bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
Size

184KB
MD5

9517be7e2de8a330d18bd6d8ae062c05
SHA1

507f5aecb132dfca50ce495ff78bac612a87e61b
SHA256

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29
SHA512

7975d71a6e1d7fccb33b31dc75e64ac6f95a9e5867e2649414f390886879f02224ae7b159446d65fa370a7c4c34f9f7d876ba05df7bd14748871b18586a5bfcb
SSDEEP

3072:OlOPPoo6dRzTjW4WeinL+QwFhlnViFinY:OlNoIHW4+LPwFhlnViFi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-40983.exeUnicorn-7013.exeUnicorn-52685.exeUnicorn-23197.exeUnicorn-23197.exeUnicorn-3331.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exeUnicorn-39802.exeUnicorn-50566.exeUnicorn-42891.exeUnicorn-17318.exeUnicorn-55698.exeUnicorn-6497.exeUnicorn-59035.exeUnicorn-55434.exeUnicorn-51905.exeUnicorn-54858.exeUnicorn-54209.exeUnicorn-57546.exeUnicorn-56477.exeUnicorn-52948.exeUnicorn-23613.exeUnicorn-3747.exeUnicorn-39949.exeUnicorn-55185.exeUnicorn-35319.exeUnicorn-38657.exeUnicorn-57323.exeUnicorn-11651.exeUnicorn-44132.exeUnicorn-24074.exeUnicorn-43940.exeUnicorn-28481.exeUnicorn-8615.exeUnicorn-44625.exeUnicorn-43556.exeUnicorn-40026.exeUnicorn-43364.exeUnicorn-43364.exeUnicorn-39834.exeUnicorn-58888.exeUnicorn-37953.exeUnicorn-6158.exeUnicorn-26024.exeUnicorn-60507.exeUnicorn-28712.exeUnicorn-24113.exeUnicorn-56786.exeUnicorn-11114.exeUnicorn-43403.exeUnicorn-59355.exeUnicorn-10154.exeUnicorn-9697.exeUnicorn-49661.exeUnicorn-62235.exeUnicorn-45707.exeUnicorn-20134.exeUnicorn-58514.exeUnicorn-29179.exeUnicorn-29179.exeUnicorn-49277.exeUnicorn-41985.exe

pid	process
2972	Unicorn-40983.exe
2592	Unicorn-7013.exe
2836	Unicorn-52685.exe
2524	Unicorn-23197.exe
2180	Unicorn-23197.exe
2996	Unicorn-3331.exe
2632	Unicorn-7322.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2220	Unicorn-39802.exe
240	Unicorn-50566.exe
1248	Unicorn-42891.exe
2032	Unicorn-17318.exe
1740	Unicorn-55698.exe
2244	Unicorn-6497.exe
540	Unicorn-59035.exe
1580	Unicorn-55434.exe
1160	Unicorn-51905.exe
2356	Unicorn-54858.exe
2376	Unicorn-54209.exe
812	Unicorn-57546.exe
1492	Unicorn-56477.exe
976	Unicorn-52948.exe
1712	Unicorn-23613.exe
2816	Unicorn-3747.exe
2232	Unicorn-39949.exe
2340	Unicorn-55185.exe
2320	Unicorn-35319.exe
972	Unicorn-38657.exe
1548	Unicorn-57323.exe
1680	Unicorn-11651.exe
1760	Unicorn-44132.exe
2680	Unicorn-24074.exe
2544	Unicorn-43940.exe
2560	Unicorn-28481.exe
2724	Unicorn-8615.exe
2440	Unicorn-44625.exe
2704	Unicorn-43556.exe
2484	Unicorn-40026.exe
2500	Unicorn-43364.exe
312	Unicorn-43364.exe
2748	Unicorn-39834.exe
780	Unicorn-58888.exe
2956	Unicorn-37953.exe
960	Unicorn-6158.exe
1420	Unicorn-26024.exe
1376	Unicorn-60507.exe
1456	Unicorn-28712.exe
2288	Unicorn-24113.exe
1432	Unicorn-56786.exe
1040	Unicorn-11114.exe
452	Unicorn-43403.exe
920	Unicorn-59355.exe
1448	Unicorn-10154.exe
1800	Unicorn-9697.exe
1212	Unicorn-49661.exe
3064	Unicorn-62235.exe
1032	Unicorn-45707.exe
1896	Unicorn-20134.exe
2044	Unicorn-58514.exe
1564	Unicorn-29179.exe
2808	Unicorn-29179.exe
2076	Unicorn-49277.exe
2520	Unicorn-41985.exe

