bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
Size

184KB
MD5

a9c5c3e6b1e2a553f2f587ea1c6dec1c
SHA1

ad1b0104fd8fe44c46acb7c55ada8775f9ae599e
SHA256

bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de
SHA512

4887103e1847b2706653b090e61b72a469ea0ebcdf4388b4368a2adcf5c112ca856fdfa3b353d058134fda71951f03be3cc92219335e8f7853c42239537617ef
SSDEEP

1536:47SPijZmp3OxoRn1ryhA/QwMOU2zZctmdyxcQR2OzPtqhl5hj5VizpvF:W9o3Oxoh9yhzdOZzevcQRhFqhlnniFd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-941.exeUnicorn-31440.exeUnicorn-26841.exeUnicorn-4356.exeUnicorn-20693.exeUnicorn-17163.exeUnicorn-34702.exeUnicorn-47509.exeUnicorn-1645.exeUnicorn-63653.exeUnicorn-25216.exeUnicorn-5350.exeUnicorn-4281.exeUnicorn-7618.exeUnicorn-47219.exeUnicorn-63555.exeUnicorn-43689.exeUnicorn-54261.exeUnicorn-37410.exeUnicorn-53877.exeUnicorn-4484.exeUnicorn-17291.exeUnicorn-53493.exeUnicorn-40172.exeUnicorn-20629.exeUnicorn-763.exeUnicorn-36965.exeUnicorn-17099.exeUnicorn-35694.exeUnicorn-31095.exeUnicorn-18097.exeUnicorn-2445.exeUnicorn-64453.exeUnicorn-2253.exeUnicorn-13991.exeUnicorn-21086.exeUnicorn-20894.exeUnicorn-17364.exeUnicorn-33700.exeUnicorn-37038.exeUnicorn-17495.exeUnicorn-17495.exeUnicorn-644.exeUnicorn-53182.exeUnicorn-49653.exeUnicorn-25139.exeUnicorn-24624.exeUnicorn-44490.exeUnicorn-40899.exeUnicorn-40441.exeUnicorn-27443.exeUnicorn-43779.exeUnicorn-40249.exeUnicorn-27251.exeUnicorn-23721.exeUnicorn-27059.exeUnicorn-59731.exeUnicorn-39481.exeUnicorn-23830.exeUnicorn-17472.exeUnicorn-30278.exeUnicorn-943.exeUnicorn-943.exeUnicorn-17280.exe

pid	process
2464	Unicorn-941.exe
812	Unicorn-31440.exe
1276	Unicorn-26841.exe
2828	Unicorn-4356.exe
1580	Unicorn-20693.exe
2704	Unicorn-17163.exe
2064	Unicorn-34702.exe
2856	Unicorn-47509.exe
3012	Unicorn-1645.exe
2416	Unicorn-63653.exe
2764	Unicorn-25216.exe
344	Unicorn-5350.exe
2100	Unicorn-4281.exe
1184	Unicorn-7618.exe
1676	Unicorn-47219.exe
2116	Unicorn-63555.exe
1776	Unicorn-43689.exe
1848	Unicorn-54261.exe
448	Unicorn-37410.exe
2212	Unicorn-53877.exe
1664	Unicorn-4484.exe
692	Unicorn-17291.exe
1856	Unicorn-53493.exe
1032	Unicorn-40172.exe
752	Unicorn-20629.exe
2296	Unicorn-763.exe
1860	Unicorn-36965.exe
2400	Unicorn-17099.exe
2452	Unicorn-35694.exe
1924	Unicorn-31095.exe
2040	Unicorn-18097.exe
2272	Unicorn-2445.exe
2900	Unicorn-64453.exe
2840	Unicorn-2253.exe
2648	Unicorn-13991.exe
888	Unicorn-21086.exe
2544	Unicorn-20894.exe
3000	Unicorn-17364.exe
1956	Unicorn-33700.exe
3008	Unicorn-37038.exe
3032	Unicorn-17495.exe
2568	Unicorn-17495.exe
2988	Unicorn-644.exe
2492	Unicorn-53182.exe
2156	Unicorn-49653.exe
1300	Unicorn-25139.exe
852	Unicorn-24624.exe
2092	Unicorn-44490.exe
872	Unicorn-40899.exe
2072	Unicorn-40441.exe
976	Unicorn-27443.exe
952	Unicorn-43779.exe
304	Unicorn-40249.exe
840	Unicorn-27251.exe
1784	Unicorn-23721.exe
1648	Unicorn-27059.exe
2436	Unicorn-59731.exe
2888	Unicorn-39481.exe
2616	Unicorn-23830.exe
2636	Unicorn-17472.exe
2728	Unicorn-30278.exe
2088	Unicorn-943.exe
2784	Unicorn-943.exe
2748	Unicorn-17280.exe

Loads dropped DLL 64 IoCs

Processes:

bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exeUnicorn-941.exeUnicorn-26841.exeUnicorn-31440.exeWerFault.exeUnicorn-4356.exeUnicorn-20693.exeWerFault.exeWerFault.exeUnicorn-34702.exeUnicorn-17163.exeUnicorn-47509.exeUnicorn-1645.exeUnicorn-63653.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
2464	Unicorn-941.exe
2464	Unicorn-941.exe
3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
1276	Unicorn-26841.exe
1276	Unicorn-26841.exe
812	Unicorn-31440.exe
812	Unicorn-31440.exe
2464	Unicorn-941.exe
2464	Unicorn-941.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2828	Unicorn-4356.exe
2828	Unicorn-4356.exe
1276	Unicorn-26841.exe
1276	Unicorn-26841.exe
1580	Unicorn-20693.exe
1580	Unicorn-20693.exe
812	Unicorn-31440.exe
812	Unicorn-31440.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2064	Unicorn-34702.exe
2064	Unicorn-34702.exe
2704	Unicorn-17163.exe
2704	Unicorn-17163.exe
2828	Unicorn-4356.exe
2828	Unicorn-4356.exe
2856	Unicorn-47509.exe
2856	Unicorn-47509.exe
3012	Unicorn-1645.exe
3012	Unicorn-1645.exe
2416	Unicorn-63653.exe
1580	Unicorn-20693.exe
2416	Unicorn-63653.exe
1580	Unicorn-20693.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1472	WerFault.exe
1084	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2724	3056	WerFault.exe	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
2592	2464	WerFault.exe	Unicorn-941.exe
1652	1276	WerFault.exe	Unicorn-26841.exe
2600	812	WerFault.exe	Unicorn-31440.exe
1248	2828	WerFault.exe	Unicorn-4356.exe
1472	2704	WerFault.exe	Unicorn-17163.exe
1084	1580	WerFault.exe	Unicorn-20693.exe
1532	2064	WerFault.exe	Unicorn-34702.exe
2892	2856	WerFault.exe	Unicorn-47509.exe
1564	3012	WerFault.exe	Unicorn-1645.exe
2032	2416	WerFault.exe	Unicorn-63653.exe
2620	2764	WerFault.exe	Unicorn-25216.exe
620	344	WerFault.exe	Unicorn-5350.exe
776	1184	WerFault.exe	Unicorn-7618.exe
2780	1776	WerFault.exe	Unicorn-43689.exe
2056	1676	WerFault.exe	Unicorn-47219.exe
2924	2116	WerFault.exe	Unicorn-63555.exe
2020	2100	WerFault.exe	Unicorn-4281.exe
2776	1848	WerFault.exe	Unicorn-54261.exe
760	448	WerFault.exe	Unicorn-37410.exe
564	2212	WerFault.exe	Unicorn-53877.exe
2108	1664	WerFault.exe	Unicorn-4484.exe
1040	1856	WerFault.exe	Unicorn-53493.exe
2392	1032	WerFault.exe	Unicorn-40172.exe
956	692	WerFault.exe	Unicorn-17291.exe
2320	1860	WerFault.exe	Unicorn-36965.exe
2316	2296	WerFault.exe	Unicorn-763.exe
2948	2400	WerFault.exe	Unicorn-17099.exe
996	752	WerFault.exe	Unicorn-20629.exe
2344	2452	WerFault.exe	Unicorn-35694.exe
2968	1924	WerFault.exe	Unicorn-31095.exe
1584	2272	WerFault.exe	Unicorn-2445.exe
988	2900	WerFault.exe	Unicorn-64453.exe
3164	1956	WerFault.exe	Unicorn-33700.exe
3244	3000	WerFault.exe	Unicorn-17364.exe
3332	2544	WerFault.exe	Unicorn-20894.exe
3624	3032	WerFault.exe	Unicorn-17495.exe
3672	3008	WerFault.exe	Unicorn-37038.exe
3756	1300	WerFault.exe	Unicorn-25139.exe
3940	2156	WerFault.exe	Unicorn-49653.exe
4060	952	WerFault.exe	Unicorn-43779.exe
3096	2572	WerFault.exe	Unicorn-62375.exe
3116	2748	WerFault.exe	Unicorn-17280.exe
3188	2636	WerFault.exe	Unicorn-17472.exe
3224	3024	WerFault.exe	Unicorn-29702.exe
3232	2888	WerFault.exe	Unicorn-39481.exe
3252	304	WerFault.exe	Unicorn-40249.exe
3304	1648	WerFault.exe	Unicorn-27059.exe
3368	840	WerFault.exe	Unicorn-27251.exe
3476	872	WerFault.exe	Unicorn-40899.exe
3500	2768	WerFault.exe	Unicorn-30217.exe
3504	2784	WerFault.exe	Unicorn-943.exe
3576	2584	WerFault.exe	Unicorn-46423.exe
3608	2616	WerFault.exe	Unicorn-23830.exe
3616	2960	WerFault.exe	Unicorn-17088.exe
3652	2340	WerFault.exe	Unicorn-559.exe
4044	976	WerFault.exe	Unicorn-27443.exe
3448	888	WerFault.exe	Unicorn-21086.exe
3560	2568	WerFault.exe	Unicorn-17495.exe
3788	2092	WerFault.exe	Unicorn-44490.exe
3824	2648	WerFault.exe	Unicorn-13991.exe
3404	2988	WerFault.exe	Unicorn-644.exe
3380	1968	WerFault.exe	Unicorn-1877.exe
3464	2040	WerFault.exe	Unicorn-18097.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exeUnicorn-941.exeUnicorn-26841.exeUnicorn-31440.exeUnicorn-4356.exeUnicorn-20693.exeUnicorn-17163.exeUnicorn-34702.exeUnicorn-47509.exeUnicorn-1645.exeUnicorn-63653.exeUnicorn-25216.exeUnicorn-5350.exeUnicorn-4281.exeUnicorn-7618.exeUnicorn-43689.exeUnicorn-47219.exeUnicorn-63555.exeUnicorn-54261.exeUnicorn-37410.exeUnicorn-53877.exeUnicorn-4484.exeUnicorn-17291.exeUnicorn-53493.exeUnicorn-40172.exeUnicorn-20629.exeUnicorn-17099.exeUnicorn-763.exeUnicorn-36965.exeUnicorn-35694.exeUnicorn-31095.exeUnicorn-18097.exeUnicorn-2445.exeUnicorn-64453.exeUnicorn-2253.exeUnicorn-13991.exeUnicorn-21086.exeUnicorn-17364.exeUnicorn-33700.exeUnicorn-20894.exeUnicorn-37038.exeUnicorn-17495.exeUnicorn-17495.exeUnicorn-644.exeUnicorn-53182.exeUnicorn-49653.exeUnicorn-25139.exeUnicorn-24624.exeUnicorn-44490.exeUnicorn-40899.exeUnicorn-40441.exeUnicorn-27443.exeUnicorn-43779.exeUnicorn-40249.exeUnicorn-27251.exeUnicorn-23721.exeUnicorn-59731.exeUnicorn-27059.exeUnicorn-39481.exeUnicorn-23830.exeUnicorn-17472.exeUnicorn-30278.exeUnicorn-943.exeUnicorn-943.exe

