bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
Size

184KB
MD5

29885717710e3514291f289e40608d3f
SHA1

62ef7568982870926d48561e37a18f9da1bd0305
SHA256

bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83
SHA512

8fcc9196657e935e54a172af71e4dc6ce1d605068fffa9774197276be5ef0ecc35bec7a31084d0a2fafa0bed0f26c7a6f23050913cbc08bd8816b69a33f673d7
SSDEEP

3072:++Ind8ofFRSadjVl2TwDg1VhlnzxFin3:++JoaWjVHM1VhlnzxFi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-59514.exeUnicorn-40333.exeUnicorn-60199.exeUnicorn-407.exeUnicorn-49608.exeUnicorn-46079.exeUnicorn-55101.exeUnicorn-2371.exeUnicorn-5900.exeUnicorn-6777.exeUnicorn-51380.exeUnicorn-57831.exeUnicorn-27140.exeUnicorn-14141.exeUnicorn-60135.exeUnicorn-43284.exeUnicorn-59943.exeUnicorn-10742.exeUnicorn-59429.exeUnicorn-16571.exeUnicorn-62242.exeUnicorn-65195.exeUnicorn-343.exeUnicorn-44946.exeUnicorn-49352.exeUnicorn-61090.exeUnicorn-65496.exeUnicorn-48511.exeUnicorn-2839.exeUnicorn-19176.exeUnicorn-4463.exeUnicorn-24329.exeUnicorn-39949.exeUnicorn-14930.exeUnicorn-51132.exeUnicorn-55325.exeUnicorn-2595.exeUnicorn-58506.exeUnicorn-8236.exeUnicorn-21043.exeUnicorn-38256.exeUnicorn-58122.exeUnicorn-8729.exeUnicorn-41402.exeUnicorn-28656.exeUnicorn-47453.exeUnicorn-12128.exeUnicorn-31994.exeUnicorn-44801.exeUnicorn-11952.exeUnicorn-60961.exeUnicorn-9300.exeUnicorn-12253.exeUnicorn-8724.exeUnicorn-15133.exeUnicorn-11604.exeUnicorn-64142.exeUnicorn-30510.exeUnicorn-43316.exeUnicorn-59134.exeUnicorn-65486.exeUnicorn-9549.exeUnicorn-30292.exeUnicorn-62580.exe

pid	process
2112	Unicorn-59514.exe
3052	Unicorn-40333.exe
2680	Unicorn-60199.exe
2756	Unicorn-407.exe
1152	Unicorn-49608.exe
2760	Unicorn-46079.exe
1924	Unicorn-55101.exe
2904	Unicorn-2371.exe
2824	Unicorn-5900.exe
2388	Unicorn-6777.exe
2472	Unicorn-51380.exe
2416	Unicorn-57831.exe
1648	Unicorn-27140.exe
2256	Unicorn-14141.exe
852	Unicorn-60135.exe
2172	Unicorn-43284.exe
596	Unicorn-59943.exe
376	Unicorn-10742.exe
588	Unicorn-59429.exe
2116	Unicorn-16571.exe
844	Unicorn-62242.exe
952	Unicorn-65195.exe
1948	Unicorn-343.exe
948	Unicorn-44946.exe
2576	Unicorn-49352.exe
1724	Unicorn-61090.exe
2724	Unicorn-65496.exe
1920	Unicorn-48511.exe
2884	Unicorn-2839.exe
2996	Unicorn-19176.exe
3040	Unicorn-4463.exe
1772	Unicorn-24329.exe
2700	Unicorn-39949.exe
2708	Unicorn-14930.exe
2504	Unicorn-51132.exe
2200	Unicorn-55325.exe
2484	Unicorn-2595.exe
2804	Unicorn-58506.exe
2348	Unicorn-8236.exe
2928	Unicorn-21043.exe
2924	Unicorn-38256.exe
1984	Unicorn-58122.exe
276	Unicorn-8729.exe
1056	Unicorn-41402.exe
1388	Unicorn-28656.exe
1552	Unicorn-47453.exe
2800	Unicorn-12128.exe
1776	Unicorn-31994.exe
2264	Unicorn-44801.exe
1252	Unicorn-11952.exe
2196	Unicorn-60961.exe
1528	Unicorn-9300.exe
2436	Unicorn-12253.exe
1708	Unicorn-8724.exe
2176	Unicorn-15133.exe
3024	Unicorn-11604.exe
2364	Unicorn-64142.exe
2652	Unicorn-30510.exe
2844	Unicorn-43316.exe
2212	Unicorn-59134.exe
2976	Unicorn-65486.exe
2920	Unicorn-9549.exe
1908	Unicorn-30292.exe
2040	Unicorn-62580.exe

Loads dropped DLL 64 IoCs

Processes:

bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exeUnicorn-59514.exeUnicorn-60199.exeUnicorn-40333.exeWerFault.exeUnicorn-46079.exeUnicorn-407.exeUnicorn-49608.exeWerFault.exeWerFault.exeUnicorn-55101.exeUnicorn-2371.exeUnicorn-5900.exeUnicorn-51380.exeUnicorn-6777.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
2112	Unicorn-59514.exe
2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
2112	Unicorn-59514.exe
2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
2680	Unicorn-60199.exe
3052	Unicorn-40333.exe
3052	Unicorn-40333.exe
2680	Unicorn-60199.exe
2112	Unicorn-59514.exe
2112	Unicorn-59514.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
2760	Unicorn-46079.exe
2760	Unicorn-46079.exe
3052	Unicorn-40333.exe
2756	Unicorn-407.exe
3052	Unicorn-40333.exe
2756	Unicorn-407.exe
1152	Unicorn-49608.exe
1152	Unicorn-49608.exe
2680	Unicorn-60199.exe
2680	Unicorn-60199.exe
1608	WerFault.exe
1608	WerFault.exe
1608	WerFault.exe
1608	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1608	WerFault.exe
1924	Unicorn-55101.exe
1924	Unicorn-55101.exe
2760	Unicorn-46079.exe
2760	Unicorn-46079.exe
2904	Unicorn-2371.exe
2904	Unicorn-2371.exe
2824	Unicorn-5900.exe
2824	Unicorn-5900.exe
2756	Unicorn-407.exe
2756	Unicorn-407.exe
2472	Unicorn-51380.exe
2472	Unicorn-51380.exe
2388	Unicorn-6777.exe
2388	Unicorn-6777.exe
1152	Unicorn-49608.exe
1152	Unicorn-49608.exe
1848	WerFault.exe
1088	WerFault.exe
1848	WerFault.exe
1088	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1848	WerFault.exe
1088	WerFault.exe
1136	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2648	2100	WerFault.exe	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
3008	2112	WerFault.exe	Unicorn-59514.exe
1608	2680	WerFault.exe	Unicorn-60199.exe
1812	3052	WerFault.exe	Unicorn-40333.exe
1848	2756	WerFault.exe	Unicorn-407.exe
1088	2760	WerFault.exe	Unicorn-46079.exe
1136	1152	WerFault.exe	Unicorn-49608.exe
2372	952	WerFault.exe	Unicorn-65195.exe
2080	1924	WerFault.exe	Unicorn-55101.exe
2496	2904	WerFault.exe	Unicorn-2371.exe
2516	2824	WerFault.exe	Unicorn-5900.exe
2608	2472	WerFault.exe	Unicorn-51380.exe
2540	2388	WerFault.exe	Unicorn-6777.exe
2016	2724	WerFault.exe	Unicorn-65496.exe
816	2416	WerFault.exe	Unicorn-57831.exe
1972	852	WerFault.exe	Unicorn-60135.exe
904	2256	WerFault.exe	Unicorn-14141.exe
704	2172	WerFault.exe	Unicorn-43284.exe
2836	596	WerFault.exe	Unicorn-59943.exe
2156	376	WerFault.exe	Unicorn-10742.exe
2988	588	WerFault.exe	Unicorn-59429.exe
1572	2116	WerFault.exe	Unicorn-16571.exe
2124	844	WerFault.exe	Unicorn-62242.exe
2320	1948	WerFault.exe	Unicorn-343.exe
2392	948	WerFault.exe	Unicorn-44946.exe
2028	2576	WerFault.exe	Unicorn-49352.exe
2424	1724	WerFault.exe	Unicorn-61090.exe
544	2884	WerFault.exe	Unicorn-2839.exe
2276	3040	WerFault.exe	Unicorn-4463.exe
1904	1772	WerFault.exe	Unicorn-24329.exe
2476	1920	WerFault.exe	Unicorn-48511.exe
1040	2996	WerFault.exe	Unicorn-19176.exe
1660	1648	WerFault.exe	Unicorn-27140.exe
1804	2708	WerFault.exe	Unicorn-14930.exe
2732	2700	WerFault.exe	Unicorn-39949.exe
3168	2200	WerFault.exe	Unicorn-55325.exe
3188	2484	WerFault.exe	Unicorn-2595.exe
3384	2804	WerFault.exe	Unicorn-58506.exe
3440	2504	WerFault.exe	Unicorn-51132.exe
3456	2924	WerFault.exe	Unicorn-38256.exe
3480	2800	WerFault.exe	Unicorn-12128.exe
3504	1552	WerFault.exe	Unicorn-47453.exe
3660	2928	WerFault.exe	Unicorn-21043.exe
3776	276	WerFault.exe	Unicorn-8729.exe
3792	2264	WerFault.exe	Unicorn-44801.exe
3916	1056	WerFault.exe	Unicorn-41402.exe
3980	1528	WerFault.exe	Unicorn-9300.exe
3988	2232	WerFault.exe	Unicorn-34030.exe
4092	2196	WerFault.exe	Unicorn-60961.exe
3360	1708	WerFault.exe	Unicorn-8724.exe
3464	1388	WerFault.exe	Unicorn-28656.exe
3592	2652	WerFault.exe	Unicorn-30510.exe
3676	2348	WerFault.exe	Unicorn-8236.exe
3764	1252	WerFault.exe	Unicorn-11952.exe
3884	2976	WerFault.exe	Unicorn-65486.exe
3976	2920	WerFault.exe	Unicorn-9549.exe
4056	1908	WerFault.exe	Unicorn-30292.exe
3412	1748	WerFault.exe	Unicorn-16260.exe
3716	2020	WerFault.exe	Unicorn-61547.exe
3712	2228	WerFault.exe	Unicorn-11661.exe
3744	1592	WerFault.exe	Unicorn-48548.exe
3928	1028	WerFault.exe	Unicorn-28682.exe
3080	1984	WerFault.exe	Unicorn-58122.exe
3952	484	WerFault.exe	Unicorn-28874.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exeUnicorn-59514.exeUnicorn-60199.exeUnicorn-40333.exeUnicorn-407.exeUnicorn-49608.exeUnicorn-46079.exeUnicorn-55101.exeUnicorn-5900.exeUnicorn-2371.exeUnicorn-51380.exeUnicorn-6777.exeUnicorn-57831.exeUnicorn-27140.exeUnicorn-60135.exeUnicorn-14141.exeUnicorn-43284.exeUnicorn-59943.exeUnicorn-10742.exeUnicorn-59429.exeUnicorn-16571.exeUnicorn-62242.exeUnicorn-65195.exeUnicorn-343.exeUnicorn-44946.exeUnicorn-49352.exeUnicorn-61090.exeUnicorn-65496.exeUnicorn-2839.exeUnicorn-4463.exeUnicorn-19176.exeUnicorn-48511.exeUnicorn-24329.exeUnicorn-39949.exeUnicorn-14930.exeUnicorn-51132.exeUnicorn-55325.exeUnicorn-2595.exeUnicorn-58506.exeUnicorn-8236.exeUnicorn-21043.exeUnicorn-58122.exeUnicorn-38256.exeUnicorn-8729.exeUnicorn-41402.exeUnicorn-28656.exeUnicorn-47453.exeUnicorn-12128.exeUnicorn-31994.exeUnicorn-44801.exeUnicorn-11952.exeUnicorn-60961.exeUnicorn-9300.exeUnicorn-12253.exeUnicorn-8724.exeUnicorn-15133.exeUnicorn-11604.exeUnicorn-64142.exeUnicorn-30510.exeUnicorn-43316.exeUnicorn-59134.exeUnicorn-65486.exeUnicorn-9549.exeUnicorn-30292.exe

pid	process
2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
2112	Unicorn-59514.exe
2680	Unicorn-60199.exe
3052	Unicorn-40333.exe
2756	Unicorn-407.exe
1152	Unicorn-49608.exe
2760	Unicorn-46079.exe
1924	Unicorn-55101.exe
2824	Unicorn-5900.exe
2904	Unicorn-2371.exe
2472	Unicorn-51380.exe
2388	Unicorn-6777.exe
2416	Unicorn-57831.exe
1648	Unicorn-27140.exe
852	Unicorn-60135.exe
2256	Unicorn-14141.exe
2172	Unicorn-43284.exe
596	Unicorn-59943.exe
376	Unicorn-10742.exe
588	Unicorn-59429.exe
2116	Unicorn-16571.exe
844	Unicorn-62242.exe
952	Unicorn-65195.exe
1948	Unicorn-343.exe
948	Unicorn-44946.exe
2576	Unicorn-49352.exe
1724	Unicorn-61090.exe
2724	Unicorn-65496.exe
2884	Unicorn-2839.exe
3040	Unicorn-4463.exe
2996	Unicorn-19176.exe
1920	Unicorn-48511.exe
1772	Unicorn-24329.exe
2700	Unicorn-39949.exe
2708	Unicorn-14930.exe
2504	Unicorn-51132.exe
2200	Unicorn-55325.exe
2484	Unicorn-2595.exe
2804	Unicorn-58506.exe
2348	Unicorn-8236.exe
2928	Unicorn-21043.exe
1984	Unicorn-58122.exe
2924	Unicorn-38256.exe
276	Unicorn-8729.exe
1056	Unicorn-41402.exe
1388	Unicorn-28656.exe
1552	Unicorn-47453.exe
2800	Unicorn-12128.exe
1776	Unicorn-31994.exe
2264	Unicorn-44801.exe
1252	Unicorn-11952.exe
2196	Unicorn-60961.exe
1528	Unicorn-9300.exe
2436	Unicorn-12253.exe
1708	Unicorn-8724.exe
2176	Unicorn-15133.exe
3024	Unicorn-11604.exe
2364	Unicorn-64142.exe
2652	Unicorn-30510.exe
2844	Unicorn-43316.exe
2212	Unicorn-59134.exe
2976	Unicorn-65486.exe
2920	Unicorn-9549.exe
1908	Unicorn-30292.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exeUnicorn-59514.exeUnicorn-40333.exeUnicorn-60199.exeUnicorn-46079.exeUnicorn-407.exeUnicorn-49608.exeUnicorn-55101.exe

description	pid	process	target process
PID 2100 wrote to memory of 2112	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-59514.exe
PID 2100 wrote to memory of 2112	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-59514.exe
PID 2100 wrote to memory of 2112	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-59514.exe
PID 2100 wrote to memory of 2112	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-59514.exe
PID 2112 wrote to memory of 2680	2112	Unicorn-59514.exe	Unicorn-60199.exe
PID 2112 wrote to memory of 2680	2112	Unicorn-59514.exe	Unicorn-60199.exe
PID 2112 wrote to memory of 2680	2112	Unicorn-59514.exe	Unicorn-60199.exe
PID 2112 wrote to memory of 2680	2112	Unicorn-59514.exe	Unicorn-60199.exe
PID 2100 wrote to memory of 3052	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-40333.exe
PID 2100 wrote to memory of 3052	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-40333.exe
PID 2100 wrote to memory of 3052	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-40333.exe
PID 2100 wrote to memory of 3052	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	Unicorn-40333.exe
PID 2100 wrote to memory of 2648	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	WerFault.exe
PID 2100 wrote to memory of 2648	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	WerFault.exe
PID 2100 wrote to memory of 2648	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	WerFault.exe
PID 2100 wrote to memory of 2648	2100	bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe	WerFault.exe
PID 3052 wrote to memory of 2756	3052	Unicorn-40333.exe	Unicorn-407.exe
PID 3052 wrote to memory of 2756	3052	Unicorn-40333.exe	Unicorn-407.exe
PID 3052 wrote to memory of 2756	3052	Unicorn-40333.exe	Unicorn-407.exe
PID 3052 wrote to memory of 2756	3052	Unicorn-40333.exe	Unicorn-407.exe
PID 2680 wrote to memory of 1152	2680	Unicorn-60199.exe	Unicorn-49608.exe
PID 2680 wrote to memory of 1152	2680	Unicorn-60199.exe	Unicorn-49608.exe
PID 2680 wrote to memory of 1152	2680	Unicorn-60199.exe	Unicorn-49608.exe
PID 2680 wrote to memory of 1152	2680	Unicorn-60199.exe	Unicorn-49608.exe
PID 2112 wrote to memory of 2760	2112	Unicorn-59514.exe	Unicorn-46079.exe
PID 2112 wrote to memory of 2760	2112	Unicorn-59514.exe	Unicorn-46079.exe
PID 2112 wrote to memory of 2760	2112	Unicorn-59514.exe	Unicorn-46079.exe
PID 2112 wrote to memory of 2760	2112	Unicorn-59514.exe	Unicorn-46079.exe
PID 2112 wrote to memory of 3008	2112	Unicorn-59514.exe	WerFault.exe
PID 2112 wrote to memory of 3008	2112	Unicorn-59514.exe	WerFault.exe
PID 2112 wrote to memory of 3008	2112	Unicorn-59514.exe	WerFault.exe
PID 2112 wrote to memory of 3008	2112	Unicorn-59514.exe	WerFault.exe
PID 2760 wrote to memory of 1924	2760	Unicorn-46079.exe	Unicorn-55101.exe
PID 2760 wrote to memory of 1924	2760	Unicorn-46079.exe	Unicorn-55101.exe
PID 2760 wrote to memory of 1924	2760	Unicorn-46079.exe	Unicorn-55101.exe
PID 2760 wrote to memory of 1924	2760	Unicorn-46079.exe	Unicorn-55101.exe
PID 3052 wrote to memory of 2904	3052	Unicorn-40333.exe	Unicorn-2371.exe
PID 3052 wrote to memory of 2904	3052	Unicorn-40333.exe	Unicorn-2371.exe
PID 3052 wrote to memory of 2904	3052	Unicorn-40333.exe	Unicorn-2371.exe
PID 3052 wrote to memory of 2904	3052	Unicorn-40333.exe	Unicorn-2371.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-407.exe	Unicorn-5900.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-407.exe	Unicorn-5900.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-407.exe	Unicorn-5900.exe
PID 2756 wrote to memory of 2824	2756	Unicorn-407.exe	Unicorn-5900.exe
PID 1152 wrote to memory of 2388	1152	Unicorn-49608.exe	Unicorn-6777.exe
PID 1152 wrote to memory of 2388	1152	Unicorn-49608.exe	Unicorn-6777.exe
PID 1152 wrote to memory of 2388	1152	Unicorn-49608.exe	Unicorn-6777.exe
PID 1152 wrote to memory of 2388	1152	Unicorn-49608.exe	Unicorn-6777.exe
PID 2680 wrote to memory of 2472	2680	Unicorn-60199.exe	Unicorn-51380.exe
PID 2680 wrote to memory of 2472	2680	Unicorn-60199.exe	Unicorn-51380.exe
PID 2680 wrote to memory of 2472	2680	Unicorn-60199.exe	Unicorn-51380.exe
PID 2680 wrote to memory of 2472	2680	Unicorn-60199.exe	Unicorn-51380.exe
PID 2680 wrote to memory of 1608	2680	Unicorn-60199.exe	WerFault.exe
PID 2680 wrote to memory of 1608	2680	Unicorn-60199.exe	WerFault.exe
PID 2680 wrote to memory of 1608	2680	Unicorn-60199.exe	WerFault.exe
PID 2680 wrote to memory of 1608	2680	Unicorn-60199.exe	WerFault.exe
PID 3052 wrote to memory of 1812	3052	Unicorn-40333.exe	WerFault.exe
PID 3052 wrote to memory of 1812	3052	Unicorn-40333.exe	WerFault.exe
PID 3052 wrote to memory of 1812	3052	Unicorn-40333.exe	WerFault.exe
PID 3052 wrote to memory of 1812	3052	Unicorn-40333.exe	WerFault.exe
PID 1924 wrote to memory of 2416	1924	Unicorn-55101.exe	Unicorn-57831.exe
PID 1924 wrote to memory of 2416	1924	Unicorn-55101.exe	Unicorn-57831.exe
PID 1924 wrote to memory of 2416	1924	Unicorn-55101.exe	Unicorn-57831.exe
PID 1924 wrote to memory of 2416	1924	Unicorn-55101.exe	Unicorn-57831.exe

C:\Users\Admin\AppData\Local\Temp\bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe
"C:\Users\Admin\AppData\Local\Temp\bdeb1f0b5a3a61a6263fa91d02fbda04e64ec217375d0dbce06c202a9af28d83.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
9⤵
- Executes dropped EXE
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
10⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
11⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
12⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
13⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
14⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
15⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
14⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 236
13⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
12⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
11⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
9⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
11⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
12⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
13⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
14⤵
PID:12760

C:\Users\Admin\AppData\Local\Temp\Unicorn-22091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22091.exe
14⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 236
12⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 236
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
8⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
9⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
12⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
13⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
14⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 220
14⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
13⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
12⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
10⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
11⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
12⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
13⤵
PID:11676

C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
14⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 220
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
12⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
11⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
9⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
8⤵
- Program crash
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44801.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
12⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
13⤵
PID:12032

C:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exe
14⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
13⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
12⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
11⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
9⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
7⤵
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
8⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
9⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
10⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
11⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
12⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
13⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
14⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
14⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 220
13⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 220
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
11⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
12⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
13⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
13⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 220
11⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
8⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
11⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
13⤵
PID:11440

C:\Users\Admin\AppData\Local\Temp\Unicorn-21008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21008.exe
14⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
13⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
12⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
11⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 220
8⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
7⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60886.exe
8⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
10⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
11⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
12⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 240
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 236
11⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 236
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 216
8⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
7⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
6⤵
- Program crash
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
11⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
12⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
13⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
14⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
13⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 236
12⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
8⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
12⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
13⤵
PID:11356

C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
14⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
13⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
9⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
8⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
7⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-11493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11493.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
11⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
12⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
13⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
14⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
12⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
8⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
7⤵
- Program crash
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
8⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
9⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 200
10⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
10⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
11⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 236
12⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
10⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
11⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 236
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 220
9⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
8⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
6⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
8⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
9⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
10⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
12⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
13⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
14⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
15⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
14⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
13⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
11⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
10⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
10⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
11⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
12⤵
PID:9268

C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
13⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
14⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9268 -s 216
13⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
12⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
11⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
8⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
12⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
13⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
13⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
9⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
8⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
7⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
8⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
12⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
13⤵
PID:11604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
14⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 220
13⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
10⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
9⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
8⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
7⤵
- Program crash
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
7⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
8⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
12⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 212
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
11⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
9⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
8⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
10⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
11⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
12⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
11⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
9⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
7⤵
- Program crash
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
6⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
7⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
10⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
11⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 220
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
11⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
8⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
9⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
10⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
11⤵
PID:11276

C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
11⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
10⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
9⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
8⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
7⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
6⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
5⤵
- Program crash
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
9⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
10⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
11⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
12⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
13⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
14⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
15⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
15⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
14⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
13⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
12⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
11⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
11⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
13⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
14⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
12⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
10⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
9⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
8⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
12⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
13⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
14⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
12⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
9⤵
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
8⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
10⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
11⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-29239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29239.exe
12⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
13⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
14⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
15⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
14⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
13⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
12⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
11⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
10⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
11⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
12⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
13⤵
PID:11480

C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
14⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 216
13⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
9⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
11⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
12⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 188
13⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
12⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
10⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
9⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
8⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
- Program crash
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
9⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
11⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
12⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
13⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
14⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
13⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
12⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
11⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
10⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
11⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
13⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
12⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
8⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
10⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
11⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
12⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 236
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
11⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
8⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
7⤵
- Program crash
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
6⤵
- Program crash
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-6880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6880.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
11⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
12⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
13⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
14⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
13⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
12⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
11⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
10⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 220
10⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
7⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
10⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
11⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
12⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
11⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
8⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
7⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
9⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 220
10⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
7⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
6⤵
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
5⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 200
6⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
5⤵
- Program crash
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
9⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
11⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
12⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
12⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
11⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
10⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
11⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
12⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
13⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
14⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
13⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
12⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
9⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
8⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
11⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
12⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
13⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
14⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
12⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 236
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
10⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
10⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
11⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
12⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
13⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 220
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
11⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
7⤵
- Program crash
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-64142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64142.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
8⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
10⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
11⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
12⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
13⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
14⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
12⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
11⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
10⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
10⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
11⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
12⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
13⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 236
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
11⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
10⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 220
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
7⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-36749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36749.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
11⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
12⤵
PID:11540

C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
13⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
9⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
8⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
7⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
6⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
8⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
11⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
12⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
13⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
14⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
13⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
12⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
10⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 216
9⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
8⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
7⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
7⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
7⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
10⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
11⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
12⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
12⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 216
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
9⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
10⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
11⤵
PID:11376

C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
10⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
8⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
7⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
6⤵
- Program crash
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
6⤵
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
6⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
8⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
9⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
10⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
11⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
10⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
9⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
7⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
6⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
5⤵
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
8⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
7⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
8⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
10⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
11⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
12⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
11⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
8⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
7⤵
- Program crash
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
7⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
11⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
12⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
13⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 220
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
8⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
7⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
6⤵
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
11⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
12⤵
PID:11632

C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
13⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 220
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
10⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
7⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
6⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 220
7⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
6⤵
- Program crash
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
5⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
6⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
7⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
9⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
11⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 220
12⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
11⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
10⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
8⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
7⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
6⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
7⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
8⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
9⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
10⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
11⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
11⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
10⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
8⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
7⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
6⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
5⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
6⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
7⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
8⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
9⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
10⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
11⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 236
10⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
9⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
8⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
7⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
6⤵
- Program crash
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
5⤵
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
4⤵
- Program crash
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
2⤵
- Program crash
PID:2648

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
Filesize
184KB

MD5
3ea5cab7f3d687ab0bef18c4b0204bfd

SHA1
fc64365947da462b422e5a56888c01ad6ed07cda

SHA256
e52e3d50c3b9699ddbe4c1ed3821048ed6d26093878284867814a0dcc16c480d

SHA512
fb1c9ffd70b29969f61ea0c8cc5220586fb94c30fe9aa86b73dd4af1b5c276abbb67bfe58b932c4ddcff19e68a156064c62bc4a0f9f8e591377fd2f2d18ac2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
Filesize
184KB

MD5
52eb7bb4e1e67008596f2b46e02dea8c

SHA1
835c8143f8ad4641ece483daaf56d07991c19312

SHA256
3da5425d621100b0985cd51eb99c1fd932062e597aee2d604ad02d6779c3da57

SHA512
0f3bbf550e8c2f0a4901317d36e94d7114a1c2b237cceb8682c7fc1a48d6b21e1f25804d467475a406eca3b08c789211c1e662d8c8f374fe5ae745cf8b939747

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
Filesize
184KB

MD5
2f8e842c87629621be2ed06801acb033

SHA1
10eea4019b92fbe325cd2bdc59f0290c994a5724

SHA256
41f7cb6ab02cff3b3a1734e426ce09c5fff101dd0794be1934dedec210689be0

SHA512
4c8aadc6dc442ed4bf01968ca0b7bb9b3a3e43db1c9f0a656b430ac6da7c39eceff79e6aff4c757c5a12ca1800580cad247720f8fb13c7c24a238b238f026f97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
Filesize
184KB

MD5
0c9a0aa7a5c498ea88d3eea047e706cd

SHA1
0d8bfc54fd48d2de5cb4448088242858453db496

SHA256
7825ee0a6eb6db815946df70a265810fac90afbf141f5168aacc13609249f563

SHA512
a4e01f649f00e98a1ad316ad555658aec2e9fc8705edb2f82e64747cfe754242462f86d58f997055d33ec968a0417301b0d276967a0f1ed354eda2c0ec2d5cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
Filesize
184KB

MD5
1de3706604ed8cd4d60669a30290130e

SHA1
ed7d5110d8ceca70d5956dc54874c44838ee1acf

SHA256
97443d98557be68350c738990de22d50132d308c646f9c89843f1d7d1bcfe6c4

SHA512
9c6ebd76038e2480dee656f2e5e38ec0bdae5c1299b4b4d3075c16ae56c6ff984d7b7d3989014ccee30ba3268bdb2f061f2df21eb82e8e81949664b2f445c8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
Filesize
184KB

MD5
c18ebcf151e157f33a56e1a804a79753

SHA1
e5911fa57a6b33d0fb0a5b3e960d804ba2ff493c

SHA256
e86e3024f359d069f892399fc8332c9a6792e5a1f457fbf97645656e8746bee9

SHA512
4acfe5fef417cf22b373a6d84539986dcb5d9d5553ba2f2c9a838bf08a069edb69c4603dd430294963e480ebca92b9fb0f8eedaca4316838cfec7cdae96f3a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
Filesize
184KB

MD5
579463333102894c766568e05f6fc467

SHA1
48de7818c28d6b5e0a4cbc0659aefd4647408eca

SHA256
969e98a4ce9d0c9ee85dc6dee74e17b35feab05797ea7ae12d819300a7c55c67

SHA512
896276a10603cf6ed849935217adcc6ed30949407b664d179c81eb19153df1f6d50dcacd507a7ae5f630bafd99a4a679903eb3ebe0236aa87b9dee452646f58b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
Filesize
184KB

MD5
9c54b200af0ab28d49c7a0c2a834bc00

SHA1
78f7e4c0ee72383797e507956f3d4349ddcf2056

SHA256
b6998d59b8dad3d74f2e7812e83cf2131ef46adf53940763cdb569268d146735

SHA512
3143f6d19d8491f90e7ff6c7565e611ec59833945dcbf2975a3780950f9ad8c5353611d709cb355edea38f8e726b84b880123e0bc33058577e305466813698dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
Filesize
184KB

MD5
0733286f3ff887d8b4709c9c0b58a40c

SHA1
aa0a2ad3373ac6d56bea4e646c588e4428bb0a4c

SHA256
d6904800f91f38fb981e42c9c88ea0ae1f9ac7a715228807839c57709b51b3ad

SHA512
495b51b597e3a9b9fdbde0d834108b915dda51106d864d345e8d8665c7637c18a6fb81c5530fcc7aefb29868d280d5577bc62c5432650b4e8308acaf34e155f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
Filesize
184KB

MD5
8558927392e1da9eaded05f5fed11cb6

SHA1
d4a70aa7cc2c50624d3f98e96d750f823624e391

SHA256
97df44b93949b76ee01e48781017e017843286d4243a0dbc9edf351c6f47d90c

SHA512
e4f855af14cf8b6013946676611cc03e6d8ac35ed9529e22f16aae700c8beb769417825fe80bb994601a99cf943f34752c680857e61b5327fcc12019ed92ea70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
Filesize
184KB

MD5
0069b067b375de3145203d60f6e3ef2d

SHA1
79bc3609e0ab691c63d2224ba5a3076c82c50bd4

SHA256
1a8d98b113e1e0c4a1da8ea2ef99009a44fada686604e5df0108593efde2e7a5

SHA512
370489723a58710ebc9213c4d0532a0f45faf7a93952652083aa958045d48829366ccc6dc7742583f6acab31586dbb11106a3a42344245011c3bf24cafaf95be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
Filesize
184KB

MD5
9aad5f7f5ee721ccb7650eff17e0f0c0

SHA1
809a10442bacea69e7c29b820e1930ce0b862132

SHA256
f0ee309ed95a787006e65e6d8e34ba751094bcf51d1c54eca6f7fcbc75814f7c

SHA512
114ce854a7d2f945fc1e082cdc3141611eb9d6f388d0148c26185b3952402c644ba45950ef8a499130557f65f9c2ed917cd6c3cb8fbddf04a5066b9a893a176b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
Filesize
184KB

MD5
142d61f996f53b8a33a2de46742d82ef

SHA1
af65d68f108d1192c3c3fd5f3469173e9e29deae

SHA256
171f6944e637ba22ea851e5860a5955c2d55f35cec51bb51516615f99cfc03f8

SHA512
71d80e33459e17d78f84f5484e57b45f178c8ffbf04a2b28f76c44c823b9c6ca3832e92802a9e991ee90671b72390ccafcf268d701bef58b46c453c4dea9c7d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
Filesize
184KB

MD5
895bb33ac5717d862e167041675ad40c

SHA1
56e2eb313c4352224e53a5e9c0e20056f985f202

SHA256
247398e54eda59c443f6b6e477015e5dd4ed0825f8180aa9d625450fdaf8c1f1

SHA512
6b02bb45955deddd68970d7075b62e681d5afaa2d19f411adf84bbe1f14d62a5f148c805398a79e55389fd596da4570020f93e3502aa696a5bb74deb5a2b3209

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
Filesize
184KB

MD5
96ccf53ffb3683804cf4fbce7796ad5a

SHA1
7d24182abe7e43cb66ed0dd14b3ef8f3831faead

SHA256
b360c813c18cf28649f948cc57ac988a553d9c40e80d0bd24e9232b6061a46e5

SHA512
226cbc0de5d86da0a1af493fad68168deddffc6f4a8caadc46286ec17a3b9fb3cc5731badb10520c6e1a89729e2598b3991c1807f172f6f145989022d7ec2582

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
Filesize
184KB

MD5
17c6c32b766746d27e0efbfb46826e1e

SHA1
8d6dd8dd3c21676046bdc8b101e3f9457107b5cc

SHA256
81cdcca9cf416b5fe19d296b14e3d81bf3b262c09553babff7624f3ecb6b0d28

SHA512
3ad8177f09a927fd0c76d8d4f4c0c13a0ff12c5ded7e6d333030ba668b69308fdc5dd572ddd4c05502f66e3f3631e35e8770d3501db243d276b5bfd301a69cea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
Filesize
184KB

MD5
de02ef79f5b69962bf96d797d6577fef

SHA1
746a979ff584c2393aeb373c4408fbc4b78afa55

SHA256
417140632b8cc30b1d0948487882e2f6a12ce63b1c41763be33a6f26d1e3e97e

SHA512
54233ef79619f3fa8b285d8de46d024e256a90c3a9a9165650d1b67674b31405e51caa3ebe092a8bf8be25d1866e959bc04dd0ee40a6087cd5a823f83779b06e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
Filesize
184KB

MD5
201e71c4816d5f97e43ab8eb24768538

SHA1
78470b487dc3ec3ded53cc67ae51551c86f8adce

SHA256
aececa376d0ea1a1bac2dd843b7150ff84b39ac7d31669e3233c3860e7401e2f

SHA512
d8c35ecea9e2344da4deb17cd24e858f0a92f7bf8cbc2e6eb9224bd74fa35fe7c2a4d927f6c3f418f77b085a687b566b939a593de7d84437aea301022bd3e2ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
Filesize
184KB

MD5
35d87a1b2aba58881beca88b5c310c56

SHA1
edc2f2acbb41de71936325ac298cc12190838a46

SHA256
5850514e18b4e444796da94a684dfd883b6d5b1fb00e9cc044016a713229570c

SHA512
26d650a904ebd4eaba9f5ac24075315a26c72a295431cf23371eccc5295e9beeb81f1db974ae1e988975aaec3a22400230a84d0dc288738a8e74515d37271954

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
Filesize
184KB

MD5
66c94abce14516aa9d778fbdbbe0fc54

SHA1
3f2f77f3b6bf5d3bb84cb64afea605c79b368271

SHA256
d79061fec246f0346cebb1b479f8007373085ebac99ee44e12d79b5663b965e8

SHA512
9cc9dabd7687dd27806b5735322d3d001c86414196be1f5a68778896ea2b5da81f4e6d3dd0df326824d311f2f84765dd3f91e48ee5e211612b33cd87adf289af

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads