b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
Size

184KB
MD5

0dc8875d002ae339f3fef33248cc0631
SHA1

4528f742d79f16b648f4a15f17e16f45b8acc987
SHA256

b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18
SHA512

9c6a8e0c729416e7c6d70503d1643d1353547b4d07ce16bf1ceaaebed682f879ccead2d1895679b111bec05c7aa896d22b00c5e93d980f34e1646203d6b96fcb
SSDEEP

3072:hj5QCNolapa2dpjYejjLpyNoIh4Aw4J6uHsNq5EbUWvUlnVOFd:hj1o7CpjTLENoIEQUHUlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-58144.exeUnicorn-15591.exeUnicorn-61263.exeUnicorn-13155.exeUnicorn-59341.exeUnicorn-39475.exeUnicorn-51791.exeUnicorn-38662.exeUnicorn-18796.exeUnicorn-64982.exeUnicorn-19311.exeUnicorn-60616.exeUnicorn-40750.exeUnicorn-10922.exeUnicorn-41518.exeUnicorn-28712.exeUnicorn-44171.exeUnicorn-24305.exeUnicorn-9552.exeUnicorn-20586.exeUnicorn-53642.exeUnicorn-57809.exeUnicorn-45386.exeUnicorn-40979.exeUnicorn-12905.exeUnicorn-8499.exeUnicorn-28365.exeUnicorn-13097.exeUnicorn-60907.exeUnicorn-15235.exeUnicorn-58349.exeUnicorn-23216.exeUnicorn-60591.exeUnicorn-25458.exeUnicorn-49299.exeUnicorn-3627.exeUnicorn-36876.exeUnicorn-20047.exeUnicorn-17778.exeUnicorn-50607.exeUnicorn-17804.exeUnicorn-18511.exeUnicorn-5381.exeUnicorn-5381.exeUnicorn-8645.exeUnicorn-8645.exeUnicorn-54317.exeUnicorn-2293.exeUnicorn-22159.exeUnicorn-21836.exeUnicorn-41702.exeUnicorn-2485.exeUnicorn-61326.exeUnicorn-56920.exeUnicorn-12016.exeUnicorn-26542.exeUnicorn-22327.exeUnicorn-59790.exeUnicorn-9712.exeUnicorn-40116.exeUnicorn-12042.exeUnicorn-27502.exeUnicorn-23095.exeUnicorn-60558.exe

pid	process
1708	Unicorn-58144.exe
3000	Unicorn-15591.exe
2740	Unicorn-61263.exe
2560	Unicorn-13155.exe
2696	Unicorn-59341.exe
2676	Unicorn-39475.exe
2948	Unicorn-51791.exe
2612	Unicorn-38662.exe
2792	Unicorn-18796.exe
2672	Unicorn-64982.exe
1704	Unicorn-19311.exe
1312	Unicorn-60616.exe
1132	Unicorn-40750.exe
2300	Unicorn-10922.exe
1740	Unicorn-41518.exe
2880	Unicorn-28712.exe
1992	Unicorn-44171.exe
2328	Unicorn-24305.exe
308	Unicorn-9552.exe
1240	Unicorn-20586.exe
2184	Unicorn-53642.exe
1556	Unicorn-57809.exe
1700	Unicorn-45386.exe
760	Unicorn-40979.exe
576	Unicorn-12905.exe
2032	Unicorn-8499.exe
2920	Unicorn-28365.exe
2248	Unicorn-13097.exe
1832	Unicorn-60907.exe
876	Unicorn-15235.exe
2308	Unicorn-58349.exe
3052	Unicorn-23216.exe
2540	Unicorn-60591.exe
2552	Unicorn-25458.exe
2496	Unicorn-49299.exe
2236	Unicorn-3627.exe
2556	Unicorn-36876.exe
2776	Unicorn-20047.exe
1884	Unicorn-17778.exe
2836	Unicorn-50607.exe
1888	Unicorn-17804.exe
2176	Unicorn-18511.exe
2480	Unicorn-5381.exe
2500	Unicorn-5381.exe
804	Unicorn-8645.exe
628	Unicorn-8645.exe
2528	Unicorn-54317.exe
892	Unicorn-2293.exe
2064	Unicorn-22159.exe
1204	Unicorn-21836.exe
2096	Unicorn-41702.exe
2028	Unicorn-2485.exe
2272	Unicorn-61326.exe
832	Unicorn-56920.exe
912	Unicorn-12016.exe
836	Unicorn-26542.exe
1968	Unicorn-22327.exe
1952	Unicorn-59790.exe
1716	Unicorn-9712.exe
2136	Unicorn-40116.exe
2280	Unicorn-12042.exe
2640	Unicorn-27502.exe
2648	Unicorn-23095.exe
2444	Unicorn-60558.exe