pid	process
3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
2464	Unicorn-941.exe
1276	Unicorn-26841.exe
812	Unicorn-31440.exe
2828	Unicorn-4356.exe
1580	Unicorn-20693.exe
2704	Unicorn-17163.exe
2064	Unicorn-34702.exe
2856	Unicorn-47509.exe
3012	Unicorn-1645.exe
2416	Unicorn-63653.exe
2764	Unicorn-25216.exe
344	Unicorn-5350.exe
2100	Unicorn-4281.exe
1184	Unicorn-7618.exe
1776	Unicorn-43689.exe
1676	Unicorn-47219.exe
2116	Unicorn-63555.exe
1848	Unicorn-54261.exe
448	Unicorn-37410.exe
2212	Unicorn-53877.exe
1664	Unicorn-4484.exe
692	Unicorn-17291.exe
1856	Unicorn-53493.exe
1032	Unicorn-40172.exe
752	Unicorn-20629.exe
2400	Unicorn-17099.exe
2296	Unicorn-763.exe
1860	Unicorn-36965.exe
2452	Unicorn-35694.exe
1924	Unicorn-31095.exe
2040	Unicorn-18097.exe
2272	Unicorn-2445.exe
2900	Unicorn-64453.exe
2840	Unicorn-2253.exe
2648	Unicorn-13991.exe
888	Unicorn-21086.exe
3000	Unicorn-17364.exe
1956	Unicorn-33700.exe
2544	Unicorn-20894.exe
3008	Unicorn-37038.exe
3032	Unicorn-17495.exe
2568	Unicorn-17495.exe
2988	Unicorn-644.exe
2492	Unicorn-53182.exe
2156	Unicorn-49653.exe
1300	Unicorn-25139.exe
852	Unicorn-24624.exe
2092	Unicorn-44490.exe
872	Unicorn-40899.exe
2072	Unicorn-40441.exe
976	Unicorn-27443.exe
952	Unicorn-43779.exe
304	Unicorn-40249.exe
840	Unicorn-27251.exe
1784	Unicorn-23721.exe
2436	Unicorn-59731.exe
1648	Unicorn-27059.exe
2888	Unicorn-39481.exe
2616	Unicorn-23830.exe
2636	Unicorn-17472.exe
2728	Unicorn-30278.exe
2088	Unicorn-943.exe
2784	Unicorn-943.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exeUnicorn-941.exeUnicorn-26841.exeUnicorn-31440.exeUnicorn-4356.exeUnicorn-20693.exeUnicorn-34702.exeUnicorn-17163.exe

description	pid	process	target process
PID 3056 wrote to memory of 2464	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-941.exe
PID 3056 wrote to memory of 2464	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-941.exe
PID 3056 wrote to memory of 2464	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-941.exe
PID 3056 wrote to memory of 2464	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-941.exe
PID 2464 wrote to memory of 812	2464	Unicorn-941.exe	Unicorn-31440.exe
PID 2464 wrote to memory of 812	2464	Unicorn-941.exe	Unicorn-31440.exe
PID 2464 wrote to memory of 812	2464	Unicorn-941.exe	Unicorn-31440.exe
PID 2464 wrote to memory of 812	2464	Unicorn-941.exe	Unicorn-31440.exe
PID 3056 wrote to memory of 1276	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-26841.exe
PID 3056 wrote to memory of 1276	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-26841.exe
PID 3056 wrote to memory of 1276	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-26841.exe
PID 3056 wrote to memory of 1276	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	Unicorn-26841.exe
PID 3056 wrote to memory of 2724	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	WerFault.exe
PID 3056 wrote to memory of 2724	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	WerFault.exe
PID 3056 wrote to memory of 2724	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	WerFault.exe
PID 3056 wrote to memory of 2724	3056	bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe	WerFault.exe
PID 1276 wrote to memory of 2828	1276	Unicorn-26841.exe	Unicorn-4356.exe
PID 1276 wrote to memory of 2828	1276	Unicorn-26841.exe	Unicorn-4356.exe
PID 1276 wrote to memory of 2828	1276	Unicorn-26841.exe	Unicorn-4356.exe
PID 1276 wrote to memory of 2828	1276	Unicorn-26841.exe	Unicorn-4356.exe
PID 812 wrote to memory of 1580	812	Unicorn-31440.exe	Unicorn-20693.exe
PID 812 wrote to memory of 1580	812	Unicorn-31440.exe	Unicorn-20693.exe
PID 812 wrote to memory of 1580	812	Unicorn-31440.exe	Unicorn-20693.exe
PID 812 wrote to memory of 1580	812	Unicorn-31440.exe	Unicorn-20693.exe
PID 2464 wrote to memory of 2704	2464	Unicorn-941.exe	Unicorn-17163.exe
PID 2464 wrote to memory of 2704	2464	Unicorn-941.exe	Unicorn-17163.exe
PID 2464 wrote to memory of 2704	2464	Unicorn-941.exe	Unicorn-17163.exe
PID 2464 wrote to memory of 2704	2464	Unicorn-941.exe	Unicorn-17163.exe
PID 2464 wrote to memory of 2592	2464	Unicorn-941.exe	WerFault.exe
PID 2464 wrote to memory of 2592	2464	Unicorn-941.exe	WerFault.exe
PID 2464 wrote to memory of 2592	2464	Unicorn-941.exe	WerFault.exe
PID 2464 wrote to memory of 2592	2464	Unicorn-941.exe	WerFault.exe
PID 2828 wrote to memory of 2064	2828	Unicorn-4356.exe	Unicorn-34702.exe
PID 2828 wrote to memory of 2064	2828	Unicorn-4356.exe	Unicorn-34702.exe
PID 2828 wrote to memory of 2064	2828	Unicorn-4356.exe	Unicorn-34702.exe
PID 2828 wrote to memory of 2064	2828	Unicorn-4356.exe	Unicorn-34702.exe
PID 1276 wrote to memory of 2856	1276	Unicorn-26841.exe	Unicorn-47509.exe
PID 1276 wrote to memory of 2856	1276	Unicorn-26841.exe	Unicorn-47509.exe
PID 1276 wrote to memory of 2856	1276	Unicorn-26841.exe	Unicorn-47509.exe
PID 1276 wrote to memory of 2856	1276	Unicorn-26841.exe	Unicorn-47509.exe
PID 1580 wrote to memory of 3012	1580	Unicorn-20693.exe	Unicorn-1645.exe
PID 1580 wrote to memory of 3012	1580	Unicorn-20693.exe	Unicorn-1645.exe
PID 1580 wrote to memory of 3012	1580	Unicorn-20693.exe	Unicorn-1645.exe
PID 1580 wrote to memory of 3012	1580	Unicorn-20693.exe	Unicorn-1645.exe
PID 812 wrote to memory of 2416	812	Unicorn-31440.exe	Unicorn-63653.exe
PID 812 wrote to memory of 2416	812	Unicorn-31440.exe	Unicorn-63653.exe
PID 812 wrote to memory of 2416	812	Unicorn-31440.exe	Unicorn-63653.exe
PID 812 wrote to memory of 2416	812	Unicorn-31440.exe	Unicorn-63653.exe
PID 1276 wrote to memory of 1652	1276	Unicorn-26841.exe	WerFault.exe
PID 1276 wrote to memory of 1652	1276	Unicorn-26841.exe	WerFault.exe
PID 1276 wrote to memory of 1652	1276	Unicorn-26841.exe	WerFault.exe
PID 1276 wrote to memory of 1652	1276	Unicorn-26841.exe	WerFault.exe
PID 812 wrote to memory of 2600	812	Unicorn-31440.exe	WerFault.exe
PID 812 wrote to memory of 2600	812	Unicorn-31440.exe	WerFault.exe
PID 812 wrote to memory of 2600	812	Unicorn-31440.exe	WerFault.exe
PID 812 wrote to memory of 2600	812	Unicorn-31440.exe	WerFault.exe
PID 2064 wrote to memory of 2764	2064	Unicorn-34702.exe	Unicorn-25216.exe
PID 2064 wrote to memory of 2764	2064	Unicorn-34702.exe	Unicorn-25216.exe
PID 2064 wrote to memory of 2764	2064	Unicorn-34702.exe	Unicorn-25216.exe
PID 2064 wrote to memory of 2764	2064	Unicorn-34702.exe	Unicorn-25216.exe
PID 2704 wrote to memory of 344	2704	Unicorn-17163.exe	Unicorn-5350.exe
PID 2704 wrote to memory of 344	2704	Unicorn-17163.exe	Unicorn-5350.exe
PID 2704 wrote to memory of 344	2704	Unicorn-17163.exe	Unicorn-5350.exe
PID 2704 wrote to memory of 344	2704	Unicorn-17163.exe	Unicorn-5350.exe

C:\Users\Admin\AppData\Local\Temp\bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe
"C:\Users\Admin\AppData\Local\Temp\bc38dccd9acf416765880c141ccd18db9afb026107478316dc5270d577f4a3de.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
9⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
10⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
11⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
12⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
13⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
14⤵
PID:10280

C:\Users\Admin\AppData\Local\Temp\Unicorn-59452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59452.exe
15⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 220
15⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
14⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
13⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
12⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
11⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
10⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
11⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
12⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
13⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
14⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 204
14⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
13⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
12⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
11⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
10⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
9⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
10⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
11⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
12⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
13⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
14⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
14⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
13⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
11⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
10⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
9⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
8⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
9⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
11⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
12⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
13⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
14⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 216
14⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
13⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 236
12⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
11⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
9⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
8⤵
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
9⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
11⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
12⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
13⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
14⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 204
14⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
13⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
12⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
11⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
10⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
9⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
8⤵
PID:496

C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
11⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
13⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
12⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
10⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 236
9⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
8⤵
- Program crash
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
8⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
9⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
10⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
11⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
12⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
13⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
14⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
14⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
13⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
12⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
11⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
10⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
11⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
13⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
13⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
12⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
10⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
9⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
11⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-4244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4244.exe
12⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
13⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 216
12⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
11⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
10⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
9⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
7⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
8⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
11⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
12⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
13⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 220
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
12⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
9⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
8⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
7⤵
- Program crash
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
6⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
9⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
11⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
12⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
13⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
14⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
14⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 220
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
12⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
10⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-8561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8561.exe
8⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
11⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
12⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
13⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
12⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
11⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
9⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
8⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
11⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
12⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
13⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 236
13⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 220
11⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
8⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
7⤵
- Program crash
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
7⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
8⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
11⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
12⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
13⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 236
13⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
12⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
9⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
8⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
10⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
11⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
12⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 220
12⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 220
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
8⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 220
7⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
9⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 220
10⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
8⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
13⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
13⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 220
11⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
7⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
9⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
11⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
12⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
13⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 220
13⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
11⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
8⤵
- Program crash
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
7⤵
- Program crash
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
11⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
8⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
10⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
11⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
12⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
12⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 220
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
10⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
8⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
7⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
6⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
11⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 204
12⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 236
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
7⤵
- Program crash
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
6⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
5⤵
- Program crash
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
8⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
11⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
12⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
13⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
13⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
12⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
10⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
11⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
12⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
13⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
13⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
12⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
11⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
8⤵
- Program crash
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
7⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
10⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
11⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
12⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
13⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
13⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
8⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
7⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
7⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
10⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
11⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 236
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 220
10⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
7⤵
- Program crash
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
6⤵
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
11⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 220
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
8⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
10⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
11⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
12⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 204
12⤵
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 220
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
10⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
8⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
7⤵
- Program crash
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
6⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
8⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
9⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
11⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
12⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
12⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
11⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 236
10⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
9⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
10⤵
PID:9640

C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
11⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
11⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
10⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 220
9⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
8⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
7⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
6⤵
- Program crash
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
5⤵
- Program crash
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
9⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
10⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
11⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
12⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
13⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
14⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 212
15⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
14⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
13⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
12⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
11⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
11⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
12⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
13⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
14⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
14⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 220
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 220
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
9⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-57128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57128.exe
11⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
12⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
13⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
14⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
14⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 220
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
12⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
11⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
10⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
9⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
8⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
9⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
11⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
12⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
13⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
14⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 220
13⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
12⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
11⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
10⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
9⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
8⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
8⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
12⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-54597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54597.exe
13⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
14⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
13⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
13⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 220
11⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
8⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
7⤵
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-31095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31095.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
8⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
13⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 236
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
11⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
12⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
13⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 220
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 220
8⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
11⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
12⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
10⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
8⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
7⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
6⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
8⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
11⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
12⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
13⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
13⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
12⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 236
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 216
9⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
8⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
7⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41157.exe
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
10⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
11⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
11⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
10⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
7⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
10⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
11⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
12⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 236
11⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
9⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
7⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
9⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-12157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12157.exe
10⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
11⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
10⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
9⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
8⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
6⤵
- Program crash
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
5⤵
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
9⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
11⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
12⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 220
11⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
10⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
9⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
8⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
7⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
8⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
8⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
9⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
10⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
11⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
11⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
10⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 220
8⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
7⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
7⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
9⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
10⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
11⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
12⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
12⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 236
10⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
9⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 216
8⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
7⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
6⤵
- Program crash
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
6⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
7⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
10⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
11⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
12⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 236
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
8⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
7⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
6⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
7⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
8⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
9⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
10⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
11⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
10⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
9⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
8⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
7⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
6⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
10⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
11⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
12⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
13⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
12⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
11⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
8⤵
- Program crash
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
7⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
9⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
10⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
10⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
9⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
8⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
10⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
11⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
12⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 204
12⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 220
11⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
7⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
8⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
9⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
10⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
11⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 236
10⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
9⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
6⤵
- Program crash
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-27059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27059.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
7⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
9⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
11⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
12⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 216
12⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
10⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
8⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
7⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
6⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
7⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
8⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
9⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
10⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
11⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
11⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
10⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
9⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
8⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
7⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
6⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
5⤵
- Program crash
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
6⤵
- Executes dropped EXE
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
7⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
10⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
11⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
12⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 220
12⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
11⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
10⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
7⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
6⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
8⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
9⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
10⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
11⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
10⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
9⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
7⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
6⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
5⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
6⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
9⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
10⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
11⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
10⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
9⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
8⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
7⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
6⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
7⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
8⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
9⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
10⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
10⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 220
9⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 236
8⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
7⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
6⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
5⤵
- Program crash
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
4⤵
- Program crash
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
2⤵
- Program crash
PID:2724

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
Filesize
184KB

MD5
e4e6f9ca40e929ef6b76e9775f366e34

SHA1
2bf474f9b954bce4146c4175adad14250db2c885

SHA256
84fe31e135a0061db9e1b2b2319cecfb109b9bd56c160b87d67b56d60c1824a8

SHA512
228f20f3c59bb8c1c60fe581aa503fa5427a5b26b9c4209bb688c49268be743a35c788084c4146f02e6a953859438467a2ccbb245fbbdf5190ce9e956e518e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
Filesize
184KB

MD5
345a1c563e768fc55a360b9e9a412cc4

SHA1
4a1a1807e65dc397188fd23682ef49ff757be634

SHA256
e2b0def5b7a6cc04fe3fcfc4657ec80e8213b11bdd61e3b07a19d627732d0882

SHA512
77fb0c0fa4f3ae15fa855a115089bab264d1c6cd1d07db9f8f58e977fe0794c65dd4cea22cff181f37b1910b82220196bf1cb23b3489467e9b0aa02d194e9314

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
Filesize
184KB

MD5
f3f0b6823b72a31c2e32a71f3c351f31

SHA1
bc1b6c9e15431bf93f959cbdd2424527e8cf44af

SHA256
d529a436d059985fabcbc866de9d2be7da44b93e34907ec8ccc45b3e11773e65

SHA512
9572be8a9df6f369baba61fe7484515e403ac0105048a3472a8ab63572b389abe2f28d51f06c2707bf8506b8df185ea8c5edb5c439f5d9afbd2032ca2492d465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
Filesize
184KB

MD5
4dbe59fd6ff1c6e664241953e15f60b3

SHA1
3a72fc4009237f3ec9682848a2c42a3fdcdacf3f

SHA256
95eb89eac9d42f2ea91fddff0b11c1263fb21dfafb55ffe219f66a3a04dd8c3c

SHA512
6761abc8442ac522c6ff215e4ac987b0e094f7e811f6ff88b6897052353e11dfbdaf8aec324f4c300eab90cf8633f4e44e6ba7ec6ee8c78d124006138d4de0d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
Filesize
184KB

MD5
2f6753b9abb749f0d9c612da53dff374

SHA1
50fb58a9b7a3f9b52a3d74ed7099aa08db7ac748

SHA256
c3d7be88ebeba148987d910deeec5f4ed132ea9f434923cef360d6fe2d1f790e

SHA512
c83ba5189b3a0aaa3db397ef4aa8d91454bbcc9409feceb501d192257c6e228c7171edc2fbfa48ba87219c1e22dc9a7d48778867114bd6d1b2a08b1c105d0b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
Filesize
184KB

MD5
9df952f862919b4087354e98630af1ad

SHA1
acaf6f8e52ec2506b5be861ecc1bc936a3c29a00

SHA256
3a1cc6c862876c5111215222abf82984bec41e82641c893b4ea6a21e53d35a1b

SHA512
9069646cf28fd30e95da376c3435d0afa2bd19877c5bf643dbecfece6d18ba9681fa58c4ea779b7dce0c194b75a88834ba1e4751674f920cfdd69b3190e54b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
Filesize
184KB

MD5
5e3e3c22c7b8f2e340b4a66a72f2af25

SHA1
a72e8db8aa8bd26f662a052e6e41d32bdcf50d4c

SHA256
51afa7d7d2e861a4806918519897ef96c4784c11160c4e53fe05c222f74e39a1

SHA512
b0f4f20728abc11dfb7267c1f630ae0551a92425b3155605aaeaf277bda7275472acf716284075566ecea516a187fe150e282edb2a460e4461b745523d8d5a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
Filesize
184KB

MD5
63dd2a62241bda2c910608ae8dafc3dc

SHA1
03d82a9307755a77e1471260a3cf6ccb8fb63a5f

SHA256
1738a79163e1ee75daaaa8207f17bdd22391cd1473136d0bd7280f2945eb5a96

SHA512
a62b60a3b5b00eda8e06abe753c0ee77bc8b0462d7b2d6179f2931d49e1d1b2fcdcfca17943e66e4e4bd97ff572ddea10a8fb9de8aefa0cd3c7b4ad2dcaa7fe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
Filesize
184KB

MD5
828dfd441523e6f9b5baecc2a11d9125

SHA1
14e654d44d4463545923d8cb03b38369ba4e1bd2

SHA256
0c9859e83d529871859f3b7d24d2d08e57479da29a87a6d6391d59ca47db8063

SHA512
ffd9f01f220dbca073cbb79af04b356cd558d5c9df7dda8af7bdbd1b4601eb33dd721e0f2e0cc977a123027d54b897f8e8265f494a496e6e6eac93a8b620e43f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
Filesize
184KB

MD5
722cdaa51b96ed1c3b35684954ee1679

SHA1
aec283cffda4150497cecfb3dacb8c5a9b2e8055

SHA256
8e3e16f3f0312d5a5e333cfc941a0a5c8b9de57f401aaef79bc32e2b8ae4452a

SHA512
af56f9d2fc97bbaf038484bafe678a1177e86a6f9e927502fc8ea10a67c58c50a99e862743c1a38e01ce14cf07034495597ce836e5a09ea1483bee852c8f192b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
Filesize
184KB