Loads dropped DLL 64 IoCs

Processes:

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exeUnicorn-40983.exeUnicorn-52685.exeUnicorn-7013.exeWerFault.exeUnicorn-23197.exeUnicorn-3331.exeWerFault.exeWerFault.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exeUnicorn-39802.exeWerFault.exeWerFault.exeUnicorn-50566.exeUnicorn-17318.exe

pid	process
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2972	Unicorn-40983.exe
2972	Unicorn-40983.exe
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2972	Unicorn-40983.exe
2836	Unicorn-52685.exe
2836	Unicorn-52685.exe
2592	Unicorn-7013.exe
2972	Unicorn-40983.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2592	Unicorn-7013.exe
2592	Unicorn-7013.exe
2524	Unicorn-23197.exe
2524	Unicorn-23197.exe
2996	Unicorn-3331.exe
2996	Unicorn-3331.exe
2836	Unicorn-52685.exe
2836	Unicorn-52685.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
276	WerFault.exe
276	WerFault.exe
276	WerFault.exe
276	WerFault.exe
956	WerFault.exe
276	WerFault.exe
2632	Unicorn-7322.exe
2632	Unicorn-7322.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2524	Unicorn-23197.exe
2524	Unicorn-23197.exe
2996	Unicorn-3331.exe
2996	Unicorn-3331.exe
2220	Unicorn-39802.exe
2220	Unicorn-39802.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
240	Unicorn-50566.exe
240	Unicorn-50566.exe
2632	Unicorn-7322.exe
2632	Unicorn-7322.exe
2032	Unicorn-17318.exe
2032	Unicorn-17318.exe
1532	Unicorn-59668.exe
1532	Unicorn-59668.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2720	2192	WerFault.exe	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2968	2972	WerFault.exe	Unicorn-40983.exe
276	2592	WerFault.exe	Unicorn-7013.exe
956	2836	WerFault.exe	Unicorn-52685.exe
1424	2524	WerFault.exe	Unicorn-23197.exe
940	2996	WerFault.exe	Unicorn-3331.exe
1228	2796	WerFault.exe	Unicorn-43332.exe
568	1532	WerFault.exe	Unicorn-59668.exe
1440	2220	WerFault.exe	Unicorn-39802.exe
1500	240	WerFault.exe	Unicorn-50566.exe
1084	2032	WerFault.exe	Unicorn-17318.exe
864	1248	WerFault.exe	Unicorn-42891.exe
2256	540	WerFault.exe	Unicorn-59035.exe
1952	1740	WerFault.exe	Unicorn-55698.exe
2260	2244	WerFault.exe	Unicorn-6497.exe
3000	1580	WerFault.exe	Unicorn-55434.exe
2692	1160	WerFault.exe	Unicorn-51905.exe
1656	2356	WerFault.exe	Unicorn-54858.exe
2776	2376	WerFault.exe	Unicorn-54209.exe
2140	812	WerFault.exe	Unicorn-57546.exe
1796	1492	WerFault.exe	Unicorn-56477.exe
2880	1712	WerFault.exe	Unicorn-23613.exe
2028	976	WerFault.exe	Unicorn-52948.exe
848	2816	WerFault.exe	Unicorn-3747.exe
600	2232	WerFault.exe	Unicorn-39949.exe
2752	2340	WerFault.exe	Unicorn-55185.exe
2800	972	WerFault.exe	Unicorn-38657.exe