Loads dropped DLL 64 IoCs

Processes:

b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exeUnicorn-58144.exeUnicorn-15591.exeUnicorn-61263.exeWerFault.exeUnicorn-13155.exeUnicorn-59341.exeUnicorn-39475.exeWerFault.exeWerFault.exeUnicorn-51791.exeUnicorn-38662.exeUnicorn-19311.exeUnicorn-18796.exeUnicorn-64982.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
1708	Unicorn-58144.exe
1708	Unicorn-58144.exe
3000	Unicorn-15591.exe
3000	Unicorn-15591.exe
2740	Unicorn-61263.exe
2740	Unicorn-61263.exe
1708	Unicorn-58144.exe
1708	Unicorn-58144.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2560	Unicorn-13155.exe
2560	Unicorn-13155.exe
3000	Unicorn-15591.exe
2696	Unicorn-59341.exe
2696	Unicorn-59341.exe
3000	Unicorn-15591.exe
2740	Unicorn-61263.exe
2740	Unicorn-61263.exe
2676	Unicorn-39475.exe
2676	Unicorn-39475.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
1520	WerFault.exe
2616	WerFault.exe
2948	Unicorn-51791.exe
2948	Unicorn-51791.exe
2560	Unicorn-13155.exe
2560	Unicorn-13155.exe
2612	Unicorn-38662.exe
2612	Unicorn-38662.exe
2696	Unicorn-59341.exe
2696	Unicorn-59341.exe
1704	Unicorn-19311.exe
1704	Unicorn-19311.exe
2792	Unicorn-18796.exe
2676	Unicorn-39475.exe
2676	Unicorn-39475.exe
2792	Unicorn-18796.exe
2672	Unicorn-64982.exe
2672	Unicorn-64982.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
412	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2644	2348	WerFault.exe	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
2512	1708	WerFault.exe	Unicorn-58144.exe
1520	3000	WerFault.exe	Unicorn-15591.exe
2616	2740	WerFault.exe	Unicorn-61263.exe
1904	2560	WerFault.exe	Unicorn-13155.exe
1760	2696	WerFault.exe	Unicorn-59341.exe
412	2676	WerFault.exe	Unicorn-39475.exe
1944	2948	WerFault.exe	Unicorn-51791.exe
2576	2612	WerFault.exe	Unicorn-38662.exe
1660	1704	WerFault.exe	Unicorn-19311.exe
2584	2792	WerFault.exe	Unicorn-18796.exe
1264	2672	WerFault.exe	Unicorn-64982.exe
616	1132	WerFault.exe	Unicorn-40750.exe
1488	1312	WerFault.exe	Unicorn-60616.exe
1672	2300	WerFault.exe	Unicorn-10922.exe
1620	2880	WerFault.exe	Unicorn-28712.exe
764	2328	WerFault.exe	Unicorn-24305.exe
808	1740	WerFault.exe	Unicorn-41518.exe
840	308	WerFault.exe	Unicorn-9552.exe
1668	1240	WerFault.exe	Unicorn-20586.exe
2652	2184	WerFault.exe	Unicorn-53642.exe
2592	1556	WerFault.exe	Unicorn-57809.exe
2812	1700	WerFault.exe	Unicorn-45386.exe
2680	576	WerFault.exe	Unicorn-12905.exe
2824	760	WerFault.exe	Unicorn-40979.exe
1752	2920	WerFault.exe	Unicorn-28365.exe
2744	2032	WerFault.exe	Unicorn-8499.exe
1748	1832	WerFault.exe	Unicorn-60907.exe
2092	2308	WerFault.exe	Unicorn-58349.exe
1616	876	WerFault.exe	Unicorn-15235.exe
2116	3052	WerFault.exe	Unicorn-23216.exe
2080	2248	WerFault.exe	Unicorn-13097.exe
2376	324	WerFault.exe	Unicorn-65384.exe
3476	2540	WerFault.exe	Unicorn-60591.exe
3504	2552	WerFault.exe	Unicorn-25458.exe
3512	2236	WerFault.exe	Unicorn-3627.exe
3624	2556	WerFault.exe	Unicorn-36876.exe
3732	2836	WerFault.exe	Unicorn-50607.exe
3772	1888	WerFault.exe	Unicorn-17804.exe
3804	2176	WerFault.exe	Unicorn-18511.exe
3824	2500	WerFault.exe	Unicorn-5381.exe
3860	1204	WerFault.exe	Unicorn-21836.exe
3852	2064	WerFault.exe	Unicorn-22159.exe
3868	2028	WerFault.exe	Unicorn-2485.exe
3964	628	WerFault.exe	Unicorn-8645.exe
4088	2776	WerFault.exe	Unicorn-20047.exe
3104	1884	WerFault.exe	Unicorn-17778.exe
3220	892	WerFault.exe	Unicorn-2293.exe
1004	2496	WerFault.exe	Unicorn-49299.exe
3264	804	WerFault.exe	Unicorn-8645.exe
3276	2528	WerFault.exe	Unicorn-54317.exe
3324	2096	WerFault.exe	Unicorn-41702.exe
3656	2272	WerFault.exe	Unicorn-61326.exe
3836	832	WerFault.exe	Unicorn-56920.exe
3756	836	WerFault.exe	Unicorn-26542.exe
4036	2364	WerFault.exe	Unicorn-40884.exe
3176	2640	WerFault.exe	Unicorn-27502.exe
3284	912	WerFault.exe	Unicorn-12016.exe
3348	1960	WerFault.exe	Unicorn-31342.exe
3380	3036	WerFault.exe	Unicorn-29073.exe
3632	1164	WerFault.exe	Unicorn-11284.exe
3720	2280	WerFault.exe	Unicorn-12042.exe
3880	2320	WerFault.exe	Unicorn-64424.exe
3248	1716	WerFault.exe	Unicorn-9712.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exeUnicorn-58144.exeUnicorn-61263.exeUnicorn-15591.exeUnicorn-13155.exeUnicorn-59341.exeUnicorn-39475.exeUnicorn-51791.exeUnicorn-38662.exeUnicorn-18796.exeUnicorn-64982.exeUnicorn-19311.exeUnicorn-60616.exeUnicorn-40750.exeUnicorn-10922.exeUnicorn-44171.exeUnicorn-41518.exeUnicorn-28712.exeUnicorn-24305.exeUnicorn-9552.exeUnicorn-20586.exeUnicorn-53642.exeUnicorn-57809.exeUnicorn-45386.exeUnicorn-40979.exeUnicorn-12905.exeUnicorn-8499.exeUnicorn-28365.exeUnicorn-60907.exeUnicorn-13097.exeUnicorn-15235.exeUnicorn-23216.exeUnicorn-58349.exeUnicorn-60591.exeUnicorn-25458.exeUnicorn-49299.exeUnicorn-3627.exeUnicorn-36876.exeUnicorn-20047.exeUnicorn-17778.exeUnicorn-50607.exeUnicorn-17804.exeUnicorn-18511.exeUnicorn-5381.exeUnicorn-8645.exeUnicorn-54317.exeUnicorn-8645.exeUnicorn-2293.exeUnicorn-22159.exeUnicorn-2485.exeUnicorn-21836.exeUnicorn-41702.exeUnicorn-61326.exeUnicorn-56920.exeUnicorn-12016.exeUnicorn-26542.exeUnicorn-22327.exeUnicorn-59790.exeUnicorn-40116.exeUnicorn-9712.exeUnicorn-12042.exeUnicorn-27502.exeUnicorn-23095.exeUnicorn-60558.exe

pid	process
2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
1708	Unicorn-58144.exe
2740	Unicorn-61263.exe
3000	Unicorn-15591.exe
2560	Unicorn-13155.exe
2696	Unicorn-59341.exe
2676	Unicorn-39475.exe
2948	Unicorn-51791.exe
2612	Unicorn-38662.exe
2792	Unicorn-18796.exe
2672	Unicorn-64982.exe
1704	Unicorn-19311.exe
1312	Unicorn-60616.exe
1132	Unicorn-40750.exe
2300	Unicorn-10922.exe
1992	Unicorn-44171.exe
1740	Unicorn-41518.exe
2880	Unicorn-28712.exe
2328	Unicorn-24305.exe
308	Unicorn-9552.exe
1240	Unicorn-20586.exe
2184	Unicorn-53642.exe
1556	Unicorn-57809.exe
1700	Unicorn-45386.exe
760	Unicorn-40979.exe
576	Unicorn-12905.exe
2032	Unicorn-8499.exe
2920	Unicorn-28365.exe
1832	Unicorn-60907.exe
2248	Unicorn-13097.exe
876	Unicorn-15235.exe
3052	Unicorn-23216.exe
2308	Unicorn-58349.exe
2540	Unicorn-60591.exe
2552	Unicorn-25458.exe
2496	Unicorn-49299.exe
2236	Unicorn-3627.exe
2556	Unicorn-36876.exe
2776	Unicorn-20047.exe
1884	Unicorn-17778.exe
2836	Unicorn-50607.exe
1888	Unicorn-17804.exe
2176	Unicorn-18511.exe
2500	Unicorn-5381.exe
628	Unicorn-8645.exe
2528	Unicorn-54317.exe
804	Unicorn-8645.exe
892	Unicorn-2293.exe
2064	Unicorn-22159.exe
2028	Unicorn-2485.exe
1204	Unicorn-21836.exe
2096	Unicorn-41702.exe
2272	Unicorn-61326.exe
832	Unicorn-56920.exe
912	Unicorn-12016.exe
836	Unicorn-26542.exe
1968	Unicorn-22327.exe
1952	Unicorn-59790.exe
2136	Unicorn-40116.exe
1716	Unicorn-9712.exe
2280	Unicorn-12042.exe
2640	Unicorn-27502.exe
2648	Unicorn-23095.exe
2444	Unicorn-60558.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exeUnicorn-58144.exeUnicorn-15591.exeUnicorn-61263.exeUnicorn-13155.exeUnicorn-59341.exeUnicorn-39475.exeUnicorn-51791.exe

description	pid	process	target process
PID 2348 wrote to memory of 1708	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-58144.exe
PID 2348 wrote to memory of 1708	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-58144.exe
PID 2348 wrote to memory of 1708	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-58144.exe
PID 2348 wrote to memory of 1708	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-58144.exe
PID 2348 wrote to memory of 2740	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-61263.exe
PID 2348 wrote to memory of 2740	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-61263.exe
PID 2348 wrote to memory of 2740	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-61263.exe
PID 2348 wrote to memory of 2740	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	Unicorn-61263.exe
PID 1708 wrote to memory of 3000	1708	Unicorn-58144.exe	Unicorn-15591.exe
PID 1708 wrote to memory of 3000	1708	Unicorn-58144.exe	Unicorn-15591.exe
PID 1708 wrote to memory of 3000	1708	Unicorn-58144.exe	Unicorn-15591.exe
PID 1708 wrote to memory of 3000	1708	Unicorn-58144.exe	Unicorn-15591.exe
PID 2348 wrote to memory of 2644	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	WerFault.exe
PID 2348 wrote to memory of 2644	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	WerFault.exe
PID 2348 wrote to memory of 2644	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	WerFault.exe
PID 2348 wrote to memory of 2644	2348	b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe	WerFault.exe
PID 3000 wrote to memory of 2560	3000	Unicorn-15591.exe	Unicorn-13155.exe
PID 3000 wrote to memory of 2560	3000	Unicorn-15591.exe	Unicorn-13155.exe
PID 3000 wrote to memory of 2560	3000	Unicorn-15591.exe	Unicorn-13155.exe
PID 3000 wrote to memory of 2560	3000	Unicorn-15591.exe	Unicorn-13155.exe
PID 2740 wrote to memory of 2696	2740	Unicorn-61263.exe	Unicorn-59341.exe
PID 2740 wrote to memory of 2696	2740	Unicorn-61263.exe	Unicorn-59341.exe
PID 2740 wrote to memory of 2696	2740	Unicorn-61263.exe	Unicorn-59341.exe
PID 2740 wrote to memory of 2696	2740	Unicorn-61263.exe	Unicorn-59341.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-58144.exe	Unicorn-39475.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-58144.exe	Unicorn-39475.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-58144.exe	Unicorn-39475.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-58144.exe	Unicorn-39475.exe
PID 1708 wrote to memory of 2512	1708	Unicorn-58144.exe	WerFault.exe
PID 1708 wrote to memory of 2512	1708	Unicorn-58144.exe	WerFault.exe
PID 1708 wrote to memory of 2512	1708	Unicorn-58144.exe	WerFault.exe
PID 1708 wrote to memory of 2512	1708	Unicorn-58144.exe	WerFault.exe
PID 2560 wrote to memory of 2948	2560	Unicorn-13155.exe	Unicorn-51791.exe
PID 2560 wrote to memory of 2948	2560	Unicorn-13155.exe	Unicorn-51791.exe
PID 2560 wrote to memory of 2948	2560	Unicorn-13155.exe	Unicorn-51791.exe
PID 2560 wrote to memory of 2948	2560	Unicorn-13155.exe	Unicorn-51791.exe
PID 2696 wrote to memory of 2612	2696	Unicorn-59341.exe	Unicorn-38662.exe
PID 2696 wrote to memory of 2612	2696	Unicorn-59341.exe	Unicorn-38662.exe
PID 2696 wrote to memory of 2612	2696	Unicorn-59341.exe	Unicorn-38662.exe
PID 2696 wrote to memory of 2612	2696	Unicorn-59341.exe	Unicorn-38662.exe
PID 3000 wrote to memory of 2792	3000	Unicorn-15591.exe	Unicorn-18796.exe
PID 3000 wrote to memory of 2792	3000	Unicorn-15591.exe	Unicorn-18796.exe
PID 3000 wrote to memory of 2792	3000	Unicorn-15591.exe	Unicorn-18796.exe
PID 3000 wrote to memory of 2792	3000	Unicorn-15591.exe	Unicorn-18796.exe
PID 2740 wrote to memory of 2672	2740	Unicorn-61263.exe	Unicorn-64982.exe
PID 2740 wrote to memory of 2672	2740	Unicorn-61263.exe	Unicorn-64982.exe
PID 2740 wrote to memory of 2672	2740	Unicorn-61263.exe	Unicorn-64982.exe
PID 2740 wrote to memory of 2672	2740	Unicorn-61263.exe	Unicorn-64982.exe
PID 2676 wrote to memory of 1704	2676	Unicorn-39475.exe	Unicorn-19311.exe
PID 2676 wrote to memory of 1704	2676	Unicorn-39475.exe	Unicorn-19311.exe
PID 2676 wrote to memory of 1704	2676	Unicorn-39475.exe	Unicorn-19311.exe
PID 2676 wrote to memory of 1704	2676	Unicorn-39475.exe	Unicorn-19311.exe
PID 3000 wrote to memory of 1520	3000	Unicorn-15591.exe	WerFault.exe
PID 3000 wrote to memory of 1520	3000	Unicorn-15591.exe	WerFault.exe
PID 3000 wrote to memory of 1520	3000	Unicorn-15591.exe	WerFault.exe
PID 3000 wrote to memory of 1520	3000	Unicorn-15591.exe	WerFault.exe
PID 2740 wrote to memory of 2616	2740	Unicorn-61263.exe	WerFault.exe
PID 2740 wrote to memory of 2616	2740	Unicorn-61263.exe	WerFault.exe
PID 2740 wrote to memory of 2616	2740	Unicorn-61263.exe	WerFault.exe
PID 2740 wrote to memory of 2616	2740	Unicorn-61263.exe	WerFault.exe
PID 2948 wrote to memory of 1312	2948	Unicorn-51791.exe	Unicorn-60616.exe
PID 2948 wrote to memory of 1312	2948	Unicorn-51791.exe	Unicorn-60616.exe
PID 2948 wrote to memory of 1312	2948	Unicorn-51791.exe	Unicorn-60616.exe
PID 2948 wrote to memory of 1312	2948	Unicorn-51791.exe	Unicorn-60616.exe

C:\Users\Admin\AppData\Local\Temp\b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe
"C:\Users\Admin\AppData\Local\Temp\b417f77ab7af5174a4c0eded50902d4791009ba9ef9fb0dd043e45096eaf7e18.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
10⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
11⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
12⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
13⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
14⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
15⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
15⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
14⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
13⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
12⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
11⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
12⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
13⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
14⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
14⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
13⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
11⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
11⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
12⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
13⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
14⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
14⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
13⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 236
12⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
10⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
9⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
10⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
11⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
12⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
13⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
14⤵
PID:11668

C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
15⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
14⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
13⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
12⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
11⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
11⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
12⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
13⤵
PID:11516

C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
14⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11516 -s 216
14⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
12⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 220
11⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
10⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
9⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
9⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
11⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
13⤵
PID:11600

C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
14⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11600 -s 216
14⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
12⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
10⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
9⤵
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
8⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
9⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
11⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
12⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
13⤵
PID:12060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
14⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 220
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 220
12⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
11⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
9⤵
PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 200
10⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 220
9⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
10⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
11⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
12⤵
PID:12144

C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
13⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12144 -s 216
13⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
- Program crash
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-57809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57809.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
9⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
11⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
12⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
13⤵
PID:11776

C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
14⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11776 -s 216
14⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 220
12⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
11⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
10⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
9⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
10⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
11⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
12⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
13⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
13⤵
PID:14236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
12⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
11⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
10⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
11⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
12⤵
PID:11748

C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
13⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
12⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 220
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
9⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
11⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
12⤵
PID:13956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 236
12⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
10⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
9⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
8⤵
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
7⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
6⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
9⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
11⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
12⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
13⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
14⤵
PID:12180

C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
15⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12180 -s 220
15⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
14⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 236
13⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
12⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
11⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
10⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
12⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
13⤵
PID:11436

C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
14⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11436 -s 216
14⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
13⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 220
12⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
11⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
10⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
12⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
13⤵
PID:11408

C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
14⤵
PID:13940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11408 -s 216
14⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 236
12⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
11⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
9⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
8⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18155.exe
10⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
11⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
12⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
13⤵
PID:11820

C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
14⤵
PID:14156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11820 -s 220
14⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
13⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
12⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
11⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
10⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
11⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
12⤵
PID:11712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
13⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11712 -s 216
13⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
12⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
11⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
10⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
9⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
8⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
10⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
11⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
12⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
13⤵
PID:12084

C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
14⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12084 -s 204
14⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
11⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
11⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
12⤵
PID:11372

C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
13⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11372 -s 220
13⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
12⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
9⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 188
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
11⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
12⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 236
12⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
11⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
10⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 220
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
8⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
7⤵
- Program crash
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
10⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
12⤵
PID:13364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 236
12⤵
PID:13832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
9⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
8⤵
- Program crash
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
7⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
6⤵
- Program crash
PID:616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
7⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
8⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
11⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
12⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
12⤵
PID:13812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
11⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
9⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
8⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
7⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
7⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
12⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
13⤵
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11552 -s 216
13⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
10⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
8⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
11⤵
PID:12216

C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
12⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
11⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
10⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
9⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
8⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
7⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
7⤵
PID:324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 220
8⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
10⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
11⤵
PID:11996

C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
12⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 220
11⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 220
10⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
7⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
6⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
7⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
9⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
10⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11396 -s 188
12⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 220
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
10⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
9⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
8⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
7⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
9⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
10⤵
PID:11752

C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
11⤵
PID:14160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11752 -s 220
11⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
10⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
8⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
7⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
6⤵
- Program crash
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
5⤵
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
9⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
11⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
12⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
13⤵
PID:12108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
14⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
13⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
12⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 220
11⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
10⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
11⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
12⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
13⤵
PID:11328

C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
14⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11328 -s 216
14⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
12⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 236
11⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
10⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
11⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
12⤵
PID:12360

C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
13⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
12⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 220
11⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
9⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
7⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
8⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
10⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
11⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
12⤵
PID:13436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
11⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
9⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
8⤵
- Program crash
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
7⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
12⤵
PID:11304

C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
13⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11304 -s 216
13⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 236
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
9⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
8⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
7⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
10⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
11⤵
PID:11276

C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
12⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11276 -s 216
12⤵
PID:13392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 236
10⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
9⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
8⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
7⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
6⤵
- Program crash
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
6⤵
- Executes dropped EXE
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
6⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
7⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
8⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
10⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
11⤵
PID:12152

C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
12⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 220
10⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
8⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 216
7⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
5⤵
- Program crash
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
7⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
8⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
11⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 236
12⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
11⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
9⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
12⤵
PID:11892

C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
13⤵
PID:13492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
12⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 220
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 220
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
9⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
10⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
11⤵
PID:13528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
11⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
10⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
9⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
8⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
6⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
7⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
10⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
11⤵
PID:11452

C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
12⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11452 -s 204
12⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
11⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 236
10⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
7⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
8⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
9⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
10⤵
PID:12272

C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
11⤵
PID:14128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12272 -s 220
11⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
10⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 220
9⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
8⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
7⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
6⤵
- Program crash
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
6⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
10⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
11⤵
PID:11720

C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
12⤵
PID:14080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
11⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 220
10⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
8⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
7⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
6⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
7⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
8⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
10⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
9⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
8⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
7⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
6⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
5⤵
- Program crash
PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
9⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
11⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
12⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
13⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
14⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11580 -s 216
14⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
13⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
12⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
11⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 216
10⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
9⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
8⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
11⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
12⤵
PID:12112

C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
13⤵
PID:14324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12112 -s 216
13⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
11⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
8⤵
- Program crash
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
8⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
10⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
11⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
12⤵
PID:11292

C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
13⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 220
12⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 220
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
9⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
10⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
11⤵
PID:11464

C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
12⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
10⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 220
8⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
7⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
8⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
10⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
11⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
12⤵
PID:11772

C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
13⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11772 -s 216
13⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 220
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
8⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
7⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
10⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
11⤵
PID:12232

C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
12⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
11⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
8⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
7⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
6⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
8⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
9⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 188
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
10⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
11⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
12⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 236
12⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
11⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 220
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
8⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
7⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
11⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
12⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
13⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11560 -s 216
13⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 220
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 220
11⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 220
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
10⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
11⤵
PID:11624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
12⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11624 -s 216
12⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 220
9⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
8⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
6⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
7⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
10⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
11⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
11⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
10⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
9⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
8⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
7⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
6⤵
- Program crash
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
5⤵
- Program crash
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
7⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
12⤵
PID:11532

C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
13⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 220
12⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
11⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
9⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
7⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
6⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
7⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
10⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
11⤵
PID:11348

C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
12⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11348 -s 216
12⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
11⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
7⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
8⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
9⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
10⤵
PID:11960

C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
11⤵
PID:14216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11960 -s 216
11⤵
PID:13864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
10⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
9⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
8⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 220
7⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
6⤵
- Program crash
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
6⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
7⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
11⤵
PID:11376

C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
12⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11376 -s 216
12⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 216
8⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
7⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
6⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
7⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30743.exe
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
9⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
10⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11880 -s 212
11⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
10⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
9⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
8⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
7⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
6⤵
- Program crash
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
5⤵
- Program crash
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
7⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
10⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
11⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
12⤵
PID:11484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
13⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11484 -s 220
13⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 216
8⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
7⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
9⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
10⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
11⤵
PID:11988

C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
12⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11988 -s 216
12⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
11⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
10⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
9⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
8⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 220
7⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
6⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
7⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
10⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
11⤵
PID:12004

C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
12⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12004 -s 216
12⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
11⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
9⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
10⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
11⤵
PID:11780

C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
12⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11780 -s 216
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
9⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
8⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 220
7⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 220
6⤵
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
6⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
7⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
11⤵
PID:11632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
12⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11632 -s 216
12⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
10⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
9⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
8⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
7⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
6⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
7⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
8⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
9⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
10⤵
PID:12096

C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
11⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
10⤵
PID:13316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
9⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
8⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
7⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
6⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
5⤵
- Program crash
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
6⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
7⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
8⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
11⤵
PID:11700

C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
12⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11700 -s 220
12⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
11⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
9⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 216
8⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 216
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
6⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
7⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
8⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
9⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
10⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
10⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
9⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
8⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
7⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
6⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
5⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
6⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
7⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
8⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
9⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
10⤵
PID:11420

C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
11⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11420 -s 236
11⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
10⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
9⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
8⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 216
7⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
6⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
7⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
8⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
9⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
9⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
8⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
7⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
5⤵
- Program crash
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
4⤵
- Program crash
PID:1264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
2⤵
- Program crash
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe

Filesize
184KB

MD5
36c6e622d76fd5a837146744be6dfd87

SHA1
bf780f07daec57276315ee85262f24d561bdc10e

SHA256
68ec8c63e325555c9d54efe6c996a12ac7e88d33e5536706648e48c9b8fa3a0c

SHA512
4af32cd741c4a83a3a608036a556c18489cdde651845ce36d0126b27a4e2c866784c040c2ed4f4962c761fb43414153ec2e85b70713aa19256e718ae7175788f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe

Filesize
184KB

MD5
2ffacbc41b5691a33a617ffa7dad08fb

SHA1
bda8ea60fe3fb151e0a08fc3e8719794ff552ac9

SHA256
4afc8861a5f49b6043b3dee5e83e80c646fb876ca9201c7aeae74b2bcb391dd7

SHA512
5eadd74d0d144569111442093c18d89d55b125938a75f52d81a531a9bf0b9fb66d5b01b623e1fad147ffe057c1b5113e5cb21a4eac5859935a8d46ef4ba6d69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe

Filesize
184KB

MD5
cbeaba071091fb57dfc4fb82d3a2c2a3

SHA1
4d8d8d456ad743d4af64e64c54126537e3fd2509

SHA256
70115e467c688b013e8cc9017b19673da2943ffad43e16d193938baef1db89a5

SHA512
03dc3221394359188583451b0b0a7d56761e9be003697de756be27dae9fc3ae751b48b2190530e097d64da33619df46a30ad55c8ad3d68a387797a70466aaa21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe

Filesize
184KB

MD5
c0c9766e415348396e03b75a7dbb6736

SHA1
742a6a49b90d5fd1e684bc6c2cb3f814794ea617

SHA256
a3d2f9a5068e1351633737b8cd116027130c7f38d7e7051c2f67116ca1e813d9

SHA512
828198868d1e7f53db4c8521fff44a5c18c331c28caaa708cf03b53f552969c1f635fb0a04110ae02ebda145b9e10b1e55b18faa5c17c131c3ad5bcb7b64cdb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe

Filesize
184KB

MD5
3e1593f4c785a283ba0e067fedd32b5b

SHA1
f3f0bfef23b76d4ba0ca5e01239cfb1ac827f347

SHA256
af328dcbb098eef56dbd2020741772a98299b068f1aea452a2095b13c9a493dd

SHA512
b82623414b46c26b8829e4d15a140e9bbca232e43bd508024f1eb1846b36e0c64762992d68ce040c761d1c685966abdcb343ca4f3cf332b907e7216ca453ca2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe

Filesize
184KB

MD5
99239da5da68bd3961578a6f4fac1758

SHA1
b6d761193041fce391a58e053daa1cc132a43924

SHA256
0b00fab7876887109444a263272b639a569482871a8d984ce82fca0275f38ac7

SHA512
17dafd702a72fb14283856ad2c5095a78a18d03b21e1a5f32abea6e1670ca03abb95b745364cf7656025603f611840af609f0cae8e9e7ab8912a982dcc86ca58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe

Filesize
184KB

MD5
a72ecee6074959470eaf1a0e4f9c0c28

SHA1
fd09f113a99a495087cd9bbf130a118de10ebdc2

SHA256
522ab12b8811242d3436b8857e2551fd1682c684218403855964557b343e05aa

SHA512
2e747eac8fce202d7af11b3cb20b5f202001fddf891f9763d79befee9964e195d44639562266a892fe4f6ad6dc80ad9756af18f306e1a1a102fe6568c197ed7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe

Filesize
184KB

MD5
21c8363f8823a6300c0b0df864c4ff90

SHA1
e509754e78af6c19d470ce8124f89ce7feca15cd

SHA256
2b92795c744dc00898a5ec0dc4c4d67549f087df0255400234c2116086a0b2cc

SHA512
cb86ec26265a8695b767815cc58311edc1206714ab73e47029a0cae866617ba81b660a53162f7f221831d95131e4fb9b7de6ed50506ac3d829a153d845f78c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe

Filesize
184KB

MD5
18c89b67b5aa66847f52e79be214bf93

SHA1
cab733a720d96051b7d251699feccd9e398a388b

SHA256
f7e762535badb8e398ab3a3d0e40b634d71251b1a27fcf8dd9d1f2467bd6a00b

SHA512
996bf698dad012d743a90ebbf60f13f5d2ae823876af8d93e79c9ec5375df7eccea6d451d34b6e5c23a60badd158d27ae2720dcd5cebbe980bbf33e2f02cb46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe

Filesize
184KB

MD5
871283853a8178cb21ea27fe472925af

SHA1
50198db5d805f0ecaf30eda66e142bb9753de532

SHA256
a87b9b7a650179493ad2a2b5a70e319ed02c29c2b9d353d725ccb6395d5ba55b

SHA512
89e9309e792f4a9411c4cb9e10e2132ab9571d0d67cf961adf1b5d5cb03c6a1ebc527ab679b5d1c7b54e306e0e071600f0b18481be1a635b88e0b3ac0e844514

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe

Filesize
184KB

MD5
004408b9074acb423e294f13405ccc2a

SHA1
e4b0caa2e42397600e7440ed9efd9452d3f702d8

SHA256
b7565d1e79800c934038d7ddd5ff8a729123ed0edf580d2acccbd982598c905b

SHA512
ab8c77b7b85212b77c207aa45c103f8c4ea6ccb43d7a3585b9179f42c52217f4a86d63d72c51406ac5914219bcf3192b02a46510938329bb3b392d49554af764

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe

Filesize
184KB

MD5
8a29aa92f191e71bb8723ff9821c0acc

SHA1
3583c244eb182f7cbf7e4485342cddc65b2bbe4b

SHA256
4e9d3ae7d673cb3e5c3735d4160ba70024fe975f5f921a6decfebfe2fa226add

SHA512
3870eeabc70ef62c552b55db3a13d4026b2c110db22e4f107bae049191764ec0541f1afbe725ebc1ebca2ffe513a2c5af6236a30767871d6b3fbbc46289925a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe

Filesize
184KB

MD5
03e3c6a65c421150f13fa41bf746d389

SHA1
19c7859e8b5f4bac57ddd466f9866aa06ec1bf14

SHA256
f71f499d5f474ea450ce20d9a6160772f78adf34e1db08c4c6d454498a028cca

SHA512
294fead507b360a300b28274a1d28a81945eb18999907ae56ad1f14828da400f5d29993d1c2a1895c0b4515fb6236afb46f255ece3f05004ee2a75113b27d168

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe

Filesize
184KB

MD5
43157f6bae665815df9bf1c2340a1385

SHA1
9dff0fbab35c5e7952f5b6f38a9334f9ac62dcdf

SHA256
8fd5aa51f30d2448a14f53d12957e180349945339324c059d216c33240005d56

SHA512
563175c997d4f5e85460d1133ad3e7668c22e5df5571fd7602b78be7546227ff5e3791e2b1555ab0168ce17017f3a4b8c3d64b015f14f996e3cdd25263838625

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe

Filesize
184KB

MD5
ca455894bf58a1456f2ba40e5ac34170

SHA1
d2aee3112ac9faddef89f1ae49ac7e6ccd591902

SHA256
7921a0ba5913ff1f728524a264ec03d24bb4588a31359c6ca518a9bd362f3fda

SHA512
8e92b54d30a0c15914a0013432ba30e310beab508b6e2e49eec167d7d5be9b741e5d5f39d8de6e686d8e2170e28497bde7397f949d952e994527234d69b218c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe

Filesize
184KB

MD5
f8d38a3d9bf74b8d5ca6f3d31b8d8ae5

SHA1
e24ece09e2de7e49406d075bbd4b6dc61e59d699

SHA256
92bdcd7597806670cde4d442ef71163f0f7e8b72da53cb0a108ed6d22e2e7529

SHA512
f1e8aad5bbb4388c55b6ba747f9fc62e23b77d84608d9d449c2a1972ba020c4c8a0bc434fc8747d86327c475112b290ae156530aba3fca80c2c2b2d208d3ddf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe

Filesize
184KB

MD5
7760e8ea89d3f1fab2ead95f9968c84d

SHA1
a0e0e8e6465ec1cfe3e016f995d94371752bf34f

SHA256
360b540100337f26de6504bd504d72924acc962b9d8fda7ee6f6bf755c050be9

SHA512
2ed948a74c0170af5708b35390d7081ea0f3a2dfdd26812ca04d8a94035c520b134fbae245f42f501b40b9b2c9adb0d1e6c34ffa046c00b4501e0cbb8eeb54b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe

Filesize
184KB

MD5
f8958a0747a639594deb8de3b6b49482

SHA1
c8549aebfd0c6b806970cf0f7d1798046e3ec897

SHA256
1457f1a4cb6dae0fee139ed21e22e15dc128ed61a2bc367510915bb79e78bbd3

SHA512
0ba31a52a3bae19682b61f1444c42df047c331a76add776e7c0ee91a69a1f00a10e1af6231e9f8b09fb74ef8371af75d9fedfcd6e8975877553e163309ebdfea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe

Filesize
184KB

MD5
42fb2df17541b90e10fff162df10d65f

SHA1
26a070b99315cf993cb584115a258faf81489801

SHA256
22a8c45339225139d5969b87aead6860279013eb2b1cddf31200fc4031bcaecc

SHA512
27cfd96dc9f229093392ff75b8217e68438080ee78e14b2a8d56e5d0838425792ed36fae3a21c4186c9144d54783796e3041c25ca2a8ac47daf6512641634618

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe

Filesize
184KB

MD5
8ab2c7c5e455fb1f6f6734a878b19224

SHA1
f7c019416dfe4e1041e5c6043c53ace9f0764776

SHA256
c65a7c9e003c2d12db7ed7437213a6d9d27db72b380c854823d51d41f4576c2d

SHA512
980a23b7d7959afcbdba457b6de8ebf57651165041691c1beca0875184f7b7b75cdd935536ed04ef656459868552ee82adc73b2da3553e67a88f7c9ca67c32ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe

Filesize
184KB

MD5
337d75ade7e6b0a924e6860aacbf168e

SHA1
705419aea25ff3be9e988335424b8d14c74629fb

SHA256
ad55ade6d0b4bdae9aa3e9da4b92514bf1df2f437b137237b3692640c8869c55

SHA512
bcbc9ca50dadf2681306bd99c3b781b92aa614acd9e6ddddf0792526ff3bc3957fb5b6d0a127caed2d7cb76d96590e5ad5ba4695664b1cb1906884a1e0819de5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe

Filesize
184KB

MD5
5d7d16d545adbca06e66fd545e772ca1

SHA1
8a337bc51768c07d2cf88280a8dfddbd976794d6

SHA256
80c91eafa3dcc677493ad8b59713027f8d9e8a5a8bfa94d0c9d85f4b287bb7aa

SHA512
5d654416d798ab14f0ddbdac44ea0dfceb02feeb16b3c9ab85390a59bf8eac77e74b6c7e4e1ca75de5c1ad4db1467d22529fec9ef6a621dd0b1072782dafc631

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe

Filesize
184KB

MD5
8ee015d1220ec1d6793deb86c7675b71

SHA1
e696fb3ab9892dec31bfa772fa148d8c35d7a78c

SHA256
acde91cd12a5419acfac4dc180a33e8d455d36012a9061c50e5228d52121ca59

SHA512
a2e3035757dd25da69aaf20475c6780d89d8ec5472a0c6b9fc772e088507a1e8e9fbd1797eb9b967837acc7e32362a192e7cc3fc13ac2ae34fe3845d074f16ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe

Filesize
184KB

MD5
ba0d851eb2be7ba067356c9f1f8bf351

SHA1
ca02500f9caeca82912909c60336fd28095fd1ae

SHA256
6db4d39d0ccfb74a4866e63e22abff87aaaf0d1a0e8e891f0f2ed1e351f09151

SHA512
399aabc6e69f067ea8152fce1c28e45848241172984adc366a50a7eb1a6ad0bf837193eddd792f514d5b22ca9bb898a8257c19c62958e990989eafb4cfddc1a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe

Filesize
184KB

MD5
f78bafb5d8881040586825532f74a01e

SHA1
3675c4b0c79cb74e2fa12188fb85f9e3f1426084

SHA256
592a6e7b5a010593c8a93c26bde13ec344969a5cfe3afec0e8a9b5b914e9d487

SHA512
8400cfe9e3555d6590f175de9ea775c8afb68bd1d069f961e1ebdcde830ce2bc09ad3ca124c5072ff625e38b71fefbd3656db86d00e1561684349a3d1c4e0ffd

Download Submit