MD5
1c2460c63f9a7cea31eff455769fd273

SHA1
9e24e609ef7c4ee5f0fc430edc1445265a639ca3

SHA256
976cf262cacfa0388fd65e4f2fe4e2addc096ad730c3053f82cad95822ce9585

SHA512
88022d559bfe2e26d157bfbfa8e4d6b2e0b21f76594e8830f9b2869e1f0f89260bf66096bb3bc79a813a2d2c305120418160c34b3ec34daa73339dc10ee4e070

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
Filesize
184KB

MD5
80bcdbfe0be3f1b752edc6d8a50ae07b

SHA1
e29ace94c738abc006c92a05de712209d675d6b6

SHA256
660c6c2e62f900011d350154dcbe1ee5892993888feac305f4b1776ac25e5757

SHA512
29b08405e5f47b581828ac6853d940ad6fbe99f83be026ebc71e6699ae1a6f3cbc732c614b6b8382b48232772ee7a685d8acb8b29e985ffbc6f38f0054079486

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
Filesize
184KB

MD5
e2ec490e5da06f1fed8831c36519dab5

SHA1
4c2af575f6a84108169d2a2476a821544ce01e40

SHA256
cfe988502570a1982fe63d4160660b463317d97ecc3bd051525dba03a548faea

SHA512
97106fc29d21843d99105e162e5db949474ce87e123ece44d43a3eff236127edd4327834a9d7b4c1821cb493ec930ffb2687f6f901b3fac59d8632b025b38228

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
Filesize
184KB

MD5
ebe344e7c51fc1ec582c6a72b18aa5bb

SHA1
dddb88ffd03ab4c30507ba4739dddc4bc164a560

SHA256
7aa5fb6dd750c01cde60d54d9e04f346673a4cc7e2f014047914e5d83e0bf68f

SHA512
a7a70088ff9a208167f13105e308dc32aab8afd865ef4c9030823d7da32ec4b9a5eb2bc800e1cd85577377995e8380713dadac29dacac95ab012c7a5bc3e0719

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
Filesize
184KB

MD5
e87a05e9fca140490a1b51205b6ea200

SHA1
610c8ba95e0279715bf33904246072c39a6a4eed

SHA256
35ec24c2541e0fe913ff71d754d215bef15b4139112b25be42befb8960934104

SHA512
5fb4e616bc48296736db4520946b5c0f168c2ddc8d12d1f76a6ccb48cec82fc445ee5a62852b53b343bdb820ba93eaa2b2ffbf5d944ae8db1882b1363a126a57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
Filesize
184KB

MD5
cbc1e3cbaf80fc1ea4c1f3f274244f4c

SHA1
fc5a3b23f3626f38eb932f179f8dfab7fa7a684d

SHA256
7ddc506255a37de010ed74a2d8934565d0d60a15f8eaaff84b599666264e5f5a

SHA512
73d7a4387e85d01dfc4803b8042485adcb24dde99f3a2eabd3af70cce5428f4d3819f87a548ec7aa4c715f22eba937a047494a745880005ed618b4809e4f76e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
Filesize
184KB

MD5
32b5b09332fca4a3f1f948b6403e1735

SHA1
5c7244d83bd7305119456a60c5bebf4a1b49d64a

SHA256
ba4768225ffbe59eca4f27465c2a57f5bc9630f21b72c1edcf17d5719aade947

SHA512
cc252a4af59bc1cc81e37b35126db71778599b7b3e76afe81d2314d02f4c16fad74f2a29e27368ef7b8b0070270b46922ef9074c974c1a83bcf409b6d851f485

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
Filesize
184KB

MD5
b36c82ac2c73f682d173a5b4837ea69c

SHA1
54d932d864943bb8c58c16e9b379efd31aa3e859

SHA256
3811d6af5522889c9a72978a678ca6d09cea21cf09c0b74d0b9150c7857d2904

SHA512
f3e6eb7452f4f8d0639d5c7abdb6f1c8b2475044b6326f20c0b820ac2d0ddd10c8224be904b42a378a18c0459c3e3283c5368270cc98b71d0cc5bd92714d4a54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
Filesize
184KB

MD5
a3e0a7954a363103a81d2b7f933024ec

SHA1
519180983568fc1f2987e20aa7234e3f4a3f3ff2

SHA256
0dd0dafc1ee3bc39f4bd37873a59170d7c906aa6e62679a79c69dafe5fc5faf3

SHA512
f74b63491c84ee8d89439df311e8c5b57fbc5b629293946454440ce778ba2afdc17fd016dd93177e10348618d41fb790ecf675800d70088f9b3280dc41e411e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads