b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
Size

184KB
MD5

47c9116d232f5f82362d24b20b2e118d
SHA1

f326f71dd25b72a927670b96f766e929b9939ca2
SHA256

b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f
SHA512

c22a6fdb8c291fcbad6087850e9a9d5a2cbb69122cb8c596f07da22db45ed75d4593ee44688f8c2f4bb39dda9d8b5a03ce1e25b8dcef156b5606c487ead77911
SSDEEP

3072:hBCyBgolOUaWdRjYeqq5/X2ICYnyuBKHMbzO5qzbjAhlnVOFM3:hBaoiiRjdVX2IUsDkhlnVOFM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-27574.exeUnicorn-14582.exeUnicorn-14260.exeUnicorn-63005.exeUnicorn-54515.exeUnicorn-30525.exeUnicorn-34843.exeUnicorn-2362.exeUnicorn-32766.exeUnicorn-2554.exeUnicorn-32958.exeUnicorn-63953.exeUnicorn-11415.exeUnicorn-29169.exeUnicorn-59573.exeUnicorn-46766.exeUnicorn-27415.exeUnicorn-27415.exeUnicorn-27092.exeUnicorn-45718.exeUnicorn-50316.exeUnicorn-18412.exeUnicorn-40285.exeUnicorn-22578.exeUnicorn-44452.exeUnicorn-64317.exeUnicorn-10155.exeUnicorn-43212.exeUnicorn-23346.exeUnicorn-23538.exeUnicorn-43355.exeUnicorn-60952.exeUnicorn-56546.exeUnicorn-57122.exeUnicorn-11450.exeUnicorn-35483.exeUnicorn-35160.exeUnicorn-15809.exeUnicorn-35675.exeUnicorn-3194.exeUnicorn-53298.exeUnicorn-48892.exeUnicorn-34139.exeUnicorn-36277.exeUnicorn-1144.exeUnicorn-21010.exeUnicorn-32083.exeUnicorn-51949.exeUnicorn-45556.exeUnicorn-26458.exeUnicorn-32951.exeUnicorn-52494.exeUnicorn-46334.exeUnicorn-662.exeUnicorn-30647.exeUnicorn-30647.exeUnicorn-30516.exeUnicorn-30516.exeUnicorn-17710.exeUnicorn-63895.exeUnicorn-63895.exeUnicorn-46360.exeUnicorn-44222.exeUnicorn-688.exe

pid	process
2464	Unicorn-27574.exe
3008	Unicorn-14582.exe
2588	Unicorn-14260.exe
2624	Unicorn-63005.exe
2520	Unicorn-54515.exe
2404	Unicorn-30525.exe
1376	Unicorn-34843.exe
2484	Unicorn-2362.exe
776	Unicorn-32766.exe
1556	Unicorn-2554.exe
812	Unicorn-32958.exe
2012	Unicorn-63953.exe
2852	Unicorn-11415.exe
2236	Unicorn-29169.exe
1564	Unicorn-59573.exe
592	Unicorn-46766.exe
788	Unicorn-27415.exe
380	Unicorn-27415.exe
1424	Unicorn-27092.exe
704	Unicorn-45718.exe
1228	Unicorn-50316.exe
548	Unicorn-18412.exe
1692	Unicorn-40285.exe
2920	Unicorn-22578.exe
240	Unicorn-44452.exe
1168	Unicorn-64317.exe
568	Unicorn-10155.exe
2124	Unicorn-43212.exe
2908	Unicorn-23346.exe
896	Unicorn-23538.exe
1988	Unicorn-43355.exe
3016	Unicorn-60952.exe
2536	Unicorn-56546.exe
2576	Unicorn-57122.exe
1992	Unicorn-11450.exe
2408	Unicorn-35483.exe
2840	Unicorn-35160.exe
1524	Unicorn-15809.exe
2628	Unicorn-35675.exe
1644	Unicorn-3194.exe
1044	Unicorn-53298.exe
1604	Unicorn-48892.exe
2160	Unicorn-34139.exe
348	Unicorn-36277.exe
1372	Unicorn-1144.exe
2028	Unicorn-21010.exe
1936	Unicorn-32083.exe
2716	Unicorn-51949.exe
3024	Unicorn-45556.exe
888	Unicorn-26458.exe
832	Unicorn-32951.exe
3056	Unicorn-52494.exe
1620	Unicorn-46334.exe
2912	Unicorn-662.exe
1932	Unicorn-30647.exe
3040	Unicorn-30647.exe
2828	Unicorn-30516.exe
1980	Unicorn-30516.exe
1452	Unicorn-17710.exe
1808	Unicorn-63895.exe
1516	Unicorn-63895.exe
2116	Unicorn-46360.exe
2192	Unicorn-44222.exe
2612	Unicorn-688.exe

Loads dropped DLL 64 IoCs

Processes:

b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exeUnicorn-27574.exeUnicorn-14582.exeUnicorn-14260.exeWerFault.exeUnicorn-54515.exeUnicorn-63005.exeUnicorn-30525.exeWerFault.exeWerFault.exeUnicorn-34843.exeUnicorn-2362.exeUnicorn-32958.exeUnicorn-2554.exeUnicorn-32766.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
2464	Unicorn-27574.exe
2464	Unicorn-27574.exe
2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
3008	Unicorn-14582.exe
3008	Unicorn-14582.exe
2464	Unicorn-27574.exe
2464	Unicorn-27574.exe
2588	Unicorn-14260.exe
2588	Unicorn-14260.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2520	Unicorn-54515.exe
2520	Unicorn-54515.exe
2624	Unicorn-63005.exe
2624	Unicorn-63005.exe
3008	Unicorn-14582.exe
3008	Unicorn-14582.exe
2404	Unicorn-30525.exe
2404	Unicorn-30525.exe
2588	Unicorn-14260.exe
2588	Unicorn-14260.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1376	Unicorn-34843.exe
1376	Unicorn-34843.exe
2520	Unicorn-54515.exe
2520	Unicorn-54515.exe
2484	Unicorn-2362.exe
2484	Unicorn-2362.exe
2624	Unicorn-63005.exe
2624	Unicorn-63005.exe
812	Unicorn-32958.exe
812	Unicorn-32958.exe
1556	Unicorn-2554.exe
776	Unicorn-32766.exe
1556	Unicorn-2554.exe
776	Unicorn-32766.exe
2404	Unicorn-30525.exe
2404	Unicorn-30525.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2052	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2960	2184	WerFault.exe	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
2896	2464	WerFault.exe	Unicorn-27574.exe
1252	3008	WerFault.exe	Unicorn-14582.exe
1464	2588	WerFault.exe	Unicorn-14260.exe
2740	2520	WerFault.exe	Unicorn-54515.exe
2344	2624	WerFault.exe	Unicorn-63005.exe
2052	2404	WerFault.exe	Unicorn-30525.exe
1740	1168	WerFault.exe	Unicorn-64317.exe
1520	1376	WerFault.exe	Unicorn-34843.exe
2672	2484	WerFault.exe	Unicorn-2362.exe
2492	812	WerFault.exe	Unicorn-32958.exe
2188	776	WerFault.exe	Unicorn-32766.exe
2648	1556	WerFault.exe	Unicorn-2554.exe
1192	2852	WerFault.exe	Unicorn-11415.exe
484	1564	WerFault.exe	Unicorn-59573.exe
2136	2236	WerFault.exe	Unicorn-29169.exe
964	788	WerFault.exe	Unicorn-27415.exe
1432	1424	WerFault.exe	Unicorn-27092.exe
1496	380	WerFault.exe	Unicorn-27415.exe
1768	704	WerFault.exe	Unicorn-45718.exe
2444	1228	WerFault.exe	Unicorn-50316.exe
2360	548	WerFault.exe	Unicorn-18412.exe
1592	1692	WerFault.exe	Unicorn-40285.exe
1048	2920	WerFault.exe	Unicorn-22578.exe
320	240	WerFault.exe	Unicorn-44452.exe
868	568	WerFault.exe	Unicorn-10155.exe
2864	2908	WerFault.exe	Unicorn-23346.exe
2856	2124	WerFault.exe	Unicorn-43212.exe
2480	896	WerFault.exe	Unicorn-23538.exe
1236	592	WerFault.exe	Unicorn-46766.exe
2712	1988	WerFault.exe	Unicorn-43355.exe
1652	3016	WerFault.exe	Unicorn-60952.exe
1532	1524	WerFault.exe	Unicorn-15809.exe
2884	2408	WerFault.exe	Unicorn-35483.exe
2120	1992	WerFault.exe	Unicorn-11450.exe
2084	2576	WerFault.exe	Unicorn-57122.exe
1636	2536	WerFault.exe	Unicorn-56546.exe
2928	1644	WerFault.exe	Unicorn-3194.exe
1056	2840	WerFault.exe	Unicorn-35160.exe
904	2628	WerFault.exe	Unicorn-35675.exe
3152	2160	WerFault.exe	Unicorn-34139.exe
3144	2028	WerFault.exe	Unicorn-21010.exe
3168	348	WerFault.exe	Unicorn-36277.exe
3160	1604	WerFault.exe	Unicorn-48892.exe
3224	1044	WerFault.exe	Unicorn-53298.exe
3956	2608	WerFault.exe	Unicorn-162.exe
3816	1936	WerFault.exe	Unicorn-32083.exe
3812	2716	WerFault.exe	Unicorn-51949.exe
3516	3024	WerFault.exe	Unicorn-45556.exe
3620	888	WerFault.exe	Unicorn-26458.exe
3712	3056	WerFault.exe	Unicorn-52494.exe
3740	832	WerFault.exe	Unicorn-32951.exe
3920	1620	WerFault.exe	Unicorn-46334.exe
3896	1284	WerFault.exe	Unicorn-6028.exe
3880	932	WerFault.exe	Unicorn-21487.exe
4084	1932	WerFault.exe	Unicorn-30647.exe
4088	3040	WerFault.exe	Unicorn-30647.exe
3420	2116	WerFault.exe	Unicorn-46360.exe
3452	2684	WerFault.exe	Unicorn-6246.exe
3548	1664	WerFault.exe	Unicorn-18991.exe
3772	2292	WerFault.exe	Unicorn-38534.exe
3232	2264	WerFault.exe	Unicorn-38857.exe
3380	2456	WerFault.exe	Unicorn-39302.exe
3748	2060	WerFault.exe	Unicorn-61280.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exeUnicorn-27574.exeUnicorn-14582.exeUnicorn-14260.exeUnicorn-63005.exeUnicorn-54515.exeUnicorn-30525.exeUnicorn-34843.exeUnicorn-2362.exeUnicorn-32766.exeUnicorn-2554.exeUnicorn-32958.exeUnicorn-63953.exeUnicorn-11415.exeUnicorn-29169.exeUnicorn-59573.exeUnicorn-46766.exeUnicorn-27415.exeUnicorn-27415.exeUnicorn-27092.exeUnicorn-45718.exeUnicorn-50316.exeUnicorn-18412.exeUnicorn-40285.exeUnicorn-22578.exeUnicorn-44452.exeUnicorn-64317.exeUnicorn-10155.exeUnicorn-43212.exeUnicorn-23346.exeUnicorn-23538.exeUnicorn-43355.exeUnicorn-60952.exeUnicorn-56546.exeUnicorn-57122.exeUnicorn-11450.exeUnicorn-35483.exeUnicorn-35160.exeUnicorn-15809.exeUnicorn-35675.exeUnicorn-3194.exeUnicorn-48892.exeUnicorn-53298.exeUnicorn-34139.exeUnicorn-36277.exeUnicorn-21010.exeUnicorn-1144.exeUnicorn-51949.exeUnicorn-32083.exeUnicorn-45556.exeUnicorn-26458.exeUnicorn-32951.exeUnicorn-52494.exeUnicorn-46334.exeUnicorn-662.exeUnicorn-30647.exeUnicorn-30647.exeUnicorn-30516.exeUnicorn-30516.exeUnicorn-63895.exeUnicorn-17710.exeUnicorn-63895.exeUnicorn-46360.exeUnicorn-44222.exe

pid	process
2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
2464	Unicorn-27574.exe
3008	Unicorn-14582.exe
2588	Unicorn-14260.exe
2624	Unicorn-63005.exe
2520	Unicorn-54515.exe
2404	Unicorn-30525.exe
1376	Unicorn-34843.exe
2484	Unicorn-2362.exe
776	Unicorn-32766.exe
1556	Unicorn-2554.exe
812	Unicorn-32958.exe
2012	Unicorn-63953.exe
2852	Unicorn-11415.exe
2236	Unicorn-29169.exe
1564	Unicorn-59573.exe
592	Unicorn-46766.exe
788	Unicorn-27415.exe
380	Unicorn-27415.exe
1424	Unicorn-27092.exe
704	Unicorn-45718.exe
1228	Unicorn-50316.exe
548	Unicorn-18412.exe
1692	Unicorn-40285.exe
2920	Unicorn-22578.exe
240	Unicorn-44452.exe
1168	Unicorn-64317.exe
568	Unicorn-10155.exe
2124	Unicorn-43212.exe
2908	Unicorn-23346.exe
896	Unicorn-23538.exe
1988	Unicorn-43355.exe
3016	Unicorn-60952.exe
2536	Unicorn-56546.exe
2576	Unicorn-57122.exe
1992	Unicorn-11450.exe
2408	Unicorn-35483.exe
2840	Unicorn-35160.exe
1524	Unicorn-15809.exe
2628	Unicorn-35675.exe
1644	Unicorn-3194.exe
1604	Unicorn-48892.exe
1044	Unicorn-53298.exe
2160	Unicorn-34139.exe
348	Unicorn-36277.exe
2028	Unicorn-21010.exe
1372	Unicorn-1144.exe
2716	Unicorn-51949.exe
1936	Unicorn-32083.exe
3024	Unicorn-45556.exe
888	Unicorn-26458.exe
832	Unicorn-32951.exe
3056	Unicorn-52494.exe
1620	Unicorn-46334.exe
2912	Unicorn-662.exe
3040	Unicorn-30647.exe
1932	Unicorn-30647.exe
2828	Unicorn-30516.exe
1980	Unicorn-30516.exe
1808	Unicorn-63895.exe
1452	Unicorn-17710.exe
1516	Unicorn-63895.exe
2116	Unicorn-46360.exe
2192	Unicorn-44222.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exeUnicorn-27574.exeUnicorn-14582.exeUnicorn-14260.exeUnicorn-54515.exeUnicorn-63005.exeUnicorn-30525.exeUnicorn-34843.exe

description	pid	process	target process
PID 2184 wrote to memory of 2464	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-27574.exe
PID 2184 wrote to memory of 2464	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-27574.exe
PID 2184 wrote to memory of 2464	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-27574.exe
PID 2184 wrote to memory of 2464	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-27574.exe
PID 2464 wrote to memory of 3008	2464	Unicorn-27574.exe	Unicorn-14582.exe
PID 2464 wrote to memory of 3008	2464	Unicorn-27574.exe	Unicorn-14582.exe
PID 2464 wrote to memory of 3008	2464	Unicorn-27574.exe	Unicorn-14582.exe
PID 2464 wrote to memory of 3008	2464	Unicorn-27574.exe	Unicorn-14582.exe
PID 2184 wrote to memory of 2588	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-14260.exe
PID 2184 wrote to memory of 2588	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-14260.exe
PID 2184 wrote to memory of 2588	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-14260.exe
PID 2184 wrote to memory of 2588	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	Unicorn-14260.exe
PID 2184 wrote to memory of 2960	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	WerFault.exe
PID 2184 wrote to memory of 2960	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	WerFault.exe
PID 2184 wrote to memory of 2960	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	WerFault.exe
PID 2184 wrote to memory of 2960	2184	b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe	WerFault.exe
PID 3008 wrote to memory of 2624	3008	Unicorn-14582.exe	Unicorn-63005.exe
PID 3008 wrote to memory of 2624	3008	Unicorn-14582.exe	Unicorn-63005.exe
PID 3008 wrote to memory of 2624	3008	Unicorn-14582.exe	Unicorn-63005.exe
PID 3008 wrote to memory of 2624	3008	Unicorn-14582.exe	Unicorn-63005.exe
PID 2464 wrote to memory of 2520	2464	Unicorn-27574.exe	Unicorn-54515.exe
PID 2464 wrote to memory of 2520	2464	Unicorn-27574.exe	Unicorn-54515.exe
PID 2464 wrote to memory of 2520	2464	Unicorn-27574.exe	Unicorn-54515.exe
PID 2464 wrote to memory of 2520	2464	Unicorn-27574.exe	Unicorn-54515.exe
PID 2588 wrote to memory of 2404	2588	Unicorn-14260.exe	Unicorn-30525.exe
PID 2588 wrote to memory of 2404	2588	Unicorn-14260.exe	Unicorn-30525.exe
PID 2588 wrote to memory of 2404	2588	Unicorn-14260.exe	Unicorn-30525.exe
PID 2588 wrote to memory of 2404	2588	Unicorn-14260.exe	Unicorn-30525.exe
PID 2464 wrote to memory of 2896	2464	Unicorn-27574.exe	WerFault.exe
PID 2464 wrote to memory of 2896	2464	Unicorn-27574.exe	WerFault.exe
PID 2464 wrote to memory of 2896	2464	Unicorn-27574.exe	WerFault.exe
PID 2464 wrote to memory of 2896	2464	Unicorn-27574.exe	WerFault.exe
PID 2520 wrote to memory of 1376	2520	Unicorn-54515.exe	Unicorn-34843.exe
PID 2520 wrote to memory of 1376	2520	Unicorn-54515.exe	Unicorn-34843.exe
PID 2520 wrote to memory of 1376	2520	Unicorn-54515.exe	Unicorn-34843.exe
PID 2520 wrote to memory of 1376	2520	Unicorn-54515.exe	Unicorn-34843.exe
PID 2624 wrote to memory of 2484	2624	Unicorn-63005.exe	Unicorn-2362.exe
PID 2624 wrote to memory of 2484	2624	Unicorn-63005.exe	Unicorn-2362.exe
PID 2624 wrote to memory of 2484	2624	Unicorn-63005.exe	Unicorn-2362.exe
PID 2624 wrote to memory of 2484	2624	Unicorn-63005.exe	Unicorn-2362.exe
PID 3008 wrote to memory of 776	3008	Unicorn-14582.exe	Unicorn-32766.exe
PID 3008 wrote to memory of 776	3008	Unicorn-14582.exe	Unicorn-32766.exe
PID 3008 wrote to memory of 776	3008	Unicorn-14582.exe	Unicorn-32766.exe
PID 3008 wrote to memory of 776	3008	Unicorn-14582.exe	Unicorn-32766.exe
PID 2404 wrote to memory of 1556	2404	Unicorn-30525.exe	Unicorn-2554.exe
PID 2404 wrote to memory of 1556	2404	Unicorn-30525.exe	Unicorn-2554.exe
PID 2404 wrote to memory of 1556	2404	Unicorn-30525.exe	Unicorn-2554.exe
PID 2404 wrote to memory of 1556	2404	Unicorn-30525.exe	Unicorn-2554.exe
PID 2588 wrote to memory of 812	2588	Unicorn-14260.exe	Unicorn-32958.exe
PID 2588 wrote to memory of 812	2588	Unicorn-14260.exe	Unicorn-32958.exe
PID 2588 wrote to memory of 812	2588	Unicorn-14260.exe	Unicorn-32958.exe
PID 2588 wrote to memory of 812	2588	Unicorn-14260.exe	Unicorn-32958.exe
PID 3008 wrote to memory of 1252	3008	Unicorn-14582.exe	WerFault.exe
PID 3008 wrote to memory of 1252	3008	Unicorn-14582.exe	WerFault.exe
PID 3008 wrote to memory of 1252	3008	Unicorn-14582.exe	WerFault.exe
PID 3008 wrote to memory of 1252	3008	Unicorn-14582.exe	WerFault.exe
PID 2588 wrote to memory of 1464	2588	Unicorn-14260.exe	WerFault.exe
PID 2588 wrote to memory of 1464	2588	Unicorn-14260.exe	WerFault.exe
PID 2588 wrote to memory of 1464	2588	Unicorn-14260.exe	WerFault.exe
PID 2588 wrote to memory of 1464	2588	Unicorn-14260.exe	WerFault.exe
PID 1376 wrote to memory of 2012	1376	Unicorn-34843.exe	Unicorn-63953.exe
PID 1376 wrote to memory of 2012	1376	Unicorn-34843.exe	Unicorn-63953.exe
PID 1376 wrote to memory of 2012	1376	Unicorn-34843.exe	Unicorn-63953.exe
PID 1376 wrote to memory of 2012	1376	Unicorn-34843.exe	Unicorn-63953.exe

C:\Users\Admin\AppData\Local\Temp\b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe
"C:\Users\Admin\AppData\Local\Temp\b53378d392da4ce0ffa1d9711c33be6761f752dbde9f0d8d09432bcf5a66596f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2362.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
9⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
10⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
11⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
12⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
13⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
14⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
14⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 220
13⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
12⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 216
11⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
10⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
9⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
8⤵
- Program crash
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
9⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
10⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
11⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
12⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
13⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
14⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 220
14⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
13⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 236
12⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
11⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
10⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
11⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
12⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 220
13⤵
PID:14152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
12⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 220
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
9⤵
- Program crash
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
9⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
12⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 220
13⤵
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 204
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 220
11⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
9⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 220
8⤵
- Program crash
PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
8⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
11⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
12⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 220
13⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
12⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
11⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
12⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 220
13⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 220
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 220
11⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
9⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
8⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
8⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
12⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
13⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
11⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
11⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
12⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 220
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
- Program crash
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
6⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
9⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
11⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
12⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
13⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
14⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
14⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
13⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 236
12⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
11⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
10⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
10⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
11⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
12⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
13⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
13⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
14⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
14⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 220
13⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
12⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
10⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
12⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
13⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 204
13⤵
PID:13712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
12⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 240
10⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
9⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
8⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
10⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
11⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
12⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 236
13⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 220
11⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
9⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
8⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
8⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
11⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
12⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
13⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
14⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 220
14⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
13⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
12⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
11⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
12⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
13⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 240
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
10⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
11⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 220
12⤵
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
10⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
10⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
11⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 220
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
11⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
8⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
7⤵
- Program crash
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
7⤵
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
8⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
10⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
11⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
12⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26741.exe
10⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
11⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
12⤵
PID:13704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
11⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
10⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
8⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
7⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
6⤵
- Program crash
PID:484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
9⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
10⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
12⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
13⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
14⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
14⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
13⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
12⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
11⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
10⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
11⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
12⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
13⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
13⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 220
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 220
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
8⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6506.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
11⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
12⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
9⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
8⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
11⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
12⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
13⤵
PID:13404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 236
13⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 220
11⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
10⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 204
12⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
9⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
8⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
7⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
7⤵
- Executes dropped EXE
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
12⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 220
13⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 204
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
10⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
10⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 204
12⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
11⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
11⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
12⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
11⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
10⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
8⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
6⤵
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 220
12⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 220
11⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
10⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
9⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
8⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
7⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
10⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
11⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 204
12⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
9⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
10⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
11⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 216
11⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
10⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 204
9⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
8⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 220
5⤵
- Program crash
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
8⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-51891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51891.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
12⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
13⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 220
13⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
8⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
7⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
10⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
12⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 220
13⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 220
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
10⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
9⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
10⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
11⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
12⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 236
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
8⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
7⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
7⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
8⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
11⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
12⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
13⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 236
13⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
12⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
8⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
11⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
12⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
12⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
10⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 220
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
7⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
10⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
11⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
12⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
11⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
8⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
7⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
6⤵
- Program crash
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
5⤵
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
8⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-29976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29976.exe
9⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
12⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
13⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
14⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
14⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
13⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
12⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
11⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
11⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
12⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
13⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
13⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
8⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
11⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
12⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
7⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
8⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
11⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
12⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
13⤵
PID:13740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 216
13⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 220
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 220
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
10⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
11⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
12⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 236
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 220
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 220
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
8⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
7⤵
- Program crash
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
7⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
8⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
11⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
12⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
12⤵
PID:13696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
9⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
10⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
11⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
11⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
10⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
8⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-61890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61890.exe
7⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
10⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
11⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
11⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
10⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
9⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
8⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
7⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
6⤵
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
11⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
12⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 240
12⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 220
11⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
10⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
8⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 220
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
7⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
6⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
7⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
8⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
9⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
10⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
11⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
11⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
10⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 220
9⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
8⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
7⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
6⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
5⤵
- Program crash
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
11⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
12⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
13⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
14⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
14⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 220
13⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
11⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
10⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
11⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
12⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 212
13⤵
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 240
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
10⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
11⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
12⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
13⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 220
13⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
11⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
9⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
8⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
8⤵
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
10⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
11⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
13⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 236
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 236
11⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
10⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
11⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
11⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
10⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
8⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
7⤵
- Program crash
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
8⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
12⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
13⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
13⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 220
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
11⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
12⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
12⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 220
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
9⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
7⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
11⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8653.exe
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 216
12⤵
PID:13372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
10⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
9⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
8⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 220
7⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
6⤵
- Program crash
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
8⤵
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
9⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
11⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
12⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 220
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
11⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
12⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
8⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 220
7⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
6⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
7⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
11⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 212
12⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
11⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
7⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
9⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
10⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
11⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
10⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
9⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
8⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
6⤵
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
5⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
10⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-26741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26741.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
13⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
13⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 220
12⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
9⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
11⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 220
12⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
10⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
8⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
10⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
11⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
9⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
7⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
6⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
7⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
8⤵
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
11⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 220
12⤵
PID:14324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
11⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
9⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
10⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
11⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
10⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
9⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 240
8⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
7⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
9⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
10⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
10⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
8⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 220
7⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 220
6⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
5⤵
- Program crash
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 188
6⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
5⤵
- Program crash
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
7⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
10⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
11⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
12⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
12⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 220
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
9⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
7⤵
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 240
8⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
7⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
6⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
7⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
9⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
10⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
11⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
11⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
10⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
9⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
8⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
7⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
6⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
6⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
8⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
9⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
10⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
11⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
11⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 220
10⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 220
9⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
8⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
7⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
6⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
7⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
8⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
9⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
10⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
10⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 220
9⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 220
8⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
7⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
6⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
5⤵
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
4⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
2⤵
- Program crash
PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe

Filesize
184KB

MD5
59544d7d3dcf16e5545745edd9ccc771

SHA1
adc41ff6a255cd2af8bb946b3f5ff9c0738ca402

SHA256
e5d2010c1577c35ee3fe990c5ac502ddb3abf20847210aeae30053bc5c4bdc8f

SHA512
ea935b2432ff3be45012c849615af7f2dbe90030b21b40d59819fed540de36b6c04cf9a0e1583f535d529339ccab37048cb7cf6b0ddbd6cb44a7b41e60c60b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe

Filesize
184KB

MD5
f00d835ed94f481d197cb55da80db82c

SHA1
2a2cb64903e9ebcb82887ee47ac0229ba41fbeac

SHA256
69698604b246c692f831686e6e3c6e413fd668ed5e86a992d14b033544da3b9d

SHA512
63f2801edc7a52011037c02eace63171a06be24a9f0cd9d9f89e42fef7e4f7e2b6d7baadd68f1474d58d8a7771b14c0aed530bf2a15986d0ea12439e64f5c5b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe

Filesize
184KB

MD5
25d33c4bf10c2b4a4a10fc9e9c2524c5

SHA1
93fcb07bf88719cfac316875e0b32c951c544374

SHA256
2c932ec92927fa7b1735de238b81da5ce07d6664e16c22a73217839205de416b

SHA512
f811943543d95beb2e53913d2da2fc1c9d86ace853310089f316cdd19acddb9a71c110dc3a36916c105ed068d7b2c269ca2766782d3d5e0b9d8028e33407ed7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe

Filesize
184KB

MD5
d6e6428f2965b7ca24af093d4cc62fca

SHA1
2010ed470f764afaaab5336c0b2208369c935784

SHA256
9e0b1f9ff23f04d6ffeb3c09aaa523b84017fc1805f944deda917f386955f054

SHA512
3e93bd46597cb4ea40c2c57d2ee8ef663a7759d87fb1cdefb774523a0b473e593556cf6471b5fee401e18e64a64ee5076546fc41170db798c038a2e4192331bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe

Filesize
184KB

MD5
628a1258ee830835a113fa2587b66d93

SHA1
d58eff4b70d2073e88de28163abef0d9d3dc6672

SHA256
954a09f4e862cde79598a0c0c578921cf5b865ab24172c625394befd106af996

SHA512
96d9a94405c73128937024f6dad566ae2b8cf9d06ba47855c1ccebf1bb8907aefccce52b8b4c078d003198ad0e5a6177be460b59c592ca4086a85ee6b319bbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6506.exe

Filesize
184KB

MD5
bea632213d3d8ab06cc1a48ecbfd8dd4

SHA1
175856304cebf67c1a54a6fd005a5d8500946f75

SHA256
f62b9be8c07baafa2855d8bd177c8023889afad7a67d7d123fd7b2be35e6d495

SHA512
6f1eb0bb9566ede7ca9742e89ed8d42985a0b5c5509dcf228fb812978726b46ad888e71f33cfa70c95fb70fa300e52a8f8f51adac2cde5d2e3aaab020da6e0f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe

Filesize
184KB

MD5
f30f104dff77205752310e6a0529c51b

SHA1
86415771b2f0dc6bfc393c12ce4d68e0bf288a71

SHA256
419bd96f196b80afc5d08b0dd2cb9301031a6794b5c16e3828450e3c90eb77c0

SHA512
7791ca42c1a4977fe3b2379dd86ef64319a8b231afc47dcf19e820a2a45216b35464f4af8edaad8a79cdb7aea1e519fc4629d2e4ea3bec49f6971f084be87d25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe

Filesize
184KB

MD5
8cf59559a08671e9fe3821955848ba56

SHA1
b5eaa755010043b1e514940096e3dd88237c35c6

SHA256
f62f8df586769de0e4a5f3ff7823c5e74d5ac472645b6a52f30de579c6b3c434

SHA512
10cfb8550bc3fcf8686a2f825885603ca7318143ef6d75d2d100f6ccbdce4964a82b0ef14ade55bab6199f7a10c8423c33092b87897e0c216e27b12bac817b75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe

Filesize
184KB

MD5
62f8a2fc0b03312c4ae354ddba85b35c

SHA1
2a7a8d2f61f19c7ca1a3999ee6b4c31ba3ce9d5b

SHA256
153a775bc3e7b00e5ad99e274e2fe5714cb40d825b934dc5e02f92a822e9af85

SHA512
63798c60caa5db615ef09b2dfaba336a8720d12cb1875d03aeb9d36e68e008f71e84999ee1ca949698c678aaecaff687b65ed33ddab9c3f22b689d31f91fa9ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2362.exe

Filesize
184KB

MD5
5caa284e820b5a56f0f9d8cee65e1eca

SHA1
d7452a61c07655bcc19ced2f3eca03dbfcfa5d7d

SHA256
7ebeac23cfcf9438cf29e4eadb4767e59a7064800086bd494eb2dd3d2e31d07c

SHA512
dc5cbe347b958429d4597916376e96f2241a70857e90c2ba55052a667e181447a3a21fca1ae8de592a94ddde0be627abde9f614b541775cd0928e4e39e2f5873

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe

Filesize
184KB

MD5
12fc031a65acdc47420792c8afea46ab

SHA1
76313fad0d71bd0c63000d7f8f5fea9e54e65a76

SHA256
bc1906ebfe93e0d8010f2f5574a591b877d0d9f9ed156213190d57425949baa2

SHA512
0bcbda4a722645461f118f0fd44fc25e330460084ce7942c79666ef8f192d0f9dd9cddb6ee47d2e0595360ceba5e5956f1932b6499e9fe213b1bd223eac8374f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe

Filesize
184KB

MD5
3657164e0612b22827129031e3d9e706

SHA1
6dc18640c852e2b5185646dfa7e4a405b2b48f41

SHA256
46bf583d69995f3266697c82c145df50a6fbccb83a2ca9cc67be1669b56f82d7

SHA512
4731488d99d0ff8629f6729af5bd6f82e5ff2cb37ac508af7a8aa48d5039d243493fc437765ab4832fb2ef5baf734192132ead2ec08061303071e3c14cb7ccdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe

Filesize
184KB

MD5
2277b82d61850a2000fb007d119f6aeb

SHA1
428215991ffeb5831158b252ced509bf16d17857

SHA256
86a14d61c7d061633a0ed0122c2cb4b19357f31cdae2b3b1575d757fb6f31c53

SHA512
48b0be9916f4dc464af1011a8569eb55a96310b1ab783039a42a4c34588be253f4ed46558f6bdfe8f59e5663781b3b052b8d70351d9eab4e9246b3a5af5acdcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe

Filesize
184KB

MD5
0a5861c9e62a77562c2b1e9d32d2f7aa

SHA1
73889eccc3e157842ef13919a14ecdc9f47892ad

SHA256
e72e96b275db816d43a463aaab8e6571bb77c88d4a16b38cc2f0cb1949b5d1ba

SHA512
ff6e87b14c70f20b2ef40c70fe5e0c40daec03f92582cfea9755023bd7bb3250e44f26abdd608757324374f6441031afd9832fa7d2d35c636d5617c9ac86c97e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe

Filesize
184KB

MD5
444caf47d5bd85f109f7af6f5024cfcc

SHA1
3be7125ddd92a516b678b0c0b40183402ace5f71

SHA256
a631e39c31b3b75fee6037a9b9ba41d32fcc2abc84aa453f4a67a0f0595530e2

SHA512
6fea0fbc4c0727efa4600ef1291c4e6cb21903f1604ce69a311273664caa99ce851c3176fe50d0122038113f8aa2520e13861eb17e2e302f619bcf8aa3fde510

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe

Filesize
184KB

MD5
f2f8d1387ef842351bd0ff082fba6325

SHA1
c1bd61579c6697a647deead65331090b05842ff2

SHA256
8886a054fd17e757b39310caa5b61f0706041ae4767fd4ede20def4b865896db

SHA512
5d0e6e6d906d118f172eb6e2921c1e8c0069b45378f1dfb502039911544913c5bdcecb25534e991189a155df43c66178d6b9875bccdc1c34b35b40737c8652ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe

Filesize
184KB

MD5
777fa8916fef1355477213a6f26ddb18

SHA1
30509bf22b5282b2a7adddf0e6b8f49b85a53f6d

SHA256
398f10638a8d10ead96db17a2f106cbe8473f799eef78ee49740231415d52699

SHA512
3189d90b8b4cc811d391138c4dc02157a1258b7083baf39c19fb3a2abb54a60630839a88767afac583058e7594670a581b93baf78d40665688f10074e8a5a7d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe

Filesize
184KB

MD5
379a0009cbfb0546fd13906440c5a78f

SHA1
2ce036416aea8037fccbc194ccaf7979a2102c8f

SHA256
258b039259f39da51f9b2f068d55ce1f70dd4ddd93f454123c5677209e787cdc

SHA512
a84a5472b50e1151584f85ccb35ee642defab87d1fc463b331a29c8ed2db03f0d24a7d5ba97a746dc9634067b9cc0fd4d1d9240abd3075e710340c60d41f1fec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe

Filesize
184KB

MD5
a7b77e8f604bbe98b02ab3316f5b6376

SHA1
46431ff02f2322d457a5982df1213d6c7ddb54d9

SHA256
80667580b8ce1f09f6cbbeaa9048e8231a4586bc7d1196eb593cde9194dae7cd

SHA512
ab12b96368e1496fad815a6cdce21a05dc8e73ae3955041b083ecbb0089c35dead7bcb78a0bf628e1d068c10d58b37a96ba11b125fe1d8e5cd04a7e0aa5144c2

Download Submit