a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
Size

184KB
MD5

066f270144d25694e1366234b880ad98
SHA1

d8f056d2a9581d2ce8e7f1846f0089ffc7576d68
SHA256

a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36
SHA512

b1cabae2e1591836e0e2ec330a056ff18b1be83005da02780a6ac70b49b0f8536f70d88e4a655c858599f54ebc5f971774644c8f74fab36828275ad41e89d589
SSDEEP

3072:tkB3Y8of7RhmdFaWekwzSbsihlnViFFn3:tkpoHyFarzgsihlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-3201.exeUnicorn-64644.exeUnicorn-44587.exeUnicorn-53661.exeUnicorn-7989.exeUnicorn-23257.exeUnicorn-62411.exeUnicorn-14087.exeUnicorn-64165.exeUnicorn-44300.exeUnicorn-36653.exeUnicorn-56519.exeUnicorn-14329.exeUnicorn-515.exeUnicorn-46187.exeUnicorn-61454.exeUnicorn-49031.exeUnicorn-41206.exeUnicorn-52093.exeUnicorn-36956.exeUnicorn-21881.exeUnicorn-22457.exeUnicorn-52669.exeUnicorn-35839.exeUnicorn-40246.exeUnicorn-55513.exeUnicorn-35647.exeUnicorn-17128.exeUnicorn-12529.exeUnicorn-14823.exeUnicorn-30091.exeUnicorn-60303.exeUnicorn-63147.exeUnicorn-28590.exeUnicorn-30859.exeUnicorn-14641.exeUnicorn-52488.exeUnicorn-4740.exeUnicorn-2244.exeUnicorn-15051.exeUnicorn-30318.exeUnicorn-50184.exeUnicorn-53280.exeUnicorn-17955.exeUnicorn-5724.exeUnicorn-23322.exeUnicorn-52164.exeUnicorn-28807.exeUnicorn-55812.exeUnicorn-28122.exeUnicorn-43197.exeUnicorn-9709.exeUnicorn-29383.exeUnicorn-25818.exeUnicorn-39693.exeUnicorn-25626.exeUnicorn-7405.exeUnicorn-51879.exeUnicorn-31821.exeUnicorn-51687.exeUnicorn-49803.exeUnicorn-19399.exeUnicorn-49611.exeUnicorn-3939.exe

pid	process
1796	Unicorn-3201.exe
2324	Unicorn-64644.exe
2720	Unicorn-44587.exe
1232	Unicorn-53661.exe
2648	Unicorn-7989.exe
2508	Unicorn-23257.exe
3036	Unicorn-62411.exe
2552	Unicorn-14087.exe
1948	Unicorn-64165.exe
2612	Unicorn-44300.exe
532	Unicorn-36653.exe
676	Unicorn-56519.exe
324	Unicorn-14329.exe
2256	Unicorn-515.exe
2072	Unicorn-46187.exe
2976	Unicorn-61454.exe
2020	Unicorn-49031.exe
444	Unicorn-41206.exe
2316	Unicorn-52093.exe
2984	Unicorn-36956.exe
1352	Unicorn-21881.exe
1404	Unicorn-22457.exe
1952	Unicorn-52669.exe
896	Unicorn-35839.exe
1580	Unicorn-40246.exe
1932	Unicorn-55513.exe
1396	Unicorn-35647.exe
2592	Unicorn-17128.exe
2036	Unicorn-12529.exe
2604	Unicorn-14823.exe
2740	Unicorn-30091.exe
2732	Unicorn-60303.exe
2672	Unicorn-63147.exe
2556	Unicorn-28590.exe
2632	Unicorn-30859.exe
2588	Unicorn-14641.exe
2172	Unicorn-52488.exe
1204	Unicorn-4740.exe
2896	Unicorn-2244.exe
1552	Unicorn-15051.exe
1928	Unicorn-30318.exe
1436	Unicorn-50184.exe
664	Unicorn-53280.exe
1200	Unicorn-17955.exe
1120	Unicorn-5724.exe
2120	Unicorn-23322.exe
2100	Unicorn-52164.exe
2092	Unicorn-28807.exe
2304	Unicorn-55812.exe
1280	Unicorn-28122.exe
2980	Unicorn-43197.exe
1960	Unicorn-9709.exe
1028	Unicorn-29383.exe
2424	Unicorn-25818.exe
1128	Unicorn-39693.exe
1748	Unicorn-25626.exe
2332	Unicorn-7405.exe
2640	Unicorn-51879.exe
2668	Unicorn-31821.exe
2620	Unicorn-51687.exe
2132	Unicorn-49803.exe
2516	Unicorn-19399.exe
3064	Unicorn-49611.exe
1148	Unicorn-3939.exe

Loads dropped DLL 64 IoCs

Processes:

a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exeUnicorn-3201.exeUnicorn-64644.exeUnicorn-44587.exeWerFault.exeUnicorn-53661.exeUnicorn-7989.exeUnicorn-23257.exeWerFault.exeWerFault.exeUnicorn-62411.exeUnicorn-64165.exeUnicorn-14087.exeUnicorn-44300.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
1796	Unicorn-3201.exe
1796	Unicorn-3201.exe
1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
1796	Unicorn-3201.exe
1796	Unicorn-3201.exe
2324	Unicorn-64644.exe
2324	Unicorn-64644.exe
2720	Unicorn-44587.exe
2720	Unicorn-44587.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
1232	Unicorn-53661.exe
1232	Unicorn-53661.exe
2648	Unicorn-7989.exe
2648	Unicorn-7989.exe
2508	Unicorn-23257.exe
2508	Unicorn-23257.exe
2324	Unicorn-64644.exe
2324	Unicorn-64644.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
824	WerFault.exe
1924	WerFault.exe
1232	Unicorn-53661.exe
3036	Unicorn-62411.exe
1232	Unicorn-53661.exe
3036	Unicorn-62411.exe
1948	Unicorn-64165.exe
1948	Unicorn-64165.exe
2508	Unicorn-23257.exe
2552	Unicorn-14087.exe
2508	Unicorn-23257.exe
2552	Unicorn-14087.exe
2648	Unicorn-7989.exe
2648	Unicorn-7989.exe
2612	Unicorn-44300.exe
2612	Unicorn-44300.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2960	1844	WerFault.exe	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
2060	1796	WerFault.exe	Unicorn-3201.exe
824	2324	WerFault.exe	Unicorn-64644.exe
1924	2720	WerFault.exe	Unicorn-44587.exe
1484	1232	WerFault.exe	Unicorn-53661.exe
2296	2648	WerFault.exe	Unicorn-7989.exe
1076	2508	WerFault.exe	Unicorn-23257.exe
1972	2256	WerFault.exe	Unicorn-515.exe
3016	3036	WerFault.exe	Unicorn-62411.exe
2012	1948	WerFault.exe	Unicorn-64165.exe
1720	2612	WerFault.exe	Unicorn-44300.exe
1992	676	WerFault.exe	Unicorn-56519.exe
2916	532	WerFault.exe	Unicorn-36653.exe
1812	2072	WerFault.exe	Unicorn-46187.exe
1764	324	WerFault.exe	Unicorn-14329.exe
2492	2020	WerFault.exe	Unicorn-49031.exe
1400	2976	WerFault.exe	Unicorn-61454.exe
2864	444	WerFault.exe	Unicorn-41206.exe
300	2316	WerFault.exe	Unicorn-52093.exe
1736	2984	WerFault.exe	Unicorn-36956.exe
2116	1352	WerFault.exe	Unicorn-21881.exe
292	1404	WerFault.exe	Unicorn-22457.exe
2888	1952	WerFault.exe	Unicorn-52669.exe
1312	896	WerFault.exe	Unicorn-35839.exe
580	1580	WerFault.exe	Unicorn-40246.exe
2308	1396	WerFault.exe	Unicorn-35647.exe
1688	1932	WerFault.exe	Unicorn-55513.exe
1864	2592	WerFault.exe	Unicorn-17128.exe
2476	2036	WerFault.exe	Unicorn-12529.exe
2832	2740	WerFault.exe	Unicorn-30091.exe
3008	2588	WerFault.exe	Unicorn-14641.exe
904	2604	WerFault.exe	Unicorn-14823.exe
3068	2672	WerFault.exe	Unicorn-63147.exe
2932	1552	WerFault.exe	Unicorn-15051.exe
3040	2632	WerFault.exe	Unicorn-30859.exe
2780	2172	WerFault.exe	Unicorn-52488.exe
2752	1436	WerFault.exe	Unicorn-50184.exe
2744	2556	WerFault.exe	Unicorn-28590.exe
2560	2732	WerFault.exe	Unicorn-60303.exe
836	2896	WerFault.exe	Unicorn-2244.exe
3132	1204	WerFault.exe	Unicorn-4740.exe
3220	1928	WerFault.exe	Unicorn-30318.exe
3256	1120	WerFault.exe	Unicorn-5724.exe
3420	664	WerFault.exe	Unicorn-53280.exe
3948	1960	WerFault.exe	Unicorn-9709.exe
3956	2132	WerFault.exe	Unicorn-49803.exe
4040	2620	WerFault.exe	Unicorn-51687.exe
4032	2640	WerFault.exe	Unicorn-51879.exe
3460	468	WerFault.exe	Unicorn-52455.exe
3564	2092	WerFault.exe	Unicorn-28807.exe
3904	2120	WerFault.exe	Unicorn-23322.exe
3176	2332	WerFault.exe	Unicorn-7405.exe
3288	2980	WerFault.exe	Unicorn-43197.exe
3404	1748	WerFault.exe	Unicorn-25626.exe
3496	1916	WerFault.exe	Unicorn-32435.exe
3668	2584	WerFault.exe	Unicorn-17936.exe
3804	2716	WerFault.exe	Unicorn-61085.exe
3816	2144	WerFault.exe	Unicorn-48470.exe
3880	1868	WerFault.exe	Unicorn-47702.exe
3928	1028	WerFault.exe	Unicorn-29383.exe
3412	2572	WerFault.exe	Unicorn-15632.exe
4072	2516	WerFault.exe	Unicorn-19399.exe
3188	2772	WerFault.exe	Unicorn-30899.exe
3848	3056	WerFault.exe	Unicorn-28822.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exeUnicorn-3201.exeUnicorn-64644.exeUnicorn-44587.exeUnicorn-7989.exeUnicorn-53661.exeUnicorn-23257.exeUnicorn-62411.exeUnicorn-14087.exeUnicorn-64165.exeUnicorn-44300.exeUnicorn-36653.exeUnicorn-56519.exeUnicorn-14329.exeUnicorn-515.exeUnicorn-46187.exeUnicorn-61454.exeUnicorn-49031.exeUnicorn-41206.exeUnicorn-52093.exeUnicorn-36956.exeUnicorn-21881.exeUnicorn-22457.exeUnicorn-52669.exeUnicorn-35839.exeUnicorn-40246.exeUnicorn-55513.exeUnicorn-35647.exeUnicorn-17128.exeUnicorn-12529.exeUnicorn-14823.exeUnicorn-30091.exeUnicorn-60303.exeUnicorn-28590.exeUnicorn-63147.exeUnicorn-30859.exeUnicorn-14641.exeUnicorn-52488.exeUnicorn-4740.exeUnicorn-2244.exeUnicorn-15051.exeUnicorn-50184.exeUnicorn-30318.exeUnicorn-17955.exeUnicorn-5724.exeUnicorn-53280.exeUnicorn-23322.exeUnicorn-52164.exeUnicorn-28807.exeUnicorn-55812.exeUnicorn-28122.exeUnicorn-43197.exeUnicorn-9709.exeUnicorn-29383.exeUnicorn-25818.exeUnicorn-39693.exeUnicorn-25626.exeUnicorn-7405.exeUnicorn-51879.exeUnicorn-31821.exeUnicorn-51687.exeUnicorn-19399.exeUnicorn-49803.exeUnicorn-52647.exe

pid	process
1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
1796	Unicorn-3201.exe
2324	Unicorn-64644.exe
2720	Unicorn-44587.exe
2648	Unicorn-7989.exe
1232	Unicorn-53661.exe
2508	Unicorn-23257.exe
3036	Unicorn-62411.exe
2552	Unicorn-14087.exe
1948	Unicorn-64165.exe
2612	Unicorn-44300.exe
532	Unicorn-36653.exe
676	Unicorn-56519.exe
324	Unicorn-14329.exe
2256	Unicorn-515.exe
2072	Unicorn-46187.exe
2976	Unicorn-61454.exe
2020	Unicorn-49031.exe
444	Unicorn-41206.exe
2316	Unicorn-52093.exe
2984	Unicorn-36956.exe
1352	Unicorn-21881.exe
1404	Unicorn-22457.exe
1952	Unicorn-52669.exe
896	Unicorn-35839.exe
1580	Unicorn-40246.exe
1932	Unicorn-55513.exe
1396	Unicorn-35647.exe
2592	Unicorn-17128.exe
2036	Unicorn-12529.exe
2604	Unicorn-14823.exe
2740	Unicorn-30091.exe
2732	Unicorn-60303.exe
2556	Unicorn-28590.exe
2672	Unicorn-63147.exe
2632	Unicorn-30859.exe
2588	Unicorn-14641.exe
2172	Unicorn-52488.exe
1204	Unicorn-4740.exe
2896	Unicorn-2244.exe
1552	Unicorn-15051.exe
1436	Unicorn-50184.exe
1928	Unicorn-30318.exe
1200	Unicorn-17955.exe
1120	Unicorn-5724.exe
664	Unicorn-53280.exe
2120	Unicorn-23322.exe
2100	Unicorn-52164.exe
2092	Unicorn-28807.exe
2304	Unicorn-55812.exe
1280	Unicorn-28122.exe
2980	Unicorn-43197.exe
1960	Unicorn-9709.exe
1028	Unicorn-29383.exe
2424	Unicorn-25818.exe
1128	Unicorn-39693.exe
1748	Unicorn-25626.exe
2332	Unicorn-7405.exe
2640	Unicorn-51879.exe
2668	Unicorn-31821.exe
2620	Unicorn-51687.exe
2516	Unicorn-19399.exe
2132	Unicorn-49803.exe
620	Unicorn-52647.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exeUnicorn-3201.exeUnicorn-64644.exeUnicorn-44587.exeUnicorn-53661.exeUnicorn-7989.exeUnicorn-23257.exeUnicorn-62411.exe

description	pid	process	target process
PID 1844 wrote to memory of 1796	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-3201.exe
PID 1844 wrote to memory of 1796	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-3201.exe
PID 1844 wrote to memory of 1796	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-3201.exe
PID 1844 wrote to memory of 1796	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-3201.exe
PID 1796 wrote to memory of 2324	1796	Unicorn-3201.exe	Unicorn-64644.exe
PID 1796 wrote to memory of 2324	1796	Unicorn-3201.exe	Unicorn-64644.exe
PID 1796 wrote to memory of 2324	1796	Unicorn-3201.exe	Unicorn-64644.exe
PID 1796 wrote to memory of 2324	1796	Unicorn-3201.exe	Unicorn-64644.exe
PID 1844 wrote to memory of 2720	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-44587.exe
PID 1844 wrote to memory of 2720	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-44587.exe
PID 1844 wrote to memory of 2720	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-44587.exe
PID 1844 wrote to memory of 2720	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	Unicorn-44587.exe
PID 1844 wrote to memory of 2960	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	WerFault.exe
PID 1844 wrote to memory of 2960	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	WerFault.exe
PID 1844 wrote to memory of 2960	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	WerFault.exe
PID 1844 wrote to memory of 2960	1844	a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe	WerFault.exe
PID 1796 wrote to memory of 1232	1796	Unicorn-3201.exe	Unicorn-53661.exe
PID 1796 wrote to memory of 1232	1796	Unicorn-3201.exe	Unicorn-53661.exe
PID 1796 wrote to memory of 1232	1796	Unicorn-3201.exe	Unicorn-53661.exe
PID 1796 wrote to memory of 1232	1796	Unicorn-3201.exe	Unicorn-53661.exe
PID 2324 wrote to memory of 2648	2324	Unicorn-64644.exe	Unicorn-7989.exe
PID 2324 wrote to memory of 2648	2324	Unicorn-64644.exe	Unicorn-7989.exe
PID 2324 wrote to memory of 2648	2324	Unicorn-64644.exe	Unicorn-7989.exe
PID 2324 wrote to memory of 2648	2324	Unicorn-64644.exe	Unicorn-7989.exe
PID 2720 wrote to memory of 2508	2720	Unicorn-44587.exe	Unicorn-23257.exe
PID 2720 wrote to memory of 2508	2720	Unicorn-44587.exe	Unicorn-23257.exe
PID 2720 wrote to memory of 2508	2720	Unicorn-44587.exe	Unicorn-23257.exe
PID 2720 wrote to memory of 2508	2720	Unicorn-44587.exe	Unicorn-23257.exe
PID 1796 wrote to memory of 2060	1796	Unicorn-3201.exe	WerFault.exe
PID 1796 wrote to memory of 2060	1796	Unicorn-3201.exe	WerFault.exe
PID 1796 wrote to memory of 2060	1796	Unicorn-3201.exe	WerFault.exe
PID 1796 wrote to memory of 2060	1796	Unicorn-3201.exe	WerFault.exe
PID 1232 wrote to memory of 3036	1232	Unicorn-53661.exe	Unicorn-62411.exe
PID 1232 wrote to memory of 3036	1232	Unicorn-53661.exe	Unicorn-62411.exe
PID 1232 wrote to memory of 3036	1232	Unicorn-53661.exe	Unicorn-62411.exe
PID 1232 wrote to memory of 3036	1232	Unicorn-53661.exe	Unicorn-62411.exe
PID 2648 wrote to memory of 2552	2648	Unicorn-7989.exe	Unicorn-14087.exe
PID 2648 wrote to memory of 2552	2648	Unicorn-7989.exe	Unicorn-14087.exe
PID 2648 wrote to memory of 2552	2648	Unicorn-7989.exe	Unicorn-14087.exe
PID 2648 wrote to memory of 2552	2648	Unicorn-7989.exe	Unicorn-14087.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-23257.exe	Unicorn-64165.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-23257.exe	Unicorn-64165.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-23257.exe	Unicorn-64165.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-23257.exe	Unicorn-64165.exe
PID 2324 wrote to memory of 2612	2324	Unicorn-64644.exe	Unicorn-44300.exe
PID 2324 wrote to memory of 2612	2324	Unicorn-64644.exe	Unicorn-44300.exe
PID 2324 wrote to memory of 2612	2324	Unicorn-64644.exe	Unicorn-44300.exe
PID 2324 wrote to memory of 2612	2324	Unicorn-64644.exe	Unicorn-44300.exe
PID 2324 wrote to memory of 824	2324	Unicorn-64644.exe	WerFault.exe
PID 2324 wrote to memory of 824	2324	Unicorn-64644.exe	WerFault.exe
PID 2324 wrote to memory of 824	2324	Unicorn-64644.exe	WerFault.exe
PID 2324 wrote to memory of 824	2324	Unicorn-64644.exe	WerFault.exe
PID 2720 wrote to memory of 1924	2720	Unicorn-44587.exe	WerFault.exe
PID 2720 wrote to memory of 1924	2720	Unicorn-44587.exe	WerFault.exe
PID 2720 wrote to memory of 1924	2720	Unicorn-44587.exe	WerFault.exe
PID 2720 wrote to memory of 1924	2720	Unicorn-44587.exe	WerFault.exe
PID 1232 wrote to memory of 532	1232	Unicorn-53661.exe	Unicorn-36653.exe
PID 1232 wrote to memory of 532	1232	Unicorn-53661.exe	Unicorn-36653.exe
PID 1232 wrote to memory of 532	1232	Unicorn-53661.exe	Unicorn-36653.exe
PID 1232 wrote to memory of 532	1232	Unicorn-53661.exe	Unicorn-36653.exe
PID 3036 wrote to memory of 676	3036	Unicorn-62411.exe	Unicorn-56519.exe
PID 3036 wrote to memory of 676	3036	Unicorn-62411.exe	Unicorn-56519.exe
PID 3036 wrote to memory of 676	3036	Unicorn-62411.exe	Unicorn-56519.exe
PID 3036 wrote to memory of 676	3036	Unicorn-62411.exe	Unicorn-56519.exe

C:\Users\Admin\AppData\Local\Temp\a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe
"C:\Users\Admin\AppData\Local\Temp\a160b46a975b157b7ecf3089d96d955bab35a00d0be4bee40919f7046f9f3b36.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-14087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14087.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
7⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
9⤵
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
9⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
8⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
10⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
12⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 236
13⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 220
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
11⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
9⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
8⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
11⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
12⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
11⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
9⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
8⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
7⤵
- Program crash
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
8⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
9⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
10⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
11⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
12⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
13⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
14⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
13⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
12⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
11⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
10⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 236
9⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-60378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60378.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
11⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
12⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
13⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 236
13⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
12⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
9⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
8⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
7⤵
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
7⤵
- Program crash
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
7⤵
- Executes dropped EXE
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
8⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
9⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
13⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
13⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
12⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
10⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
10⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
7⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
8⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
8⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
7⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
6⤵
- Program crash
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-49031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49031.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
8⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
11⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
13⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
12⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
10⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
9⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
10⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
11⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
12⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
11⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
8⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
7⤵
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
8⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
11⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
12⤵
PID:9680

C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
13⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
12⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
12⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
12⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
11⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-38163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38163.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
10⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
11⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-26979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26979.exe
12⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 236
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
10⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
8⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
7⤵
- Program crash
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
6⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
8⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
11⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
12⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
11⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
8⤵
- Program crash
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
10⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
11⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
12⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
11⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
8⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
7⤵
- Program crash
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
11⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 220
12⤵
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
8⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
9⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
10⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
11⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 220
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 220
10⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
9⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
8⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
6⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
5⤵
- Program crash
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
9⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
10⤵
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
11⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
12⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
13⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
14⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
14⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
13⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
12⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 236
11⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
10⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
11⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
12⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
13⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
12⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
11⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
10⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
9⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
10⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
11⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
12⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
13⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
13⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
12⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
11⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
10⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
9⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
8⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
10⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
11⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
12⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
12⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
11⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
12⤵
PID:11480

C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
13⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
8⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
10⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
11⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
12⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
13⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 220
13⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 220
12⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
11⤵
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
10⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-2852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2852.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
10⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
12⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 204
11⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 220
8⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
7⤵
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
8⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
9⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
11⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
12⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-53917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53917.exe
13⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 236
13⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
12⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
11⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 236
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
11⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
9⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
8⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
11⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 220
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
10⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
10⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 220
10⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
9⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
8⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
7⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
6⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
12⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
13⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
13⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
12⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
11⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
10⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
9⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-63168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63168.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
10⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
11⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 208
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
8⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
11⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
10⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
8⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
7⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
10⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
11⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 216
12⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
11⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
9⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
8⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
7⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
9⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
10⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
11⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 220
11⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
9⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
8⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
7⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
6⤵
- Program crash
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
5⤵
- Program crash
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-30091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30091.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
10⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
11⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
12⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
13⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
13⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 236
12⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
11⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
10⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
10⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
11⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
12⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
11⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
8⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
7⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
10⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
11⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
12⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
11⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
10⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
8⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
- Program crash
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
7⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
10⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 236
11⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
10⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
8⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
7⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
8⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
9⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
10⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
11⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
11⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
10⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
9⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
8⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
7⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
6⤵
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
7⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44956.exe
10⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
11⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
12⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
11⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
9⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
10⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
11⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
11⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
10⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
9⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
8⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
7⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
6⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
7⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
9⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
10⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
11⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 220
11⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
10⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
9⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
8⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
7⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
6⤵
- Program crash
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
5⤵
- Program crash
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
9⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
10⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
11⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
12⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
13⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
14⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
14⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
13⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
11⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
11⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
12⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
12⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
10⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
8⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
11⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 236
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 236
11⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
8⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-7405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7405.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
8⤵
PID:736

C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
10⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
11⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
12⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
13⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
13⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
12⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
10⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 236
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
10⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
11⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 236
12⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
11⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
9⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
8⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
7⤵
- Program crash
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
8⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
11⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
12⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
13⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
13⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
12⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
9⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
10⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
11⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
12⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
12⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
11⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
8⤵
- Program crash
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
7⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
11⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 220
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 220
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
8⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
6⤵
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
8⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
11⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
12⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
13⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
13⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
12⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
11⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
12⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 220
12⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 220
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
10⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
8⤵
- Program crash
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
7⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
11⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
12⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 236
12⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 236
11⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 236
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
8⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
6⤵
- Executes dropped EXE
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
7⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
10⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
11⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
12⤵
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 220
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
8⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
8⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
9⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
10⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
11⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
11⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 220
10⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
9⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
8⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
6⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
5⤵
- Program crash
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-46187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46187.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-21881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21881.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-43197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43197.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
12⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
13⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
13⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
11⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
10⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
9⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
10⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
11⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
12⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
8⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
7⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
10⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
11⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
12⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
11⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
8⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
10⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
10⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
8⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
6⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
7⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
11⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
8⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
9⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
10⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-58411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58411.exe
11⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
11⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
10⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
8⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 220
7⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
6⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
7⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
9⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
10⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
11⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
11⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
10⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
8⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
7⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
6⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
5⤵
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
2⤵
- Program crash
PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe

Filesize
184KB

MD5
41cdefc9839629a0f0e34c0bcb31096b

SHA1
80129d43dbadfdfcf947d29f9ecb9d93ad8e5563

SHA256
383f59d73d6b7bcc47ce1b8af5aac6110e6b008be7208c7f07528c6a28ef44c0

SHA512
debcb037d8ba95f129a8956919c8612f012ae071d49b070a0a88f31d912d85bd10e8de8c952cc0c1feaf59760bd45ca5030ac9285ea083735816f7b81ce84901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe

Filesize
184KB

MD5
38650571c8191974130e01df97ac12fb

SHA1
02c963ef9a4004999282f859a03d809361387669

SHA256
6b9a47438139f8ed183fd766f749fc84f055445f6669ad55fb5fdbf94794ca39

SHA512
27f3bd29210b9b64153f997bf5e9e811ce6ce13ec5efcba87d64091aec8a5da95fb157e52a55f57cf4af6a8bd8c06196ade6b228c6dbba7ec7caf85dce76cba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe

Filesize
184KB

MD5
1c5b8e9d893a90c389e27e9be747d329

SHA1
834d064eda0759b73288422a9836c18d30f8648b

SHA256
384faba95be162a1ccfd58c5d68a7141e1ec4d27f2e6ca70e55d95944b50cdc2

SHA512
8f0428496232c33ebe1fcd75366a19c6934a4b0f07a5e7c862e42b00172f20da24d5a6d70f686a5fcfd791fca919e649ac8127576032de7f59c24f88c78dc886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe

Filesize
184KB

MD5
38313ddb34769fe8a18254bde1981dd5

SHA1
fc3150f8635eb34dcb993e0bfc23732cd4c31189

SHA256
76670007ab0cd834afe3acafa7f7fdd3e8570b1eb6a1d069ac9ff40aaa478981

SHA512
ab3ea8e0468443e281c7e4ca051d9d7a64f78872c816f51abd485efab4003a57bc5e5fa2c479b61ad0b87b00e452321d154114d830438fa989f58d91689148f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe

Filesize
184KB

MD5
0e7e1ec049c982ca428abb9d0f608a19

SHA1
4a2759795434c6cd79a1295d5ffff8f76ce4f022

SHA256
4c17e5138685c8b90ec9649dc9da074dab7903cbfd571ca0e2ad054337c5ca40

SHA512
b27da0d0c7f7df6ea85fb9d9dee48360402b73c4730e8f6bf506bae7fdf9a1b35198172b36b1241a3ccd7b69b10f39b21b88fe4fc84b07548922a26231c6aa2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe

Filesize
184KB

MD5
297dae7c15e624685a0b63a075091fcd

SHA1
4e5a18d69a037c59ef546a45a78b660f6b3e2a58

SHA256
cb0b0adf45c78ec8cf846295f2f6672cd1e5badb73f2b0b6fb7c50058ea4cb16

SHA512
83e974a123e97f4c534f1139e52f840c0c55732e45aa1686eb0a35c0c43bc04c2c1c4fe4bfec060f9cbeb4dc9e900122b266443e53ec9fa1d5f94840afe3ad4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe

Filesize
184KB

MD5
4f038059d8a4481e43ba7a204379da7c

SHA1
8f941760e27e4fde5e2df73138d497a110ee2d86

SHA256
398412ce399ef5cf85dc74b110b17a069132eac5f393a53c20ce767520acfe24

SHA512
4cbe70facf3fc959453d09ad180bf9e258af24ff8537a23d2cd7cf47079d7157e3b3807a268d73b53f0fda2a5514999388498a9c0e11f12ccf79d03893d0baa5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14087.exe

Filesize
184KB

MD5
0ae1599d699cdf56ff309acfd443b1b3

SHA1
8805a7c326d9de89e5431a0c24845b14e89f07e5

SHA256
801c5338dc67c90478900292e58525ad705eec3e21688c2282074e98cb38568a

SHA512
bc6d6c26a6ce006c9b33c634610dbc168828d5bd3d1384c79de65d28309ede8856dcdd81e59ae565cf95cc06732d58a76b8f5cf6aefb22135dedaed8c99a03d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe

Filesize
184KB

MD5
b1d784481ccbb236ad9fd08a14051faa

SHA1
b867f644012515491a328a5459bdb1266d6a3b87

SHA256
3f4d4440cbe3e3933399ba806841d6f86ec60b42184296438cdb11f61ba5bb1c

SHA512
df381b8b60d6cd0c0a118f8a3447a072de3d0ca97a8523722b6109f041b175f4253c4125d69e1388afd87599f4b4460278d77ecddf7b53145d352305e33aced0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe

Filesize
184KB

MD5
bb8f3662c5e5ccc53a88a5d8ea34a8a5

SHA1
74f93512845f5600e3db6f2833a722b304b81adb

SHA256
ee5ab59389d1d3c02cf050d4ca76a679bf9ae91fd9da293c896e65f8170c77bc

SHA512
d18dd51c1f8482d8f90d95846c16b063c8b57a39da7b1028a98b85cf518bcecc4508d8ddcbcd54f843f6fff5af5dfe4a764ca35441c4502a55712028f8d81036

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe

Filesize
184KB

MD5
97afabcbf8709d03c6167b211e059315

SHA1
9fd6bf094d9137312a3f52faa6ee630e75df1f6b

SHA256
c68799d5722972b2a49dc9bb08dcdfb4c83f02824bc76944699ae2175f640139

SHA512
a74b6e54cedc362219c083149b555e5386060845686c9c199d9d141e689d3d356aeb9e304a57fd84cc9b8a4c46e6e964d650f6cef22569cf229aa55d7fa209f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe

Filesize
184KB

MD5
c56e4369872d0bc90c297fe837a67441

SHA1
5783ca357d3e68723150ed4eb85c6b148a81e08b

SHA256
de0b3414ac1d4734448a4577cfe6436702cb7c5639183d584aa3e1b9d175802b

SHA512
fdd6432ff5c27ef3f8b81a468cc661e1def3c52e27e4f65b5ec39066eb3700eaea6e911e4f95b78b60b0ba95d646bf2498e6df048aef20da1b92dbbce2ca65ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe

Filesize
184KB

MD5
b5039b87c9538c487003b31addbe7c91

SHA1
c35d3a2a14264152ef785a0bb0c41d1d10246965

SHA256
582a35947a55dc15bc584e9b6b0358efda7c32ee0bc9989791986c46332c2367

SHA512
938fae15c3f568c9d5a142da24a6531235eeb60c02d2371c791e486cee10c7e1f339c1fa33fc30c28ebb30f97df04564cf57a4b64848b6a6d4fdb830d917ec02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe

Filesize
184KB

MD5
af2af5cf0a76f91aca9e2649fecd58b9

SHA1
4c07022a4fcae9dcf06369f132825f3f906e1005

SHA256
e54ac08a0d6060b7d3c9fea5bd9af6b1c6288347f8fa8a655ad3e06f906a381d

SHA512
fab9e8a2b430a440cd4985902f5e0444518e5f3103d424dc7ad16288eed809a154f52b21ec49897bda8c281326e9bf4b80c9fde87f04ce7e8fb04027d187c384

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe

Filesize
184KB

MD5
4bf86ceb2fa915687be73f4832ab2600

SHA1
e98747247d34829de5ae028ba1fca2029d361d0e

SHA256
24674f45db9c7b1259934bda9a00643ad1d58c7aa6d86be8ff1ab6aa3c2b9ca9

SHA512
e38136c6f3433d76537861bbd513ed5c4394e74f43d4e32419d6f24c2041755fb53fd39c6dbbe5a549ac03c7b0d1d02d0f5d35b2c4c5cd6b27c9813a09a6ca3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe

Filesize
184KB

MD5
acfb7174354f8ee32f97602d5fa21d6d

SHA1
bf1517a6a05cbba8843b305fa1a0f4ee33a30a49

SHA256
041b81085a264cbdc19993cce504753cb8faf6501c9bde2bbb6f374af9cfbe88

SHA512
f8cb05fdfc072eeee19afb6e49d055fda6f50c2195ea5ef3ec22504ad7ab78bd7e07257840745d07474f0eae68a792efce553c85e9ace1dbfa666511d46ba765

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe

Filesize
184KB

MD5
38ab186f71588308af48ad82f2222f44

SHA1
76328fd33d0c81ff5d9ca9f029b6a46f0c69c495

SHA256
980d80ae6ba5e439939d149963841a03612b6852893165cc6afb108e6bba575b

SHA512
4e68b2615791987118ba4e8ebd27b70cc857d6afd1e3b93f60ef01eab18caa4718c9abf63099a44eb4979d72db893089ee93eb83966e26fdbdd9c407f79557cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe

Filesize
184KB

MD5
3e06bc753844796ee1f4a9397abe9aaf

SHA1
5bad80891822b35dbd2273779067d28d899c82f4

SHA256
90671095745fa81a16d4fb1a82628470fbff483107d8902b49474a7499118482

SHA512
e9ddcc4a25bd767b417de3c2ea3c3d5785fd63bae1cdc8efbf229d5a7271620e784ee651d29c480c598092cbb1883f71a9f9ac680323608aa3a04776955bd959

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe

Filesize
184KB

MD5
7d775ce3f5794e2e87a1f0230e753fc0

SHA1
8108152823af02c703cb937d6c348998f2910b48

SHA256
a4f930473d239218d798bde2a4f80265994e14641f3fa3bbb01447d1a1cd26c2

SHA512
5fbbdacfec571088053c6394ccea8688d068477d0538cff2a14b90cc3fd1944d09c3f1169418f1c0b7e9ca4d1841e18ccaf3c0948a98810628aef6f355fa3e26

Download Submit