fe49c1977d6e9f91fe91f241fdbb56bd91e32a393eefda02caf51ee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:524

C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
10⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
11⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
12⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
13⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
14⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
15⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
15⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
14⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
13⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
12⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
11⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
10⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
11⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
12⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
13⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
14⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
14⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
13⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
12⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
11⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 220
10⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
9⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
11⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
12⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
13⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
14⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
14⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 236
13⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
12⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
11⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
10⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
9⤵
- Program crash
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
9⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
10⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
11⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
12⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
13⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
14⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
14⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
13⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
11⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
12⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
13⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 220
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
12⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
11⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
9⤵
- Program crash
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
8⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:440

C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
9⤵
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
12⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
13⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
14⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
14⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
13⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
11⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
10⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
11⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
12⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
13⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
13⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 240
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
8⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
11⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
12⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
13⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 236
13⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
9⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
8⤵
- Program crash
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 240
7⤵
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
9⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
11⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
12⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
13⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
14⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
14⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
13⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
12⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
11⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
10⤵
- Program crash
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
10⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
11⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
12⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
13⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
11⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
10⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
9⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
8⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
11⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
12⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
13⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 236
12⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
8⤵
- Program crash
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
11⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
12⤵
PID:9356

C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
13⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 216
13⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
12⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
11⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
9⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
8⤵
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 220
9⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 220
8⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
7⤵
- Program crash
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
6⤵
- Program crash
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
8⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
9⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
10⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
12⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
13⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
14⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
14⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 236
13⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
11⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
11⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
12⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 200
13⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
8⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
11⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
12⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
13⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
10⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
9⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
8⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
7⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
8⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
11⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
12⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
13⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
8⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
7⤵
- Program crash
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
11⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-46291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46291.exe
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
12⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
7⤵
- Program crash
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
6⤵
- Program crash
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
8⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
11⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
12⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
13⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 236
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
10⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
11⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 188
12⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
11⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
10⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
7⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
11⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
11⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
10⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
8⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-16477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16477.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
7⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
10⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
11⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 236
11⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
8⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
8⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
9⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
10⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 236
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
10⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
9⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
8⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
7⤵
- Program crash
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
6⤵
- Program crash
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
5⤵
- Program crash
PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
9⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
11⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
12⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
13⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
14⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
14⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
13⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
11⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
11⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
12⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
13⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 236
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 220
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
8⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
12⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
13⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
11⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
8⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
12⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
13⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
13⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
10⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
11⤵
PID:9468

C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
12⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
8⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
7⤵
- Program crash
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
8⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
12⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
12⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 236
11⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 216
9⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
8⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
7⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
10⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
11⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
12⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
8⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
6⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
12⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
13⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
9⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
10⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
11⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
12⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
12⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
11⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
7⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
10⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
11⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
12⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
11⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 236
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
8⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
7⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
10⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-41987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41987.exe
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
11⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
8⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
7⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
8⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
9⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
10⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
11⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
10⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
9⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
8⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
7⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
- Program crash
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
5⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
8⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
10⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
11⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
12⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
13⤵
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 236
13⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 236
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 236
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 216
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
10⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
11⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
12⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
12⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
11⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
10⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
8⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
7⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
11⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
12⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
8⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
6⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
7⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
10⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
10⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
8⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
7⤵
- Program crash
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
6⤵
- Program crash
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
6⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
7⤵
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
10⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
11⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
12⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
11⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 236
8⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
8⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
9⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
10⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
11⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
11⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
10⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
9⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
8⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 220
7⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
6⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
8⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
9⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
10⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
11⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
10⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
9⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
8⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
7⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
6⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
5⤵
- Program crash
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
8⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
12⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
10⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
11⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
12⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 216
12⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
11⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
7⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
11⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
12⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 236
12⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 236
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
10⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
7⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
9⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 200
10⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
7⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
9⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
10⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
11⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
10⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 236
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
8⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
7⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
6⤵
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
5⤵
- Program crash
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
10⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
11⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
8⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
7⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
6⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
7⤵
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 220
8⤵
- Program crash
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
7⤵
- Program crash
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
6⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
7⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
8⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 200
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
8⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
7⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
6⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
7⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
8⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
9⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
10⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
10⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
9⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
8⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
7⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 220
6⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
5⤵
- Program crash
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
8⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
11⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
12⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
13⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 216
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
9⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
10⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
11⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
12⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
11⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 236
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
8⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
7⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
11⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
12⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
11⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 220
7⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
6⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
7⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
9⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
10⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
11⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 236
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
10⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
8⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
7⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
6⤵
- Program crash
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
7⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
9⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
10⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
11⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
10⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
9⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
8⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
7⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
6⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-7343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7343.exe
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
9⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
10⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
11⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
10⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 236
9⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
8⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
7⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
6⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
5⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
6⤵
- Executes dropped EXE
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
7⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
10⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
12⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
11⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
7⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
8⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
9⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
10⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
10⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
9⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
8⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
7⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
6⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
7⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
8⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
9⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
10⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 236
10⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
9⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
8⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
7⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
6⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
5⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
6⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
7⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
8⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
9⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-36278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36278.exe
10⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
10⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
9⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
8⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
7⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
6⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
5⤵
- Program crash
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
4⤵
- Program crash
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
2⤵
- Program crash
PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe

Filesize
184KB

MD5
0209a757c85fb13adeeff59ff083de26

SHA1
2e7d499a7ecb5708cf2a43c4a2d84ae8b643f157

SHA256
e9f5b4771ca1ea15f9aa1126fa0a645fb404884903993fc66a185303ebef7849

SHA512
a95be657cc4532f99fa8f0aa2ee98018e3592e632c83148efd201260530096fed065e5d880cbd204a46875e86970dac92506eaa66294cdb9a0124bac00022d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe

Filesize
184KB

MD5
cb3584aa4153839ec7dd582d4aa3056c

SHA1
d44d13b12fff68e34748590e843c01274c2b61e8

SHA256
d404d6abb754fcbd3d884c4ee2caaf196eff3811fca41e2bd4493ce80d9a0e70

SHA512
92eca8621dc349239472fdeb8f4668666901fa12c55f43c2762c8424c401cd294ab3bc8c4dd75bd3d431b7635abe6520d6c1f53a9892a65e2e5bae01cdff6fd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe

Filesize
184KB

MD5
fd087421b58f395d627aa13dd152158a

SHA1
89f334a2315b56f24f54fa8a61441ea1f992ce0d

SHA256
40a6b71b04e2da858b7502d8f58be50a7a90340271c3a799b39d8eee00e75ce3

SHA512
da9d4cc2de9ab651f1f1d1cae3fe8c8ffa8cee4ffde8c03ef793c87cc6f685e9c4dcad7a2a71f903fa4a62f1df8bd0cfeb358798f21fbc607436133881f9ebcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe

Filesize
184KB

MD5
fca32752b28d8f27ab7627cb0dc8f2e8

SHA1
06be0ce62950043268b35030c9cf18ef4dfc395a

SHA256
d7e7c197608ad741b2cf8ec4ecfc706cd69c69bb5bb5fcd8587bb263643fdb21

SHA512
4fa5575918f1130219d0bf9f4a094b848d26b6a60ceec1eebe146bc4b6b2156c61dbe1162a4489679c3a2ef6968df9c0b381f37a6dc36e68bb189eeb239fed2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe

Filesize
184KB

MD5
0e87d774a75021b69525ce3c998d6d81

SHA1
f7fe8d0d729b9981285eb029f70fa13f6799a760

SHA256
d78ca21a661a2e216edb7a79cab2b5b3a92afd416feaf80d0babedf2745eb408

SHA512
69ea76b80a9b17c0e6a1b67878380455b9e1a82059ea3ce96da98c58f02cd4902587be701d7a8174d245183b1818637fbd5d205b569407bc6640efe52946b9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe

Filesize
184KB

MD5
9e357261be10e2ea16901537e6a40a7b

SHA1
3bc916a812267a076013020897b9341fc5bd2fab

SHA256
6752c4e8722c5e8bffe77a6b1df5e729b038fb6e8d7db48cbf810044e70823d0

SHA512
60dbf2aefd0c1660fb813cf93989ef65135411fb16e6c57d594bc63adf96cb078ef7bda0ca5dac8eac4bc5e1dcd906e92bfd3ba61a9d2589875f9f82cbde05c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe

Filesize
184KB

MD5
4d2cd7a7254b07d8d91f5e548da54820

SHA1
7caefc6bb9725bd93e8e30d12e0a338fa45c1151

SHA256
35a4c51cc1164a42e171151adc30bd04df89989805038a916f42086043f17663

SHA512
a40cbaee02641206f21c42119f05168f1d99aeecc0681df84d9376153cb90be3e250ffb6054f1e400a0a694218fee059d95e775792c2e56953733daa64cbf3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe

Filesize
184KB

MD5
6bad2eed63578a3c98410ca56bcbb989

SHA1
efcb64ded419452b38dad351d43ba43582b2157d

SHA256
5fb5372259721c0c81962038939909d5d3497ade599ce00c078b63dbf303c1e9

SHA512
21fa89ed441cbb5f58637a33cb053d3eefe9a4b314895e4e5b8da1de8f47088650b2e3c312b6aa3d910eb95565edd08747fdddedbecb295f885e9701f2ecbf48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe

Filesize
184KB

MD5
752c02c8f10f68727f95af21c72eb229

SHA1
b1486a8fe4a895d915169946215e4f2a2c010148

SHA256
7a709352264cf6cc65bc705d3d659a5e929c01d6c25776afa955e5e059cb3fa6

SHA512
d55f291a0edfbc95055621f402118f2be1cc68212481b6ac67ced5e785ba7b479d7e7005fe7c672b8ae6ae96fc23b8064c554ff694cbfca652fe04f019d38e1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe

Filesize
184KB

MD5
73a44605328c25110ba8a85de2bec538

SHA1
26d19ee275f75bcc396df4b1fc2a4b2176886225

SHA256
8a4b3b3a240e6ff0c6efb6be30eed2ae593599354bedcec885ad7e5cb0424cd0

SHA512
adf05153ce33c7a1dff006548720d3d49e5c7785efc35f5746aa343a6e4b5007d3ba01a82f81383a7e03d45826d9e3f83c2310260da87c11d1eb9bfeba172084

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe

Filesize
184KB

MD5
ed30dfcea3a13cf31d492255499aaa76

SHA1
dd861b63cc46252070f6714a864e102fde78976f

SHA256
6952c9e0d9daac417279d83b0ab33194f1ff71006b7a68ff9a9209c810d9e697

SHA512
56df57dc2606c177d50c0eafd257ed9359a9d7a62c9b9b8fdd8db7cc5d3fc0addb48d347b285e113bca782d760157c0e8b4f290b319e3b7b4773ec7e2f6c95aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe

Filesize
184KB

MD5
d1ad0655c44a8d68c6f195a91e8c9b43

SHA1
a5b0f1f19194d6506e0319d18161ceb1e94a61ff

SHA256
01bf10d3b46f188f5f6cc5a11042453c1d8772e287b1f3c9890cbc473fb45834

SHA512
c4aaa100314f34035a433867741bf222172fd4f9068ea41ac55bf08928d3d83e950eaad7ffbd8f3379acd335bd5e5c64680e137eb0f88a6d7cbe7c68ecdbb070

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe

Filesize
184KB

MD5
d8631f4854efd5e97e132e009a962fc4

SHA1
53a0935ccfec78e600a9be21d4be95a6a5363798

SHA256
5064f5bc3da2e56c5bb7f8c43b37213dddb7647816b581cb5118a45aea8b26aa

SHA512
ca5d4b327a51ba688d71c5fda607e13785f88e2c4187a35d47ac436ff037373ed64274150e81cd14209db1a6eb1d5c86f8057baef945b07f5d7588cd3aef049a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe

Filesize
184KB

MD5
fe21dc886faf006172bb948e6521752e

SHA1
e40704adf02d57abfc583df1730c02b45e395463

SHA256
2b22fada8cef6af5944d55b9aec345d8a6d06e80ec4a934fb2947280b7bb5602

SHA512
03ffd308eddef3dd9ddf297fa1284c7b6cbef18839df676f0652e15911dfeafacf997b6a3d543dc4afd0cd69447d30b1ed85ee34812e3fbf7fd1d4081f5516a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe

Filesize
184KB

MD5
ce12bc3afc82d3406db3c9f2b038af56

SHA1
16196e1702fe51df4b7e2c1862bc67c874791a2a

SHA256
fd60ea436add485d8041898bdf245c299d9829ab104cae46695d8685b5be767e

SHA512
8bf1a72f6214ce825191059b64af8013f458fac7c7d7778a391f96f45a1af58c5873129aa22c48a86bdbd5206054c2283e04bbdfeccbb4459dab9ac5f8f865b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe

Filesize
184KB

MD5
440d7de6c2ceff3daa3a68d72b1bd7ff

SHA1
8e4a3f5e2315dff88bf4d5764fc8c045741184b4

SHA256
5bdcef3f92202ce54cdfc074b4858095bbd0f891a331b48b0d10c8f5782c663e

SHA512
656e5471b8869eaadb3df0d2f7edb6d693084e029e5d8d1fd3909f4fcdfd721df54bdc882db7249ebec5c70be907c77d4306a382f17eccb27c134e22e6f53297

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe

Filesize
184KB

MD5
71ac3c047fe049b32881c0c6e4f1c2ff

SHA1
57fdd428f6a9594a3210f68177290f086dc2d634

SHA256
4eabab896182de1a3033ba979612e48504b2a4b5e9d5e9323a676c3262a6a00f

SHA512
a32ee97f02ec1e9973b189ab2eff75da820ed14dd374cc2ab1918cb1cee200ad4c03cc55abb16073280a222a3b5b21be526f81e8b7c9c4d22a6d8475b38e1904

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe

Filesize
184KB

MD5
27a23f1a66d0337f73178dda45effd25

SHA1
dbc242629766498dd699861e44d12c475375bedb

SHA256
ed2e8ca63754739dfd8eb00fa004d5f2fdd9b55fd1bcb2ca6e51f0e08cee4361

SHA512
baade9dfcb634f5d836ff36f5b68598c4079def99a3e155415760ebd3dad6c07a914c3d56bff3abe2915bcc3b0221dfb8961887f1c8371b2f4652365806d716f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-761.exe

Filesize
184KB

MD5
08a449bf14f6bf72449775b74f06c9f0

SHA1
9d99768c23e044b5b7fdd837e19ecc9642f8c2c1

SHA256
f91f40f961478ada263ee65b003a6133a66b9b9c86eddd4ff21469fe53adb4a5

SHA512
56caaddcb1e9bb05cd7b38438459b2610518276f5e07e3f12c825b1d4d3cd2e567d9c6b5076907f94106176face8ae7a3121801063eca7461c65ad88718abde8

Download Submit