2184	1548	WerFault.exe	Unicorn-57323.exe
2272	1680	WerFault.exe	Unicorn-11651.exe
3036	1760	WerFault.exe	Unicorn-44132.exe
2876	2680	WerFault.exe	Unicorn-24074.exe
2604	2544	WerFault.exe	Unicorn-43940.exe
2540	2560	WerFault.exe	Unicorn-28481.exe
2512	2724	WerFault.exe	Unicorn-8615.exe
2196	2484	WerFault.exe	Unicorn-40026.exe
2160	2500	WerFault.exe	Unicorn-43364.exe
2632	312	WerFault.exe	Unicorn-43364.exe
2056	2704	WerFault.exe	Unicorn-43556.exe
2052	2440	WerFault.exe	Unicorn-44625.exe
3552	780	WerFault.exe	Unicorn-58888.exe
3580	2956	WerFault.exe	Unicorn-37953.exe
3604	1376	WerFault.exe	Unicorn-60507.exe
3656	2288	WerFault.exe	Unicorn-24113.exe
3752	1420	WerFault.exe	Unicorn-26024.exe
3820	960	WerFault.exe	Unicorn-6158.exe
3360	1432	WerFault.exe	Unicorn-56786.exe
3384	1040	WerFault.exe	Unicorn-11114.exe
3372	3064	WerFault.exe	Unicorn-62235.exe
3528	2076	WerFault.exe	Unicorn-49277.exe
3792	1212	WerFault.exe	Unicorn-49661.exe
3160	452	WerFault.exe	Unicorn-43403.exe
3452	1516	WerFault.exe	Unicorn-62038.exe
3836	2208	WerFault.exe	Unicorn-6361.exe
3532	2520	WerFault.exe	Unicorn-41985.exe
4024	3060	WerFault.exe	Unicorn-39418.exe
3868	300	WerFault.exe	Unicorn-12261.exe
4108	1896	WerFault.exe	Unicorn-20134.exe
4148	920	WerFault.exe	Unicorn-59355.exe
4164	108	WerFault.exe	Unicorn-23824.exe
4188	2264	WerFault.exe	Unicorn-7103.exe
4196	2496	WerFault.exe	Unicorn-26128.exe
4212	2664	WerFault.exe	Unicorn-20102.exe
4280	2424	WerFault.exe	Unicorn-57565.exe
4316	2572	WerFault.exe	Unicorn-60253.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exeUnicorn-40983.exeUnicorn-7013.exeUnicorn-52685.exeUnicorn-23197.exeUnicorn-3331.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exeUnicorn-39802.exeUnicorn-50566.exeUnicorn-42891.exeUnicorn-17318.exeUnicorn-59035.exeUnicorn-6497.exeUnicorn-55698.exeUnicorn-55434.exeUnicorn-51905.exeUnicorn-54858.exeUnicorn-54209.exeUnicorn-57546.exeUnicorn-56477.exeUnicorn-3747.exeUnicorn-52948.exeUnicorn-23613.exeUnicorn-39949.exeUnicorn-55185.exeUnicorn-38657.exeUnicorn-11651.exeUnicorn-57323.exeUnicorn-44132.exeUnicorn-24074.exeUnicorn-43940.exeUnicorn-8615.exeUnicorn-28481.exeUnicorn-40026.exeUnicorn-43556.exeUnicorn-44625.exeUnicorn-43364.exeUnicorn-43364.exeUnicorn-58888.exeUnicorn-37953.exeUnicorn-6158.exeUnicorn-26024.exeUnicorn-60507.exeUnicorn-24113.exeUnicorn-28712.exeUnicorn-56786.exeUnicorn-11114.exeUnicorn-43403.exeUnicorn-59355.exeUnicorn-10154.exeUnicorn-9697.exeUnicorn-49661.exeUnicorn-62235.exeUnicorn-45707.exeUnicorn-20134.exeUnicorn-58514.exeUnicorn-29179.exeUnicorn-29179.exeUnicorn-49277.exeUnicorn-61851.exeUnicorn-41985.exeUnicorn-16412.exe

pid	process
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2972	Unicorn-40983.exe
2592	Unicorn-7013.exe
2836	Unicorn-52685.exe
2524	Unicorn-23197.exe
2996	Unicorn-3331.exe
2632	Unicorn-7322.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2220	Unicorn-39802.exe
240	Unicorn-50566.exe
1248	Unicorn-42891.exe
2032	Unicorn-17318.exe
540	Unicorn-59035.exe
2244	Unicorn-6497.exe
1740	Unicorn-55698.exe
1580	Unicorn-55434.exe
1160	Unicorn-51905.exe
2356	Unicorn-54858.exe
2376	Unicorn-54209.exe
812	Unicorn-57546.exe
1492	Unicorn-56477.exe
2816	Unicorn-3747.exe
976	Unicorn-52948.exe
1712	Unicorn-23613.exe
2232	Unicorn-39949.exe
2340	Unicorn-55185.exe
972	Unicorn-38657.exe
1680	Unicorn-11651.exe
1548	Unicorn-57323.exe
1760	Unicorn-44132.exe
2680	Unicorn-24074.exe
2544	Unicorn-43940.exe
2724	Unicorn-8615.exe
2560	Unicorn-28481.exe
2484	Unicorn-40026.exe
2704	Unicorn-43556.exe
2440	Unicorn-44625.exe
2500	Unicorn-43364.exe
312	Unicorn-43364.exe
780	Unicorn-58888.exe
2956	Unicorn-37953.exe
960	Unicorn-6158.exe
1420	Unicorn-26024.exe
1376	Unicorn-60507.exe
2288	Unicorn-24113.exe
1456	Unicorn-28712.exe
1432	Unicorn-56786.exe
1040	Unicorn-11114.exe
452	Unicorn-43403.exe
920	Unicorn-59355.exe
1448	Unicorn-10154.exe
1800	Unicorn-9697.exe
1212	Unicorn-49661.exe
3064	Unicorn-62235.exe
1032	Unicorn-45707.exe
1896	Unicorn-20134.exe
2044	Unicorn-58514.exe
2808	Unicorn-29179.exe
1564	Unicorn-29179.exe
2076	Unicorn-49277.exe
2024	Unicorn-61851.exe
2520	Unicorn-41985.exe
1604	Unicorn-16412.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exeUnicorn-40983.exeUnicorn-52685.exeUnicorn-7013.exeUnicorn-23197.exeUnicorn-3331.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exe

description	pid	process	target process
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe

C:\Users\Admin\AppData\Local\Temp\bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
"C:\Users\Admin\AppData\Local\Temp\bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
4⤵
- Executes dropped EXE
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
9⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
10⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
11⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
12⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
13⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
14⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
14⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
13⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
12⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
11⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
11⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
12⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
13⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
13⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
12⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
11⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
9⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
10⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
11⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
12⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
13⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
13⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
12⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
11⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
10⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
9⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
8⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
9⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
11⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
12⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
13⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 236
13⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
12⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
11⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
10⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
10⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
11⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
12⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
10⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
9⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
8⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
8⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
9⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
10⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
11⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
12⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
13⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
11⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
11⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
9⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
12⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
11⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
10⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 220
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
8⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
10⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
12⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
11⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
10⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
10⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
8⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
6⤵
- Executes dropped EXE
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
6⤵
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
8⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
10⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
11⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
12⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
11⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
9⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
11⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
11⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
8⤵
- Program crash
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
12⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
11⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
10⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
11⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
11⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
8⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
7⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
7⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
11⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
12⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
12⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
10⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-49975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49975.exe
11⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
10⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
7⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
11⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
10⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
7⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
6⤵
- Program crash
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
9⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
10⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
11⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
12⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
13⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
12⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
11⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
11⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
12⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
8⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
12⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 236
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
11⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
10⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
9⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
8⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
9⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
10⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
11⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
12⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
13⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
13⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
12⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
11⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
9⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 220
10⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
8⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
10⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
11⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
9⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
8⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
7⤵
- Program crash
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
8⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
10⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
11⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
11⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
12⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
12⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 220
11⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
9⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 240
10⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
9⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
11⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
11⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
12⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
12⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 220
11⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
9⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 220
8⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
7⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
9⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
8⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
11⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
12⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
13⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
13⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 220
12⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
11⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
12⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
12⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
10⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
11⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
10⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 220
8⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
10⤵
PID:8472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
11⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
11⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
10⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
7⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
11⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
12⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
11⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
10⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
11⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
11⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
7⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
9⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
10⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 220
11⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 220
10⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
8⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
7⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
6⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
5⤵
- Program crash
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
8⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
11⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
12⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
10⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
10⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
11⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
10⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
8⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
7⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
10⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
10⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
11⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 220
11⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 220
10⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
9⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
8⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
7⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
7⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
10⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
11⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
10⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
8⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
7⤵
- Program crash
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
6⤵
- Program crash
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
5⤵
- Executes dropped EXE
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
5⤵
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
9⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
11⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
12⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
13⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
14⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
14⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
12⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
11⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
10⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
11⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
12⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
11⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
11⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
12⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
10⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 220
9⤵
- Program crash
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
8⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
11⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
9⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
9⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
10⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
11⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
12⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
10⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
9⤵
- Program crash
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
7⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
8⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
10⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
11⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
12⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 236
11⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
11⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
10⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
8⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
10⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
8⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
7⤵
- Program crash
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
6⤵
- Program crash
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
8⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
11⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
12⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
12⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
10⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
9⤵
- Program crash
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
10⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
11⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
10⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
10⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
11⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 220
11⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
10⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
11⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
11⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
9⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
8⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
9⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
10⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
10⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
9⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
8⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
7⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
6⤵
- Program crash
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
5⤵
- Program crash
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
12⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
10⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
9⤵
- Program crash
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
10⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
11⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
11⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
8⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
10⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
11⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
11⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
8⤵
- Program crash
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
11⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
10⤵
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
9⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
8⤵
- Program crash
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
8⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
9⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
10⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
10⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 236
9⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
8⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
7⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
6⤵
- Program crash
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
7⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
10⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
11⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
11⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 216
8⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
8⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
9⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
10⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
10⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
9⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
8⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
7⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
6⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
7⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
8⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
9⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
10⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
10⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
9⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
8⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
7⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
6⤵
- Program crash
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
5⤵
- Program crash
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
8⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
11⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 220
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
11⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
8⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
7⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
10⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
11⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
11⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 220
10⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
8⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
7⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
10⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 236
11⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
10⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
8⤵
- Program crash
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
7⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
7⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
6⤵
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
9⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
10⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
10⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
9⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
8⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
7⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
6⤵
- Program crash
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
5⤵
- Program crash
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
7⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
10⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
10⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31666.exe
10⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
10⤵
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
9⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
9⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
10⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
10⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
9⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 220
7⤵
- Program crash
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
6⤵
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
6⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
7⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
9⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 220
10⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 220
9⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
8⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
7⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
6⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
7⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
8⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
9⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
9⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
8⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
7⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
6⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
5⤵
- Program crash
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
4⤵
- Program crash
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
2⤵
- Program crash
PID:2720

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
Filesize
184KB

MD5
eb137011ef22de5a18fee12969d1939e

SHA1
53ad141accf12393b08335e046269d33f472113a

SHA256
7bfc097e93064ab6ce7ebf5c2108f029477a18833b45f0c98783b384805b893c

SHA512
c71dbe3ab828177810924d2b58bca583b7f0567d65883e6df76e2ec1c57c254534e3ff3f8ee7cfbb1be5b9d771ed62c41cfba3cbe6e2014ce48429e036ff3dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
Filesize
184KB

MD5
6ee9ca5bb1b3c61720d28eae5a90a4ca

SHA1
988b94fd93e106b7370d2e904947188d84a2bb15

SHA256
53e802155cb26e1d03aec6afc2e93874d4f331a80bb00e68558d4ed6be6fb467

SHA512
ac79632d9e378118e0d03410f7a783f9e30aed345b7bfcdec1eec3cc095e21b2f17364e80b7147d2dd0dbcfb8d84328a35d0bd3a1a2e0651655f357afc673790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
Filesize
184KB

MD5
335f3e1e82e8651ce1db7b4eef650822

SHA1
e045d99d4a25166dbfe96d58bac3e0f7eb6b4109

SHA256
c2fd468270365091170c756e14df6ff53d8b62844ebfcbf3dedf164d486e55dd

SHA512
a2ffc6b3845acf250d66d48ad684d4c05270bcef0ebd004533710a5be13d54b8d05afba02498ddeb83978e40becad54859f3eebff164ab4e573f42326196ec30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
Filesize
184KB

MD5
3f15e0072117053364d83742779a549b

SHA1
dc0e51d8556ae519839dd2c4443805c30d9bc5ec

SHA256
b781f8262147fb9a7e15dbaf0b636ca5fc914c80e9a997dc42fa2ac2ae05eda1

SHA512
6095fe1c14b6be0566462db3be5752fcf7192378b52d6acc5e846e97e09b37ab77e62f4f3178c5c10068cf9a95aaed0bc62617a0c3dac8339a2e0b8ff667fe5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
Filesize
184KB

MD5
7b46f03d5e4b9f99812c9b1333b99d71

SHA1
c0388ead54cda05e97a1ca5ff5eacf6a3dff2bf0

SHA256
5b2ccf42e9931d2cb45a22c3b59757174e141c1fd9b41b289478667de9936cef

SHA512
338dc0eedf7db14bc6bb6741b54632f8ed3db8abdb183f82deb0b967d43b4b9b7cc7a78e1fb9ddc01ba32d6e8afcea2120c7732ccaf8ca2c3304d2604cf415a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
Filesize
184KB

MD5
b2c025ae966457dd414849c519839035

SHA1
b343af2fc5fece40ca625be8f56f947421b3bbde

SHA256
0d7815ecb187ff09741efeaf345e875d076a0fb59118e6ba27be151c0c3a1a2d

SHA512
7bc6695d23bcfba679adf37659cde0630ce635750b7fa37d8e0eab1297e5dfc26935b5d60a9704382641d1ac6c85e6811598fbac5b018cc22c80b313e49e5ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
Filesize
184KB

MD5
1a70a6b1df0383664847b7b1291d1c7b

SHA1
af81fc010a4e1769bca80de5418df4c9ea2c9000

SHA256
55e8047a9ab4d9c8dc37ef7f655c1678c4256355cf548fdec2de79514b6305a9

SHA512
298c6e9e88369374b79feb42528fa822766ec1b908ed15f955945fc3caf0d5156c749e737217e92bb70f83ddb2f8f21c105c7d5c8681b4fc965b6ac92072986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
Filesize
184KB

MD5
42040ca361e09dd3513b3e1f11599cc3

SHA1
965fb08aaceba1573280c7c6a62ae73bb127bbb9

SHA256
f135a5d6a4d011db566683b2ea7c78e346b19a751af7d5394361bbb106a07649

SHA512
1804f3e4ade539cd679276290cc3d4490a9250f81d5a9dddb042ed5f5080ad26294a441be32b2580568e0b376ccdea4ecbb6089b3d9e2d98d7178673cc9f76d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
Filesize
184KB

MD5
3cf51c412ca0fc26b2ef52f2da943abf

SHA1
e4e16d1079fb07aaca20beab834e417d93f10697

SHA256
b90218144092d6fe10366c624559f3e345e0a31b536a9e2c4a19c1ec7aadcbee

SHA512
88c5d449024f823d41c47d1e630618a700fa5c65a040756fe5064d100b7cd78477006dcd535aff3480083db8e8aee560bb3a100a752f06010fd0087357571d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
Filesize
184KB

MD5
0f7787f2ba3e717c47508b840859b52b

SHA1
db9008ae394febb43586f0a8044b074efcaa9b79

SHA256
1d1ae942e4510ea21ca72c06091a47b08af61fc908cb262db9994f7b20248a94

SHA512
cf91a4c6fc4fa896894bda1fccd4f4576a8469afbb52e5bfca50213e845c5f46f6704377a427263bef2fbe759846721e065a2ceb30be6e2b866d1ad5e422a4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
Filesize
184KB

MD5
a38e86e8278a7f28f8e2383e23c18653

SHA1
8e37cb20fafc853d404619f1bfeb34b2502edb34

SHA256
c1f959daaff3c104a83f9c69bf25cf56c8eb98f317f3fbcca0cb646fdcca486f

SHA512
09d870f3b1c9c02c481ef836d4ad718a2fb110ae84006948e999c70da8db80d30d2bb4178894bea20e5723d4caa786449455f7bfd898333dad7b4ac387ed683f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
Filesize
184KB

MD5
1d1aa6b11ee535d0622e72c33546fb74

SHA1
ed42a6ed228efcc3ad408fe6247e93e1f47604ab

SHA256
eb2453ac21a1e41e7ae05093b28475575e373066fed591da25b8f8a6be5a7247

SHA512
c28d219ed0436bab473a943e0b6678aeb52ef12f5a1c4ec6de4d1e6258bc44e2af6a02bb26af7b27e73cc150678c29b9c4bc378b23a719789ac938bcd8a59124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
Filesize
184KB

MD5
d2bd4819a3ed5bff7380de187454ff98

SHA1
dc34d5e3eb1c56fc37b5d0bfa5a6fd126c3a3946

SHA256
615c7081167652ae12ec24607659b3f8bf8113b0464dc5be47d6562aaa3f8934

SHA512
3dd726e785e5b5e1737287a8c6a2bd916572f4ca9934ba006b00651d26a8b913b230f034328f52d4c30b9afad703967e9c282372abdf8db78d9149ec81ae9515

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
Filesize
184KB

MD5
e07902e48687fa7ae471813e4e39a0ce

SHA1
61a8fbb537b1f69b5cc7b5d44e90606661bb0f2d

SHA256
0d92c3bc6c1449d32baad10a4fbee6142be3d88767f577bde3e9e96d9f47da23

SHA512
7846d6c1c815e5b56ffbeea321734b9948f93b888143cb5565f364d97732e3f8c8d76ff93cd764f10c41655a121f00165877b32c77907a60dc6f947bb2e52bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
Filesize
184KB

MD5
dfe8f39e6cb4a4ac4d9415227752ead3

SHA1
a5d5b748598b7de8bb704c7b0032e1e793f47ec4

SHA256
5a263b13ffc5249a29f82b1a507ecc79af9731c1e78041f64fa6710c36fb3582

SHA512
cc4f733ecfd6bad75af5f273d526ec04969f62c6e106deb733d0aba1051c2285833e4e9a70c11e422420dd31c86bea7bdda863b83ccea28cb131bf2bded38a2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
Filesize
184KB

MD5
1616bdad7285594af642968c6e7e3205

SHA1
3cefbb40c8c4d7405d1b0b19767c1ff84cc4a317

SHA256
0fab62dfdb6ca51d6df6006ea106f9089bd7c6c9b42cc11bb13c38e21784d145

SHA512
8b4f1708c53bf603acc52f2bbe06915ca13251ab7ff84d4fdf68c508f583080f4a82851693d30844b96482a3bcdd6a53677dd7e4bee1cfc73f59d2d41e20999d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
Filesize
184KB

MD5
2ac5277e3430c27233a0d7bf33b381b7

SHA1
b89ac8739db227fe61c678882fd70a76829f5a27

SHA256
200e83937addb1cc40e4296d977994a18baf2dd84bc20aa19d0f0d97e36ef060

SHA512
f98becd84724199f75a788db843032fd6216138995792a456af1882010a6f327de34d04c3896fb88c6f9c1dd0e697534275716492dbe222513b9210eb62a17b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
Filesize
184KB

MD5
551967951aab483e6aeb3ebab856f451

SHA1
f5cdce6e2965aaf4d21df68adcff8f7db9d1839c

SHA256
90d3a5c15a7d5269354fba3e534589efef0e66eba8360df1caf1275fc3a7589e

SHA512
a83955ca1d3715466046628073f51f8f762bd0e159113abe37a49a7c43e54e16391e3f484001c87eb66e21dd860233c03ffef96ac96c87c9a716ecc435b11f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
Filesize
184KB

MD5
81693b2070f7f10f5f17b80496c86633

SHA1
4ef31ad036d04c05ea33559511cc505fa2402694

SHA256
3a783e8fcf59c4b005717188083ba39df3835705cd9107dceed57ee7cdf97d61

SHA512
355c1e40bf3d38d8ac04770b39e6e2053bbf8264172fa6498b55a725a67cbc3989d9225c8fc8c814f799b6045e0922629c1560ed8d719411195c12892f05c941

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
Filesize
184KB

MD5
b8035b1f0637968614e25a31810cb292

SHA1
65b6ffadd50fd1f7cb5becb39e16f09e0ba78406

SHA256
cdfca09f2a7086f48f29788bf1ef4be6e4460338b6f92513e49bcdb7e452d3f1

SHA512
cc209ed4b329ddea8e24c57ffce67729580f60bfc2881a6e448649c90c574e4c8b58c2a7bfb65bbea114cd474d4a3ee1b3e0e2ebb0aa1989a9289d484ad3a6dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
Filesize
184KB

MD5
94a3a70124ba20d47e2cfe744f557cc8

SHA1
450ca67d152eb940eebc55e9fec54bd28d745957

SHA256
80636178c75069ae8391be5ff28377ed146d66ce50acd71f5575d009c03dc789

SHA512
34615bef1360d6894a86a613f409d38ec5f11832b7e54c145505530e214ce7636236802e81afcc63189bc79b4210e434d3eed98379001a3f45772e28b97c9b15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
Filesize
184KB

MD5
71c05fdeab46ceb1d4932568cbb8c4cb

SHA1
171740bf71ec412fea15c32e20fe3f60a371b0f8

SHA256
048aed4d89e18b1fb938a453add16433fd9c18992d93cf07071d869ac1036fc4

SHA512
266a7b59538408f1a5e49a84b8727f942f91e7b5d4a81e3c703f8b4c6e510ae0c33c87a72d4060c9e3f4ccc9786e46a0b65f97a9dfb010615f5a0c9a20f73160

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
Filesize
184KB

MD5
2e2b3df167b581fc453d14e15ba85d46

SHA1
57ebe6c76eeb0f9d8a178c8f09e383f99b8fe2e0

SHA256
5a9b6477f06d670e5b1ce20df54ab040dda7245b3d383695b47cc8ef9f0e9ba8

SHA512
12ff38b3484c9db8dc90ac22540e49fa921a57d0c372bc7283c2c45afcf781c4e918c2adcb32059abb13fcad37beb08e164620cec6a587f222195ae2a890faa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
Filesize
184KB

MD5
9fea5adf66f0fd9c679e519345bf9803

SHA1
d27a2456ab076a9a4d426150fef6c16ca198d92e

SHA256
4bd136ed317b8c2c4cb67dd92de6ff35e61e66748da42502e07721954750ca6d

SHA512
39f97fc47fad4528dbfe62d6e9e200a49edd104a9fd93b48f47669b4c334ec197a2d0adc25b8f4c79227131d72a75c8c25f7ae576d0c0df540c70c167eb9d627

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
Filesize
184KB

MD5
60784e3bc8108b02c2902e5884bde915

SHA1
0f4eeb4cd7d877423d30fe49aad88b0274baaf1b

SHA256
094a6fc55b55d66f239f247b6fc0bcac5332571f1ef3137d24ca6d2894af9238

SHA512
bbf3f125766ee6729faea6fe9c70641f6f473144890afed43735af9346c01508ae65f1c6d937e1d6dc0d40e7f2304d14cbe2a8bdf663e66d94daf5a7fa6c443e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
Filesize
184KB

MD5
82d0cc1b93a87f6033a992ce5a68bdfb

SHA1
4e4c64f9f0c932e73edcf9f4fb75c0a3dfd638c8

SHA256
eae75c882ded4d7606897fd86c713d90883c1bc408c74891143aeb65d3b32f30

SHA512
4671a09ab0c54f618821e385a3b16f72ec502e6999f326d250995fe7c5d42a0c1369e078d61e4a8c088b9c8f60c53f9280a1ce292a706fde7cbe8c05163321b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads