3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
Size

184KB
MD5

28796bf1362eaf7787bf4caa7e2108dc
SHA1

43aa2abd23092cf8e026f3347f533bd8cdcf9cba
SHA256

3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c
SHA512

365c63a3530d9a34e42c61f5185e40f64f8f1515e51cf8366c6412d508c424f1a4bacab6f9f9b0f034ab258899f70059eac7f50e237700ab15ebf3f04a54f4bf
SSDEEP

3072:ICe3Y8oTZfhTdF0We7wLgDszhlnV8FQn3:IC+oDJF0SLiszhlnV8FQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-13478.exeUnicorn-11423.exeUnicorn-26368.exeUnicorn-9560.exeUnicorn-13644.exeUnicorn-28589.exeUnicorn-59721.exeUnicorn-48024.exeUnicorn-43385.exeUnicorn-43385.exeUnicorn-58330.exeUnicorn-31216.exeUnicorn-15434.exeUnicorn-35300.exeUnicorn-23624.exeUnicorn-64656.exeUnicorn-14064.exeUnicorn-44791.exeUnicorn-3203.exeUnicorn-48367.exeUnicorn-63312.exeUnicorn-60619.exeUnicorn-10027.exeUnicorn-1304.exeUnicorn-40199.exeUnicorn-65258.exeUnicorn-64703.exeUnicorn-33977.exeUnicorn-3250.exeUnicorn-53006.exeUnicorn-7334.exeUnicorn-22279.exeUnicorn-31045.exeUnicorn-2456.exeUnicorn-21485.exeUnicorn-21485.exeUnicorn-55549.exeUnicorn-24823.exeUnicorn-43852.exeUnicorn-4402.exeUnicorn-54158.exeUnicorn-43297.exeUnicorn-41159.exeUnicorn-25377.exeUnicorn-45243.exeUnicorn-62134.exeUnicorn-51273.exeUnicorn-51273.exeUnicorn-35491.exeUnicorn-24631.exeUnicorn-39575.exeUnicorn-59441.exeUnicorn-29182.exeUnicorn-9316.exeUnicorn-47464.exeUnicorn-57770.exeUnicorn-52103.exeUnicorn-14599.exeUnicorn-24906.exeUnicorn-39850.exeUnicorn-59716.exeUnicorn-4293.exeUnicorn-11070.exeUnicorn-2923.exe

pid	process
1456	Unicorn-13478.exe
2764	Unicorn-11423.exe
2108	Unicorn-26368.exe
2864	Unicorn-9560.exe
2452	Unicorn-13644.exe
2540	Unicorn-28589.exe
2232	Unicorn-59721.exe
2772	Unicorn-48024.exe
2840	Unicorn-43385.exe
2952	Unicorn-43385.exe
1200	Unicorn-58330.exe
1616	Unicorn-31216.exe
1612	Unicorn-15434.exe
1960	Unicorn-35300.exe
1276	Unicorn-23624.exe
2876	Unicorn-64656.exe
488	Unicorn-14064.exe
2096	Unicorn-44791.exe
1304	Unicorn-3203.exe
2248	Unicorn-48367.exe
848	Unicorn-63312.exe
1768	Unicorn-60619.exe
1380	Unicorn-10027.exe
2284	Unicorn-1304.exe
1644	Unicorn-40199.exe
2900	Unicorn-65258.exe
2164	Unicorn-64703.exe
2264	Unicorn-33977.exe
764	Unicorn-3250.exe
1760	Unicorn-53006.exe
1728	Unicorn-7334.exe
2508	Unicorn-22279.exe
2520	Unicorn-31045.exe
2580	Unicorn-2456.exe
2760	Unicorn-21485.exe
2740	Unicorn-21485.exe
2796	Unicorn-55549.exe
2492	Unicorn-24823.exe
3032	Unicorn-43852.exe
1796	Unicorn-4402.exe
2648	Unicorn-54158.exe
1220	Unicorn-43297.exe
2400	Unicorn-41159.exe
500	Unicorn-25377.exe
1448	Unicorn-45243.exe
2652	Unicorn-62134.exe
2992	Unicorn-51273.exe
1636	Unicorn-51273.exe
1540	Unicorn-35491.exe
3008	Unicorn-24631.exe
1668	Unicorn-39575.exe
1920	Unicorn-59441.exe
1532	Unicorn-29182.exe
2064	Unicorn-9316.exe
1032	Unicorn-47464.exe
308	Unicorn-57770.exe
1940	Unicorn-52103.exe
1596	Unicorn-14599.exe
1520	Unicorn-24906.exe
2924	Unicorn-39850.exe
2880	Unicorn-59716.exe
2296	Unicorn-4293.exe
2440	Unicorn-11070.exe
1280	Unicorn-2923.exe

Loads dropped DLL 64 IoCs

Processes:

3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exeUnicorn-13478.exeUnicorn-11423.exeUnicorn-26368.exeWerFault.exeUnicorn-9560.exeUnicorn-28589.exeUnicorn-13644.exeWerFault.exeWerFault.exeUnicorn-48024.exeUnicorn-59721.exeUnicorn-43385.exeUnicorn-43385.exeUnicorn-58330.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
1456	Unicorn-13478.exe
1456	Unicorn-13478.exe
2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
2764	Unicorn-11423.exe
2764	Unicorn-11423.exe
2108	Unicorn-26368.exe
2108	Unicorn-26368.exe
1456	Unicorn-13478.exe
1456	Unicorn-13478.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2976	WerFault.exe
2864	Unicorn-9560.exe
2864	Unicorn-9560.exe
2764	Unicorn-11423.exe
2764	Unicorn-11423.exe
2540	Unicorn-28589.exe
2540	Unicorn-28589.exe
2452	Unicorn-13644.exe
2452	Unicorn-13644.exe
2108	Unicorn-26368.exe
2108	Unicorn-26368.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
896	WerFault.exe
896	WerFault.exe
2000	WerFault.exe
896	WerFault.exe
896	WerFault.exe
896	WerFault.exe
2772	Unicorn-48024.exe
2772	Unicorn-48024.exe
2864	Unicorn-9560.exe
2864	Unicorn-9560.exe
2232	Unicorn-59721.exe
2232	Unicorn-59721.exe
2952	Unicorn-43385.exe
2952	Unicorn-43385.exe
2840	Unicorn-43385.exe
2452	Unicorn-13644.exe
2840	Unicorn-43385.exe
2452	Unicorn-13644.exe
2540	Unicorn-28589.exe
2540	Unicorn-28589.exe
1200	Unicorn-58330.exe
1200	Unicorn-58330.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2584	2512	WerFault.exe	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
2976	1456	WerFault.exe	Unicorn-13478.exe
2000	2764	WerFault.exe	Unicorn-11423.exe
896	2108	WerFault.exe	Unicorn-26368.exe
2960	2864	WerFault.exe	Unicorn-9560.exe
1500	2452	WerFault.exe	Unicorn-13644.exe
1252	2540	WerFault.exe	Unicorn-28589.exe
2224	2772	WerFault.exe	Unicorn-48024.exe
1684	2232	WerFault.exe	Unicorn-59721.exe
2144	2952	WerFault.exe	Unicorn-43385.exe
2556	2840	WerFault.exe	Unicorn-43385.exe
2592	1200	WerFault.exe	Unicorn-58330.exe
780	1616	WerFault.exe	Unicorn-31216.exe
1108	1960	WerFault.exe	Unicorn-35300.exe
996	1612	WerFault.exe	Unicorn-15434.exe
2276	1276	WerFault.exe	Unicorn-23624.exe
1872	488	WerFault.exe	Unicorn-14064.exe
920	2096	WerFault.exe	Unicorn-44791.exe
2156	1304	WerFault.exe	Unicorn-3203.exe
1944	2876	WerFault.exe	Unicorn-64656.exe
2444	848	WerFault.exe	Unicorn-63312.exe
1816	2248	WerFault.exe	Unicorn-48367.exe
812	1380	WerFault.exe	Unicorn-10027.exe
344	1768	WerFault.exe	Unicorn-60619.exe
2468	1644	WerFault.exe	Unicorn-40199.exe
2848	2900	WerFault.exe	Unicorn-65258.exe
324	2264	WerFault.exe	Unicorn-33977.exe
2076	1728	WerFault.exe	Unicorn-7334.exe
1640	2164	WerFault.exe	Unicorn-64703.exe
2136	2508	WerFault.exe	Unicorn-22279.exe
1964	764	WerFault.exe	Unicorn-3250.exe
1984	1760	WerFault.exe	Unicorn-53006.exe
3364	2520	WerFault.exe	Unicorn-31045.exe
3396	2580	WerFault.exe	Unicorn-2456.exe
3428	2760	WerFault.exe	Unicorn-21485.exe
3616	2740	WerFault.exe	Unicorn-21485.exe
3656	2648	WerFault.exe	Unicorn-54158.exe
3804	3032	WerFault.exe	Unicorn-43852.exe
3820	2992	WerFault.exe	Unicorn-51273.exe
3512	500	WerFault.exe	Unicorn-25377.exe
3528	1636	WerFault.exe	Unicorn-51273.exe
3664	2652	WerFault.exe	Unicorn-62134.exe
3748	1448	WerFault.exe	Unicorn-45243.exe
3764	2492	WerFault.exe	Unicorn-24823.exe
3800	1032	WerFault.exe	Unicorn-47464.exe
3812	2064	WerFault.exe	Unicorn-9316.exe
3896	2400	WerFault.exe	Unicorn-41159.exe
3980	1920	WerFault.exe	Unicorn-59441.exe
3988	1532	WerFault.exe	Unicorn-29182.exe
4024	2296	WerFault.exe	Unicorn-4293.exe
4056	2796	WerFault.exe	Unicorn-55549.exe
4060	2924	WerFault.exe	Unicorn-39850.exe
2432	2804	WerFault.exe	Unicorn-11091.exe
3096	1520	WerFault.exe	Unicorn-24906.exe
3144	2440	WerFault.exe	Unicorn-11070.exe
3220	2080	WerFault.exe	Unicorn-23898.exe
3316	1552	WerFault.exe	Unicorn-50541.exe
3424	2668	WerFault.exe	Unicorn-44511.exe
3444	2184	WerFault.exe	Unicorn-62238.exe
3608	1280	WerFault.exe	Unicorn-2923.exe
3648	292	WerFault.exe	Unicorn-49986.exe
3720	3004	WerFault.exe	Unicorn-33650.exe
3360	2756	WerFault.exe	Unicorn-5637.exe
3356	1064	WerFault.exe	Unicorn-484.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exeUnicorn-13478.exeUnicorn-11423.exeUnicorn-26368.exeUnicorn-9560.exeUnicorn-13644.exeUnicorn-28589.exeUnicorn-59721.exeUnicorn-48024.exeUnicorn-43385.exeUnicorn-43385.exeUnicorn-58330.exeUnicorn-31216.exeUnicorn-15434.exeUnicorn-35300.exeUnicorn-23624.exeUnicorn-44791.exeUnicorn-64656.exeUnicorn-14064.exeUnicorn-3203.exeUnicorn-48367.exeUnicorn-63312.exeUnicorn-60619.exeUnicorn-10027.exeUnicorn-40199.exeUnicorn-65258.exeUnicorn-64703.exeUnicorn-33977.exeUnicorn-3250.exeUnicorn-7334.exeUnicorn-53006.exeUnicorn-22279.exeUnicorn-31045.exeUnicorn-2456.exeUnicorn-21485.exeUnicorn-21485.exeUnicorn-24823.exeUnicorn-55549.exeUnicorn-43852.exeUnicorn-4402.exeUnicorn-54158.exeUnicorn-43297.exeUnicorn-41159.exeUnicorn-45243.exeUnicorn-25377.exeUnicorn-62134.exeUnicorn-51273.exeUnicorn-51273.exeUnicorn-24631.exeUnicorn-39575.exeUnicorn-59441.exeUnicorn-29182.exeUnicorn-9316.exeUnicorn-47464.exeUnicorn-57770.exeUnicorn-52103.exeUnicorn-14599.exeUnicorn-24906.exeUnicorn-39850.exeUnicorn-59716.exeUnicorn-4293.exeUnicorn-2923.exeUnicorn-11070.exeUnicorn-56763.exe

pid	process
2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
1456	Unicorn-13478.exe
2764	Unicorn-11423.exe
2108	Unicorn-26368.exe
2864	Unicorn-9560.exe
2452	Unicorn-13644.exe
2540	Unicorn-28589.exe
2232	Unicorn-59721.exe
2772	Unicorn-48024.exe
2952	Unicorn-43385.exe
2840	Unicorn-43385.exe
1200	Unicorn-58330.exe
1616	Unicorn-31216.exe
1612	Unicorn-15434.exe
1960	Unicorn-35300.exe
1276	Unicorn-23624.exe
2096	Unicorn-44791.exe
2876	Unicorn-64656.exe
488	Unicorn-14064.exe
1304	Unicorn-3203.exe
2248	Unicorn-48367.exe
848	Unicorn-63312.exe
1768	Unicorn-60619.exe
1380	Unicorn-10027.exe
1644	Unicorn-40199.exe
2900	Unicorn-65258.exe
2164	Unicorn-64703.exe
2264	Unicorn-33977.exe
764	Unicorn-3250.exe
1728	Unicorn-7334.exe
1760	Unicorn-53006.exe
2508	Unicorn-22279.exe
2520	Unicorn-31045.exe
2580	Unicorn-2456.exe
2760	Unicorn-21485.exe
2740	Unicorn-21485.exe
2492	Unicorn-24823.exe
2796	Unicorn-55549.exe
3032	Unicorn-43852.exe
1796	Unicorn-4402.exe
2648	Unicorn-54158.exe
1220	Unicorn-43297.exe
2400	Unicorn-41159.exe
1448	Unicorn-45243.exe
500	Unicorn-25377.exe
2652	Unicorn-62134.exe
2992	Unicorn-51273.exe
1636	Unicorn-51273.exe
3008	Unicorn-24631.exe
1668	Unicorn-39575.exe
1920	Unicorn-59441.exe
1532	Unicorn-29182.exe
2064	Unicorn-9316.exe
1032	Unicorn-47464.exe
308	Unicorn-57770.exe
1940	Unicorn-52103.exe
1596	Unicorn-14599.exe
1520	Unicorn-24906.exe
2924	Unicorn-39850.exe
2880	Unicorn-59716.exe
2296	Unicorn-4293.exe
1280	Unicorn-2923.exe
2440	Unicorn-11070.exe
2640	Unicorn-56763.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exeUnicorn-13478.exeUnicorn-11423.exeUnicorn-26368.exeUnicorn-9560.exeUnicorn-28589.exeUnicorn-13644.exeUnicorn-48024.exe

description	pid	process	target process
PID 2512 wrote to memory of 1456	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-13478.exe
PID 2512 wrote to memory of 1456	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-13478.exe
PID 2512 wrote to memory of 1456	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-13478.exe
PID 2512 wrote to memory of 1456	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-13478.exe
PID 1456 wrote to memory of 2764	1456	Unicorn-13478.exe	Unicorn-11423.exe
PID 1456 wrote to memory of 2764	1456	Unicorn-13478.exe	Unicorn-11423.exe
PID 1456 wrote to memory of 2764	1456	Unicorn-13478.exe	Unicorn-11423.exe
PID 1456 wrote to memory of 2764	1456	Unicorn-13478.exe	Unicorn-11423.exe
PID 2512 wrote to memory of 2108	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-26368.exe
PID 2512 wrote to memory of 2108	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-26368.exe
PID 2512 wrote to memory of 2108	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-26368.exe
PID 2512 wrote to memory of 2108	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	Unicorn-26368.exe
PID 2512 wrote to memory of 2584	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	WerFault.exe
PID 2512 wrote to memory of 2584	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	WerFault.exe
PID 2512 wrote to memory of 2584	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	WerFault.exe
PID 2512 wrote to memory of 2584	2512	3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe	WerFault.exe
PID 2764 wrote to memory of 2864	2764	Unicorn-11423.exe	Unicorn-9560.exe
PID 2764 wrote to memory of 2864	2764	Unicorn-11423.exe	Unicorn-9560.exe
PID 2764 wrote to memory of 2864	2764	Unicorn-11423.exe	Unicorn-9560.exe
PID 2764 wrote to memory of 2864	2764	Unicorn-11423.exe	Unicorn-9560.exe
PID 2108 wrote to memory of 2452	2108	Unicorn-26368.exe	Unicorn-13644.exe
PID 2108 wrote to memory of 2452	2108	Unicorn-26368.exe	Unicorn-13644.exe
PID 2108 wrote to memory of 2452	2108	Unicorn-26368.exe	Unicorn-13644.exe
PID 2108 wrote to memory of 2452	2108	Unicorn-26368.exe	Unicorn-13644.exe
PID 1456 wrote to memory of 2540	1456	Unicorn-13478.exe	Unicorn-28589.exe
PID 1456 wrote to memory of 2540	1456	Unicorn-13478.exe	Unicorn-28589.exe
PID 1456 wrote to memory of 2540	1456	Unicorn-13478.exe	Unicorn-28589.exe
PID 1456 wrote to memory of 2540	1456	Unicorn-13478.exe	Unicorn-28589.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-13478.exe	WerFault.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-13478.exe	WerFault.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-13478.exe	WerFault.exe
PID 1456 wrote to memory of 2976	1456	Unicorn-13478.exe	WerFault.exe
PID 2864 wrote to memory of 2232	2864	Unicorn-9560.exe	Unicorn-59721.exe
PID 2864 wrote to memory of 2232	2864	Unicorn-9560.exe	Unicorn-59721.exe
PID 2864 wrote to memory of 2232	2864	Unicorn-9560.exe	Unicorn-59721.exe
PID 2864 wrote to memory of 2232	2864	Unicorn-9560.exe	Unicorn-59721.exe
PID 2764 wrote to memory of 2772	2764	Unicorn-11423.exe	Unicorn-48024.exe
PID 2764 wrote to memory of 2772	2764	Unicorn-11423.exe	Unicorn-48024.exe
PID 2764 wrote to memory of 2772	2764	Unicorn-11423.exe	Unicorn-48024.exe
PID 2764 wrote to memory of 2772	2764	Unicorn-11423.exe	Unicorn-48024.exe
PID 2540 wrote to memory of 2840	2540	Unicorn-28589.exe	Unicorn-43385.exe
PID 2540 wrote to memory of 2840	2540	Unicorn-28589.exe	Unicorn-43385.exe
PID 2540 wrote to memory of 2840	2540	Unicorn-28589.exe	Unicorn-43385.exe
PID 2540 wrote to memory of 2840	2540	Unicorn-28589.exe	Unicorn-43385.exe
PID 2452 wrote to memory of 2952	2452	Unicorn-13644.exe	Unicorn-43385.exe
PID 2452 wrote to memory of 2952	2452	Unicorn-13644.exe	Unicorn-43385.exe
PID 2452 wrote to memory of 2952	2452	Unicorn-13644.exe	Unicorn-43385.exe
PID 2452 wrote to memory of 2952	2452	Unicorn-13644.exe	Unicorn-43385.exe
PID 2108 wrote to memory of 1200	2108	Unicorn-26368.exe	Unicorn-58330.exe
PID 2108 wrote to memory of 1200	2108	Unicorn-26368.exe	Unicorn-58330.exe
PID 2108 wrote to memory of 1200	2108	Unicorn-26368.exe	Unicorn-58330.exe
PID 2108 wrote to memory of 1200	2108	Unicorn-26368.exe	Unicorn-58330.exe
PID 2764 wrote to memory of 2000	2764	Unicorn-11423.exe	WerFault.exe
PID 2764 wrote to memory of 2000	2764	Unicorn-11423.exe	WerFault.exe
PID 2764 wrote to memory of 2000	2764	Unicorn-11423.exe	WerFault.exe
PID 2764 wrote to memory of 2000	2764	Unicorn-11423.exe	WerFault.exe
PID 2108 wrote to memory of 896	2108	Unicorn-26368.exe	WerFault.exe
PID 2108 wrote to memory of 896	2108	Unicorn-26368.exe	WerFault.exe
PID 2108 wrote to memory of 896	2108	Unicorn-26368.exe	WerFault.exe
PID 2108 wrote to memory of 896	2108	Unicorn-26368.exe	WerFault.exe
PID 2772 wrote to memory of 1616	2772	Unicorn-48024.exe	Unicorn-31216.exe
PID 2772 wrote to memory of 1616	2772	Unicorn-48024.exe	Unicorn-31216.exe
PID 2772 wrote to memory of 1616	2772	Unicorn-48024.exe	Unicorn-31216.exe
PID 2772 wrote to memory of 1616	2772	Unicorn-48024.exe	Unicorn-31216.exe

C:\Users\Admin\AppData\Local\Temp\3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe
"C:\Users\Admin\AppData\Local\Temp\3aeaad5a40834a9162f72ecacf5082dd4e00e3af618cdd0ff3da748d0cfab18c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-24823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24823.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
10⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
11⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
12⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
13⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
14⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
14⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 220
13⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
12⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
11⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
10⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
10⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
11⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
13⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
14⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
13⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
12⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
11⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
10⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
9⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
11⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
12⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
13⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
13⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
12⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
11⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
9⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
8⤵
- Program crash
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
8⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
10⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
11⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
12⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
14⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
13⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
12⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
11⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
9⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
8⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
8⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
9⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
11⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
12⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
13⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
14⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
12⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
10⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
9⤵
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
8⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
11⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
12⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
13⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
10⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
9⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
7⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
8⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
11⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 236
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 216
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
8⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
7⤵
- Program crash
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
6⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-15434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15434.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
6⤵
- Executes dropped EXE
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
10⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
11⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
12⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
13⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
14⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 236
13⤵
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
12⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
11⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
7⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
11⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
12⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 236
12⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
10⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
8⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
7⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
9⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
11⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
12⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
13⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
14⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
15⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
14⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
13⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
12⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
11⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
10⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 188
11⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
9⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
8⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
10⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
11⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
12⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
13⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
14⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
12⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 220
11⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
10⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
9⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
8⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
8⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
10⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
12⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 236
12⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
11⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
10⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
11⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
11⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
8⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
7⤵
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
8⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-48886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48886.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
11⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 212
12⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
10⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
11⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
12⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
10⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
8⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
7⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
11⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
12⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 236
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
8⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
6⤵
- Program crash
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
11⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
12⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
13⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
14⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
12⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
11⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
10⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
9⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
11⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
12⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
13⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
7⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 240
10⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
9⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
8⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
7⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
11⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
12⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
13⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
9⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 216
8⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
10⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
11⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
12⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
8⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
6⤵
- Program crash
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
5⤵
- Program crash
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
9⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
11⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
12⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
13⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
14⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 220
12⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
10⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
9⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
8⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
10⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
11⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exe
12⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 220
11⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
8⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
7⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
8⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
9⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
10⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
11⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
12⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
12⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
11⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
10⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
9⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
8⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
7⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
8⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
11⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
12⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
13⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 236
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
10⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 216
9⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-21497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21497.exe
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
10⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
11⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 220
11⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 220
10⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
8⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
7⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
6⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
7⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
9⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
10⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
11⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
12⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
13⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12692 -s 188
14⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 220
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
7⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
10⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
11⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
12⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
11⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 220
10⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
8⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
7⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
6⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
7⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
9⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
10⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
11⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
12⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
11⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
10⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
8⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
7⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
5⤵
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-8429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8429.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
11⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
12⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
13⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
13⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
10⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
11⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 236
12⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
11⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
7⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-25913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25913.exe
10⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
11⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
11⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
10⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
8⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
7⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
6⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
7⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
9⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
10⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
11⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
11⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 220
10⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
9⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
8⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
7⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
6⤵
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
5⤵
- Executes dropped EXE
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
5⤵
- Program crash
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
9⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
11⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
12⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
13⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
14⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
13⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 220
12⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
10⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
9⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
8⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-23744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23744.exe
11⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 236
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
8⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
10⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
11⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 220
11⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
8⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
7⤵
- Program crash
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
11⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
12⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
13⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-3394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3394.exe
14⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
13⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
12⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 220
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
10⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
11⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
12⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
13⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
12⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
10⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
9⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
8⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
7⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
10⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 240
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
11⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
10⤵
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
8⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
7⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
6⤵
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
11⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
12⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
12⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
11⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
8⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
7⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
8⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
9⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
10⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 236
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
10⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
9⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
8⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
7⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
7⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
9⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
10⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-54102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54102.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
12⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 220
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
10⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
9⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
7⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
6⤵
- Program crash
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
5⤵
- Program crash
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
11⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-36972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36972.exe
12⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
13⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 220
12⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
11⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
8⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
7⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
9⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
10⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
11⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 236
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
10⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
9⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
8⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
7⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
6⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
7⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
9⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
10⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
11⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 220
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
10⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
9⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
8⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
7⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
6⤵
- Program crash
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
6⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
7⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-20672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20672.exe
10⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
11⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 220
10⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
9⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
8⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
7⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
8⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
9⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
10⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
10⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
9⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
8⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 220
7⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
6⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
7⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
8⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
9⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
10⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
11⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 220
10⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
9⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
8⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
7⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 500 -s 240
6⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
5⤵
- Program crash
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
7⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
10⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
11⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 236
12⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
8⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
7⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
9⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
10⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
11⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 216
11⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
10⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
9⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 216
8⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
7⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
6⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
7⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
8⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
9⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
10⤵
PID:9704

C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
11⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 236
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
10⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
9⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
8⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 216
7⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
6⤵
- Program crash
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
6⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
7⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
8⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
9⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
10⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
11⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
10⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
8⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
7⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
6⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
7⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
8⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
9⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
10⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
10⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
9⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
8⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
7⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
6⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
5⤵
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
6⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
8⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
9⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
10⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 224
11⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
10⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
9⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
8⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
7⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
6⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
7⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
8⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
9⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
10⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 220
9⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
8⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
7⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
6⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
5⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
6⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
7⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
8⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
9⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
10⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
10⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
9⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
8⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 216
7⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
6⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
5⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
4⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
2⤵
- Program crash
PID:2584

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
Filesize
184KB

MD5
438648f3ca7ad2950ce14ceffe3a10e4

SHA1
8544e6a6ca7997525766bba9f213ae407a54aa60

SHA256
80c109134a8e35c095b23a226f3f2dbf46242a7670e75a72c2ab5c9c9084b65d

SHA512
919f63b39727d0c814dd2d2671d4533733e8fa6cc17514c63c5a86a7107aa2d34c563beaffe1040fba7828ca7b0d02528249554a5be51813aa3085c748a30e62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
Filesize
184KB

MD5
6204b22c6932f3413de51a37b8becbfb

SHA1
933d9cbf2a6178c890bed1eff93c5c7e6e0d281d

SHA256
35dfb0080c3caed19e7136499f3d93c44fe29fa0c8391080cb0d58403d12a2e6

SHA512
36666bcaaa029f65860434023cf517755cbde61456199d2c64d12584ecd688dc55a4a03f48cc297f103680b5b245ffb6a7d4fa4ab9d11e5ab6990107146e17ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
Filesize
184KB

MD5
eec72f9638c39d4674bcbc6ef8ef57bc

SHA1
878d79206ba7a93df73c8abb58869b5ca4da0198

SHA256
24decbda4083b78c8663811f266ce23fd7bd6e39995d3b7ab4bff688b05a39be

SHA512
1225af7d42cae6901df8c27bc22cd88bc9f65ee8dda640900bc74159f0b81f2b61d7645d207d1fd78d9f7705f1e3c14aec03d4353422a49ff39b0edee38e8d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
Filesize
184KB

MD5
2292f0b8c933ff936e4fef99952466f4

SHA1
8198c68f418855370f5c7758283c75839f75f31d

SHA256
c1e8ef28f534eb64ae4f3584a7c3df5631ee8389fdd5ac6e13c3a18896442803

SHA512
11a754feba1434dd2846b4e5673af320e661e762ef2ee110fd001b7dedb37ae7a0b526b0e20ce2abacd5f10ded7120e09904792269a30c6c9803998b582f13cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
Filesize
184KB

MD5
3a8f2d1216fd6f001ee87f96eac50d81

SHA1
5e78f9426ab10d49e1a4fb3d101d163b418869c8

SHA256
ded9f9fa33c68c5b2b501e1e9db1005ab53d1cfdb061ea0142f780cc6b581b95

SHA512
2199f012d7dc126ae0fd7f71ef36942d5eadb418f87c3d8ff1525a1d59e31a6b999e7ba0a5bff3f32f490040a605f54fe83327c6ddbb62e6398ff70784feb693

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
Filesize
184KB

MD5
4888fe01d3bb13ed9b622e0e23dca5ef

SHA1
cd27c1c70831b51417f13beed2fb6af449cc12b0

SHA256
207586ef61b864ab114920c9ea405a2dd6e60d3abfefc73ec0287cd19aeb1e83

SHA512
246efab2d5235eb94d234aa7952f3871e5b69d29ca0932842d79ae648f4b3f2da5f96ad3f653a48f191fe5fccd14c8cc618cae57b82bc005fd3bf56eacc0f8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
Filesize
184KB

MD5
ca998b96d44aded4ae96390224cb0d39

SHA1
8cedb7ece2d18829057490555aa634b11eb31629

SHA256
a7ad5f99614fd00afd8d251e2d66b4a6e271176eff6622f02ca7b221aa930806

SHA512
516c87228656184a9b6a451e7af98e73e3ca844ec6fcfff08df683aa10387c659281cd781f661921e1e27427fdf5d68b8d50b273527836781caa7f2db01a915d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
Filesize
184KB

MD5
33d62c2d122a98b52c004e3c7832fb18

SHA1
58731c88b41f3a3e415b5fcda7cf6d1b94b47c94

SHA256
b07e1f6db8900e332ca4aec68f4baebb270de2895a0fdce4e83043ecd2290071

SHA512
2ed02aad4de9dd6ebfd6708732e233807e908842be8050caa329bd3baa0277599c820c932caa62f9642939f374793a33859fa2a57a0b573c52e195065cd1970b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe
Filesize
184KB

MD5
a04de43a90677a1cc99ef5de57efd043

SHA1
a1242fc093b38fb4815895c4e0a9bb619b557418

SHA256
cffede2d0812fb83c0c11f131a53cffad004ef1e32e637c0c8472d4e12c291b4

SHA512
8a0be34e549d834653fcb0327ad4792ecc7ef4c0fdf3c613d6f77da89c3813fbb6e23fde4641824bfb58d06b1a0c0d1628d53fbce6e92fac637ac84c5f1b9413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
Filesize
184KB

MD5
7f86cefb709b81e8918c5f62d1c78a8e

SHA1
25b4e1bd6f8dc9c90f95aa3cf24d56b136d5d4b2

SHA256
b546cbe6897035ed53020e9d008c1bdc54f89cb54cc46809e8bad13948ac7f8d

SHA512
abbe00c88cbbfae36c390cf561907bc9e50e97cd889f5306d0f7632a3ea5e7231a44a1b9a7c000affc77a84d99ab1a592cddaa930c0d234bbbc9cf00820e7459

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
Filesize
184KB

MD5
6c2c3466628acdbbaf684c409b8ca9fe

SHA1
6b80e62c925e4565a36bd77a41870076c09527a2

SHA256
36fa1cde9658361b131fe8eb6c2591ce9c8b51c91ee3e0b72766061926284a80

SHA512
3505c1c8202d791c951524700e1bdc3e22487800973d7da6f8e7db4c766894f46627874a1a71ed970d13f81865d9419ead87d1e09d9f922fac32706c23181ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
Filesize
184KB

MD5
6a89bb346abf13b42d489166bd0c2202

SHA1
67ed57078bf4f1bf3348a00c4b4a79d890bdb71b

SHA256
e154953d049e2ba085f3f60d60b1200e83dc6f97888070fa579a8ddff1357135

SHA512
74d1a936ba248e6578128b60db8ba4cf5f8a812de7b25d6bdd901fefcfb085240368c96fa72c76f9bbbc7c25807f1669c0e7c4d5f8d10073226ccfbc9d1ae7a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
Filesize
184KB

MD5
7f8bab368236b3c8357d5838b39d6049

SHA1
4041454d70d6743c26c4c20b91a0f4067968cdb5

SHA256
3871739d88ad1017d82882c684a4d40150bd27c672a6430a3319ed8b3e40e571

SHA512
469420e55b6db3a07b90a905138e04dbca417f8d31a0187d9816c04c972ab805459d923d3c05c0cc7b87e57d7dac4803ff6336435c1762ff2a49479aedc04f90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
Filesize
184KB

MD5
6e0736679ddb45a7705a2456a5c76468

SHA1
1d18d3afa976c24f7eae6464e2b803e66239aa5e

SHA256
fbed2143fd2ac0963852da6ec16f5c5508c20da6cc24bed713fe7a2747ac44ad

SHA512
ac9336cd06717a16e95bf16d8b2ba8b611559d26b752f47033a20d71ab3f670f96f11d73cda77283c50c7acd597c9fe252f2478330bcfc77ed6be26c5c6bfc45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15434.exe
Filesize
184KB

MD5
09eee78265afd0f27c4ebb7e4cd2b99f

SHA1
8485afafeedaf116ef2c6261efba455cf66c325f

SHA256
4e1f81a5a6b8a2aa515c68bf74803c735b51a7021d81fdbd3c46ebc64e976534

SHA512
ba048cdb0c02d877c3e875de24ef9849d8b78e0b0c52d62d8f8729e8d9f8bde289d846f36d4aa6a3965b31feb3e26e066543fb0e76f318520b7a236c2a945d7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
Filesize
184KB

MD5
162c940c0c8b14b50eb8c69587cde645

SHA1
bf4f33df451f81702ce4cb91ce28e120dfc73032

SHA256
905a6c8c4ec9fcc34884b52273935a5507ff7604f134bb0d36c6af3b4be81f5d

SHA512
b4ea40b2e4afa5535170bc7f8c288761295ab47229efe02aac158f5cfae6dd2e425f734be86c0b861e6e1357f9a5fa89a6341cbeec576c47db3a825ecd35ee0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
Filesize
184KB

MD5
bf35e3abe4866a6edcf70e711b04e9ba

SHA1
9c11b52e3a86b2f2e706717b1c23040a28c18575

SHA256
e82de99e9588b06cc0d500cd702690a75fa6eee4bc42ec727bef8ebc1ed93482

SHA512
d90ca9030cde3c89ff629a21b5ed09f9d30369d3f420653e7e4aa3dac28567d9ef951b25e4213e434fc9723f4a1b060c3115b2d55a9aab4f9efce30cd77c3152

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
Filesize
184KB

MD5
95c8bad63e187fe0ad4da0833cc20fe1

SHA1
2132fd46d550c644ded9c6ca5c67d33e2a8b91f3

SHA256
75970ddf75dbba7704eeb201fb36a4fcd64dbbf18aaed0eecdd830254207016b

SHA512
7a069462313fa599c7dc31aacb084c0449b7721246575bc44cc3d6cde6917f9e7fe990f247333b0cd2354e8527452f25bde7d7195b582a416dedeb94b2c6f26d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
Filesize
184KB

MD5
2ac1bbc213fff3412c8a12bc67a2fa97

SHA1
20353afae3a9886798d1067e64b0492440d9963a

SHA256
931a12d201260632609746c3899b656e056afa0a359ade75f0cec83acbc1fc0a

SHA512
8f62a28a2d81812bad2af23df5701269d379859d1404e6e6141f4c8ec62c69a4de1fcb6ec3289cd5e45f0f649fb8fc8df8081ac775980b69e19c0b45dca24973

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
Filesize
184KB

MD5
319c8f8b9098e89dfc0bae07ed4300ca

SHA1
554e9fdaec49be071cce4acd96ca730f01059d8b

SHA256
c5a06b3f5a3910669118fda892f3b2c22d1c69633394bfbba46d467610df533a

SHA512
222c85695ce5e06e17d97e31497445c76aa5a0cb57af91a6930868e7355ff6dad4cce8510eac2fae6be242ef6b7139d5c9d96ab66d2fa0254d6ffe86aa82d4e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
Filesize
184KB

MD5
458b84982120c370be7754ccc0f47d75

SHA1
929de77c073c08992e82799042cc5d98a64594c7

SHA256
341dd7373a5926643fe15da6b0b627748c2c1df2ae254cd328e6c4f67758faa7

SHA512
a7e78d057a062e4d1333e472d8a1ec31651817e26aead7c3ba23dc198e7992c78775b4978bd8209a1cec0bbd96b8483a9e26b173d5f09d04d88ed59efb145388

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
Filesize
184KB

MD5
5540adf06514b1aea4900804797b8b08

SHA1
a3f54decd40e767f101cac2f7fd3e6bd36ff0101

SHA256
26dbf045de2749d1764214a6ad1389cb34b17246b4973f53a4158a012f35dd51

SHA512
d16cdaf26c7d7839b2af104ee607e7b2f54dffbb1d8df609cba025918e2548fade79663ee84183691c759654d7c7f3f3dda155ae3eb60d5bd3533f76c502e2d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads