a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
Size

184KB
MD5

7ffee36ee6a40e8213dfba6e95848d37
SHA1

74c60d29bdf4399badf72e23a72ecd28981a53f3
SHA256

a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e
SHA512

0047cb139cdd5f280c94b1dcabd6646f7287749cbbe2f8a5829e358263452f1ee130f2a104a9c7384fea173601d7f2dc617b545704cf550931b27fd4b6bd4863
SSDEEP

1536:GBS16jZlu3Cxotx1EZQAluwSG24/vZc8SmddjUVRC7zetahl5hj5nizpv/:KPa3CxoTaZQHjG9XekUVRksahlnViFn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-29490.exeUnicorn-162.exeUnicorn-30374.exeUnicorn-50038.exeUnicorn-44070.exeUnicorn-35908.exeUnicorn-3043.exeUnicorn-49291.exeUnicorn-64826.exeUnicorn-58666.exeUnicorn-46243.exeUnicorn-57.exeUnicorn-50410.exeUnicorn-42201.exeUnicorn-64157.exeUnicorn-19254.exeUnicorn-34521.exeUnicorn-64733.exeUnicorn-64733.exeUnicorn-49430.exeUnicorn-64697.exeUnicorn-7741.exeUnicorn-51275.exeUnicorn-39428.exeUnicorn-52391.exeUnicorn-49739.exeUnicorn-20679.exeUnicorn-26709.exeUnicorn-6843.exeUnicorn-30357.exeUnicorn-21674.exeUnicorn-8675.exeUnicorn-43739.exeUnicorn-34810.exeUnicorn-30211.exeUnicorn-61260.exeUnicorn-2329.exeUnicorn-63268.exeUnicorn-33274.exeUnicorn-28675.exeUnicorn-33082.exeUnicorn-13984.exeUnicorn-51587.exeUnicorn-31529.exeUnicorn-38458.exeUnicorn-38458.exeUnicorn-29417.exeUnicorn-49283.exeUnicorn-13958.exeUnicorn-49091.exeUnicorn-3673.exeUnicorn-3673.exeUnicorn-62474.exeUnicorn-56040.exeUnicorn-5256.exeUnicorn-3658.exeUnicorn-4234.exeUnicorn-5230.exeUnicorn-15256.exeUnicorn-39054.exeUnicorn-12952.exeUnicorn-55158.exeUnicorn-23062.exeUnicorn-18271.exe

pid	process
2220	Unicorn-29490.exe
2696	Unicorn-162.exe
1688	Unicorn-30374.exe
2812	Unicorn-50038.exe
2540	Unicorn-44070.exe
2848	Unicorn-35908.exe
3004	Unicorn-3043.exe
2172	Unicorn-49291.exe
2396	Unicorn-64826.exe
2500	Unicorn-58666.exe
340	Unicorn-46243.exe
2388	Unicorn-57.exe
1604	Unicorn-50410.exe
2912	Unicorn-42201.exe
572	Unicorn-64157.exe
944	Unicorn-19254.exe
1640	Unicorn-34521.exe
1516	Unicorn-64733.exe
1824	Unicorn-64733.exe
2472	Unicorn-49430.exe
2464	Unicorn-64697.exe
2288	Unicorn-7741.exe
896	Unicorn-51275.exe
680	Unicorn-39428.exe
2440	Unicorn-52391.exe
2272	Unicorn-49739.exe
2176	Unicorn-20679.exe
872	Unicorn-26709.exe
568	Unicorn-6843.exe
1696	Unicorn-30357.exe
3060	Unicorn-21674.exe
1796	Unicorn-8675.exe
2004	Unicorn-43739.exe
2904	Unicorn-34810.exe
2520	Unicorn-30211.exe
2648	Unicorn-61260.exe
2740	Unicorn-2329.exe
2588	Unicorn-63268.exe
3036	Unicorn-33274.exe
3016	Unicorn-28675.exe
1736	Unicorn-33082.exe
1768	Unicorn-13984.exe
2748	Unicorn-51587.exe
1600	Unicorn-31529.exe
668	Unicorn-38458.exe
264	Unicorn-38458.exe
1300	Unicorn-29417.exe
2052	Unicorn-49283.exe
2920	Unicorn-13958.exe
2496	Unicorn-49091.exe
644	Unicorn-3673.exe
1748	Unicorn-3673.exe
2692	Unicorn-62474.exe
1868	Unicorn-56040.exe
688	Unicorn-5256.exe
2592	Unicorn-3658.exe
1704	Unicorn-4234.exe
2104	Unicorn-5230.exe
2192	Unicorn-15256.exe
2296	Unicorn-39054.exe
2892	Unicorn-12952.exe
3068	Unicorn-55158.exe
2744	Unicorn-23062.exe
2964	Unicorn-18271.exe

Loads dropped DLL 64 IoCs

Processes:

a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exeUnicorn-29490.exeUnicorn-30374.exeWerFault.exeWerFault.exeUnicorn-50038.exeUnicorn-44070.exeWerFault.exeUnicorn-35908.exeUnicorn-49291.exeUnicorn-3043.exeWerFault.exeWerFault.exeUnicorn-64826.exeUnicorn-46243.exeUnicorn-57.exe

pid	process
2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
2220	Unicorn-29490.exe
2220	Unicorn-29490.exe
2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
1688	Unicorn-30374.exe
1688	Unicorn-30374.exe
2220	Unicorn-29490.exe
2220	Unicorn-29490.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2812	Unicorn-50038.exe
2812	Unicorn-50038.exe
2540	Unicorn-44070.exe
2540	Unicorn-44070.exe
1688	Unicorn-30374.exe
1688	Unicorn-30374.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2848	Unicorn-35908.exe
2848	Unicorn-35908.exe
2812	Unicorn-50038.exe
2812	Unicorn-50038.exe
2172	Unicorn-49291.exe
2172	Unicorn-49291.exe
3004	Unicorn-3043.exe
2540	Unicorn-44070.exe
3004	Unicorn-3043.exe
2540	Unicorn-44070.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2188	WerFault.exe
2188	WerFault.exe
2188	WerFault.exe
2188	WerFault.exe
2188	WerFault.exe
2396	Unicorn-64826.exe
2396	Unicorn-64826.exe
2848	Unicorn-35908.exe
2848	Unicorn-35908.exe
340	Unicorn-46243.exe
340	Unicorn-46243.exe
2388	Unicorn-57.exe
2388	Unicorn-57.exe
2172	Unicorn-49291.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2664	2416	WerFault.exe	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
2760	2696	WerFault.exe	Unicorn-162.exe
2684	2220	WerFault.exe	Unicorn-29490.exe
2020	1688	WerFault.exe	Unicorn-30374.exe
2284	2812	WerFault.exe	Unicorn-50038.exe
2188	2540	WerFault.exe	Unicorn-44070.exe
968	2848	WerFault.exe	Unicorn-35908.exe
1524	2172	WerFault.exe	Unicorn-49291.exe
1348	3004	WerFault.exe	Unicorn-3043.exe
2736	2396	WerFault.exe	Unicorn-64826.exe
2240	340	WerFault.exe	Unicorn-46243.exe
3044	2388	WerFault.exe	Unicorn-57.exe
2836	2500	WerFault.exe	Unicorn-58666.exe
2872	1604	WerFault.exe	Unicorn-50410.exe
2340	2912	WerFault.exe	Unicorn-42201.exe
1788	572	WerFault.exe	Unicorn-64157.exe
1256	944	WerFault.exe	Unicorn-19254.exe
2064	2472	WerFault.exe	Unicorn-49430.exe
2148	1824	WerFault.exe	Unicorn-64733.exe
2404	1516	WerFault.exe	Unicorn-64733.exe
1552	2464	WerFault.exe	Unicorn-64697.exe
2428	1640	WerFault.exe	Unicorn-34521.exe
2988	2288	WerFault.exe	Unicorn-7741.exe
3028	896	WerFault.exe	Unicorn-51275.exe
2552	680	WerFault.exe	Unicorn-39428.exe
800	2440	WerFault.exe	Unicorn-52391.exe
1560	2272	WerFault.exe	Unicorn-49739.exe
2068	2176	WerFault.exe	Unicorn-20679.exe
1740	3060	WerFault.exe	Unicorn-21674.exe
2044	1696	WerFault.exe	Unicorn-30357.exe
1996	872	WerFault.exe	Unicorn-26709.exe
2448	568	WerFault.exe	Unicorn-6843.exe
2308	2004	WerFault.exe	Unicorn-43739.exe
2716	1796	WerFault.exe	Unicorn-8675.exe
3636	2904	WerFault.exe	Unicorn-34810.exe
3704	2520	WerFault.exe	Unicorn-30211.exe
3728	2648	WerFault.exe	Unicorn-61260.exe
3864	2740	WerFault.exe	Unicorn-2329.exe
4016	2588	WerFault.exe	Unicorn-63268.exe
4092	3036	WerFault.exe	Unicorn-33274.exe
1960	1736	WerFault.exe	Unicorn-33082.exe
2576	264	WerFault.exe	Unicorn-38458.exe
4028	1748	WerFault.exe	Unicorn-3673.exe
4072	1600	WerFault.exe	Unicorn-31529.exe
3324	2692	WerFault.exe	Unicorn-62474.exe
3352	2052	WerFault.exe	Unicorn-49283.exe
3432	2892	WerFault.exe	Unicorn-12952.exe
3492	1868	WerFault.exe	Unicorn-56040.exe
3496	668	WerFault.exe	Unicorn-38458.exe
3592	1768	WerFault.exe	Unicorn-13984.exe
3628	2920	WerFault.exe	Unicorn-13958.exe
3668	552	WerFault.exe	Unicorn-65443.exe
3680	804	WerFault.exe	Unicorn-54390.exe
3712	1804	WerFault.exe	Unicorn-51302.exe
3744	2496	WerFault.exe	Unicorn-49091.exe
3812	2572	WerFault.exe	Unicorn-46694.exe
3820	1956	WerFault.exe	Unicorn-36575.exe
3860	2124	WerFault.exe	Unicorn-53622.exe
3920	1532	WerFault.exe	Unicorn-38879.exe
3928	836	WerFault.exe	Unicorn-54390.exe
3976	1684	WerFault.exe	Unicorn-20758.exe
4052	1876	WerFault.exe	Unicorn-23612.exe
3216	2688	WerFault.exe	Unicorn-34271.exe
3232	1140	WerFault.exe	Unicorn-3554.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exeUnicorn-29490.exeUnicorn-162.exeUnicorn-30374.exeUnicorn-50038.exeUnicorn-44070.exeUnicorn-35908.exeUnicorn-49291.exeUnicorn-3043.exeUnicorn-64826.exeUnicorn-58666.exeUnicorn-46243.exeUnicorn-57.exeUnicorn-50410.exeUnicorn-42201.exeUnicorn-64157.exeUnicorn-19254.exeUnicorn-64733.exeUnicorn-64733.exeUnicorn-34521.exeUnicorn-49430.exeUnicorn-64697.exeUnicorn-7741.exeUnicorn-51275.exeUnicorn-39428.exeUnicorn-52391.exeUnicorn-49739.exeUnicorn-20679.exeUnicorn-26709.exeUnicorn-6843.exeUnicorn-30357.exeUnicorn-21674.exeUnicorn-8675.exeUnicorn-43739.exeUnicorn-34810.exeUnicorn-30211.exeUnicorn-61260.exeUnicorn-2329.exeUnicorn-63268.exeUnicorn-33274.exeUnicorn-28675.exeUnicorn-33082.exeUnicorn-13984.exeUnicorn-51587.exeUnicorn-31529.exeUnicorn-38458.exeUnicorn-38458.exeUnicorn-29417.exeUnicorn-13958.exeUnicorn-49283.exeUnicorn-49091.exeUnicorn-3673.exeUnicorn-3673.exeUnicorn-62474.exeUnicorn-56040.exeUnicorn-5256.exeUnicorn-3658.exeUnicorn-4234.exeUnicorn-5230.exeUnicorn-15256.exeUnicorn-39054.exeUnicorn-12952.exeUnicorn-55158.exeUnicorn-23062.exe

pid	process
2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
2220	Unicorn-29490.exe
2696	Unicorn-162.exe
1688	Unicorn-30374.exe
2812	Unicorn-50038.exe
2540	Unicorn-44070.exe
2848	Unicorn-35908.exe
2172	Unicorn-49291.exe
3004	Unicorn-3043.exe
2396	Unicorn-64826.exe
2500	Unicorn-58666.exe
340	Unicorn-46243.exe
2388	Unicorn-57.exe
1604	Unicorn-50410.exe
2912	Unicorn-42201.exe
572	Unicorn-64157.exe
944	Unicorn-19254.exe
1824	Unicorn-64733.exe
1516	Unicorn-64733.exe
1640	Unicorn-34521.exe
2472	Unicorn-49430.exe
2464	Unicorn-64697.exe
2288	Unicorn-7741.exe
896	Unicorn-51275.exe
680	Unicorn-39428.exe
2440	Unicorn-52391.exe
2272	Unicorn-49739.exe
2176	Unicorn-20679.exe
872	Unicorn-26709.exe
568	Unicorn-6843.exe
1696	Unicorn-30357.exe
3060	Unicorn-21674.exe
1796	Unicorn-8675.exe
2004	Unicorn-43739.exe
2904	Unicorn-34810.exe
2520	Unicorn-30211.exe
2648	Unicorn-61260.exe
2740	Unicorn-2329.exe
2588	Unicorn-63268.exe
3036	Unicorn-33274.exe
3016	Unicorn-28675.exe
1736	Unicorn-33082.exe
1768	Unicorn-13984.exe
2748	Unicorn-51587.exe
1600	Unicorn-31529.exe
668	Unicorn-38458.exe
264	Unicorn-38458.exe
1300	Unicorn-29417.exe
2920	Unicorn-13958.exe
2052	Unicorn-49283.exe
2496	Unicorn-49091.exe
644	Unicorn-3673.exe
1748	Unicorn-3673.exe
2692	Unicorn-62474.exe
1868	Unicorn-56040.exe
688	Unicorn-5256.exe
2592	Unicorn-3658.exe
1704	Unicorn-4234.exe
2104	Unicorn-5230.exe
2192	Unicorn-15256.exe
2296	Unicorn-39054.exe
2892	Unicorn-12952.exe
3068	Unicorn-55158.exe
2744	Unicorn-23062.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exeUnicorn-29490.exeUnicorn-30374.exeUnicorn-162.exeUnicorn-50038.exeUnicorn-44070.exeUnicorn-35908.exeUnicorn-49291.exeUnicorn-3043.exe

description	pid	process	target process
PID 2416 wrote to memory of 2220	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-29490.exe
PID 2416 wrote to memory of 2220	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-29490.exe
PID 2416 wrote to memory of 2220	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-29490.exe
PID 2416 wrote to memory of 2220	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-29490.exe
PID 2220 wrote to memory of 2696	2220	Unicorn-29490.exe	Unicorn-162.exe
PID 2220 wrote to memory of 2696	2220	Unicorn-29490.exe	Unicorn-162.exe
PID 2220 wrote to memory of 2696	2220	Unicorn-29490.exe	Unicorn-162.exe
PID 2220 wrote to memory of 2696	2220	Unicorn-29490.exe	Unicorn-162.exe
PID 2416 wrote to memory of 1688	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-30374.exe
PID 2416 wrote to memory of 1688	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-30374.exe
PID 2416 wrote to memory of 1688	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-30374.exe
PID 2416 wrote to memory of 1688	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	Unicorn-30374.exe
PID 2416 wrote to memory of 2664	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	WerFault.exe
PID 2416 wrote to memory of 2664	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	WerFault.exe
PID 2416 wrote to memory of 2664	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	WerFault.exe
PID 2416 wrote to memory of 2664	2416	a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe	WerFault.exe
PID 1688 wrote to memory of 2812	1688	Unicorn-30374.exe	Unicorn-50038.exe
PID 1688 wrote to memory of 2812	1688	Unicorn-30374.exe	Unicorn-50038.exe
PID 1688 wrote to memory of 2812	1688	Unicorn-30374.exe	Unicorn-50038.exe
PID 1688 wrote to memory of 2812	1688	Unicorn-30374.exe	Unicorn-50038.exe
PID 2696 wrote to memory of 2760	2696	Unicorn-162.exe	WerFault.exe
PID 2696 wrote to memory of 2760	2696	Unicorn-162.exe	WerFault.exe
PID 2696 wrote to memory of 2760	2696	Unicorn-162.exe	WerFault.exe
PID 2696 wrote to memory of 2760	2696	Unicorn-162.exe	WerFault.exe
PID 2220 wrote to memory of 2540	2220	Unicorn-29490.exe	Unicorn-44070.exe
PID 2220 wrote to memory of 2540	2220	Unicorn-29490.exe	Unicorn-44070.exe
PID 2220 wrote to memory of 2540	2220	Unicorn-29490.exe	Unicorn-44070.exe
PID 2220 wrote to memory of 2540	2220	Unicorn-29490.exe	Unicorn-44070.exe
PID 2220 wrote to memory of 2684	2220	Unicorn-29490.exe	WerFault.exe
PID 2220 wrote to memory of 2684	2220	Unicorn-29490.exe	WerFault.exe
PID 2220 wrote to memory of 2684	2220	Unicorn-29490.exe	WerFault.exe
PID 2220 wrote to memory of 2684	2220	Unicorn-29490.exe	WerFault.exe
PID 2812 wrote to memory of 2848	2812	Unicorn-50038.exe	Unicorn-35908.exe
PID 2812 wrote to memory of 2848	2812	Unicorn-50038.exe	Unicorn-35908.exe
PID 2812 wrote to memory of 2848	2812	Unicorn-50038.exe	Unicorn-35908.exe
PID 2812 wrote to memory of 2848	2812	Unicorn-50038.exe	Unicorn-35908.exe
PID 2540 wrote to memory of 3004	2540	Unicorn-44070.exe	Unicorn-3043.exe
PID 2540 wrote to memory of 3004	2540	Unicorn-44070.exe	Unicorn-3043.exe
PID 2540 wrote to memory of 3004	2540	Unicorn-44070.exe	Unicorn-3043.exe
PID 2540 wrote to memory of 3004	2540	Unicorn-44070.exe	Unicorn-3043.exe
PID 1688 wrote to memory of 2172	1688	Unicorn-30374.exe	Unicorn-49291.exe
PID 1688 wrote to memory of 2172	1688	Unicorn-30374.exe	Unicorn-49291.exe
PID 1688 wrote to memory of 2172	1688	Unicorn-30374.exe	Unicorn-49291.exe
PID 1688 wrote to memory of 2172	1688	Unicorn-30374.exe	Unicorn-49291.exe
PID 1688 wrote to memory of 2020	1688	Unicorn-30374.exe	WerFault.exe
PID 1688 wrote to memory of 2020	1688	Unicorn-30374.exe	WerFault.exe
PID 1688 wrote to memory of 2020	1688	Unicorn-30374.exe	WerFault.exe
PID 1688 wrote to memory of 2020	1688	Unicorn-30374.exe	WerFault.exe
PID 2848 wrote to memory of 2396	2848	Unicorn-35908.exe	Unicorn-64826.exe
PID 2848 wrote to memory of 2396	2848	Unicorn-35908.exe	Unicorn-64826.exe
PID 2848 wrote to memory of 2396	2848	Unicorn-35908.exe	Unicorn-64826.exe
PID 2848 wrote to memory of 2396	2848	Unicorn-35908.exe	Unicorn-64826.exe
PID 2812 wrote to memory of 2500	2812	Unicorn-50038.exe	Unicorn-58666.exe
PID 2812 wrote to memory of 2500	2812	Unicorn-50038.exe	Unicorn-58666.exe
PID 2812 wrote to memory of 2500	2812	Unicorn-50038.exe	Unicorn-58666.exe
PID 2812 wrote to memory of 2500	2812	Unicorn-50038.exe	Unicorn-58666.exe
PID 2172 wrote to memory of 340	2172	Unicorn-49291.exe	Unicorn-46243.exe
PID 2172 wrote to memory of 340	2172	Unicorn-49291.exe	Unicorn-46243.exe
PID 2172 wrote to memory of 340	2172	Unicorn-49291.exe	Unicorn-46243.exe
PID 2172 wrote to memory of 340	2172	Unicorn-49291.exe	Unicorn-46243.exe
PID 3004 wrote to memory of 2388	3004	Unicorn-3043.exe	Unicorn-57.exe
PID 3004 wrote to memory of 2388	3004	Unicorn-3043.exe	Unicorn-57.exe
PID 3004 wrote to memory of 2388	3004	Unicorn-3043.exe	Unicorn-57.exe
PID 3004 wrote to memory of 2388	3004	Unicorn-3043.exe	Unicorn-57.exe

C:\Users\Admin\AppData\Local\Temp\a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe
"C:\Users\Admin\AppData\Local\Temp\a2a34882f40dabe9d8ce0e97db785866d4ba3ec2dea32a829a205d57853bb16e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-29490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29490.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
9⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
12⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
13⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
14⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 220
14⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 236
13⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
12⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
11⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
10⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
11⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
12⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
13⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
11⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
10⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 220
12⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
11⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
10⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 220
8⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
8⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
9⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
11⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
12⤵
PID:9244

C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 216
13⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 220
12⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
11⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
9⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
11⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
12⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 220
8⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
7⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
9⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
11⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
12⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
13⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 220
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 204
12⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
10⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
9⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
8⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
11⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 220
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
8⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
7⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
11⤵
PID:9556

C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
12⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 220
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
11⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
10⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
8⤵
- Program crash
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
7⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
6⤵
- Program crash
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
7⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
8⤵
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
11⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 236
12⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 220
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 216
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
8⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
9⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
10⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
11⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
11⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
10⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
9⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
6⤵
- Program crash
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
5⤵
- Program crash
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
8⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
9⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
11⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
12⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
13⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
13⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
12⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
10⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
9⤵
- Program crash
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
11⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
12⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
9⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 220
8⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-42930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42930.exe
8⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
11⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 236
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
11⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
10⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
8⤵
- Program crash
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
7⤵
- Program crash
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
7⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
10⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
11⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
12⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
12⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 220
11⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 220
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
7⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
9⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
10⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
11⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
11⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
10⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
9⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
8⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
7⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
6⤵
- Program crash
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
7⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
10⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
11⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 236
12⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
8⤵
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 216
7⤵
- Program crash
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
6⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
7⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
10⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
11⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
11⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 220
9⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
8⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
7⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
6⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
5⤵
- Program crash
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
10⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
11⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
12⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
13⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
14⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
15⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
15⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
14⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
13⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
12⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
11⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-6863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6863.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
11⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
12⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
13⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
14⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
13⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
12⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
11⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
10⤵
- Program crash
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
9⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
11⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
12⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
13⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
14⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
14⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
13⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
12⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
11⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
10⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
9⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
10⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
11⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
12⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
13⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
14⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
14⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 204
13⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
12⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
11⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
10⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
9⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
11⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
12⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
13⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 220
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
12⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
11⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
9⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
8⤵
- Program crash
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
9⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
11⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
12⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
13⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
14⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
14⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
13⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
12⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
11⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 236
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
11⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
13⤵
PID:696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
13⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
12⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
10⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
8⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
11⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
12⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
12⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
9⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
8⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
7⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
9⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
11⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
12⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
13⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
13⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
12⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
11⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
11⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 216
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
11⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
8⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
11⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
12⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 236
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
10⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
9⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
11⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
12⤵
PID:11516

C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
13⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
9⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
11⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 220
12⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 220
10⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
8⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
7⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
6⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
9⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
10⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
11⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
12⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
13⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
12⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
11⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
11⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
12⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
12⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
8⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
11⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
12⤵
PID:11400

C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
13⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
9⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
8⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
11⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
12⤵
PID:11584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
13⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
11⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
11⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
12⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
11⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
9⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
8⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 240
7⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
8⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
9⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
8⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
7⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
10⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
11⤵
PID:11356

C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
10⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
8⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
6⤵
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
5⤵
- Program crash
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
8⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
11⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
12⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
13⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
13⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
12⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
11⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
11⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
12⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 236
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
8⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
7⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
8⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
10⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
11⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
8⤵
- Program crash
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
7⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
11⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 220
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
9⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
8⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
7⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
11⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
10⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 236
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
8⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 220
7⤵
- Program crash
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
6⤵
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
11⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
12⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
8⤵
- Program crash
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
7⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
8⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
9⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
10⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
11⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 236
11⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
10⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 220
9⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
8⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
6⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
7⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
9⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
10⤵
PID:9284

C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
11⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 216
11⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
10⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 220
9⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 216
8⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
7⤵
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
6⤵
- Program crash
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
5⤵
- Program crash
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
9⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
11⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
12⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
13⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
14⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
14⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
13⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
12⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
11⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
10⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
11⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
11⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
8⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
10⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
11⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
12⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
13⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
13⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 236
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
11⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
8⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
7⤵
- Executes dropped EXE
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
10⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
12⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
13⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
13⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
12⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
11⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
10⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
11⤵
PID:11304

C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
12⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
8⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-22507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22507.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
11⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 236
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 236
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
10⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
11⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
12⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 236
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
8⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
10⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
11⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 220
11⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
10⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
8⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
6⤵
- Program crash
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57045.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
10⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
11⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
12⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
11⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
9⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
8⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44337.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
9⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
10⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
11⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
10⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
7⤵
- Program crash
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
6⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
10⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
11⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 220
10⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
9⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
8⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
7⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
6⤵
- Program crash
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
5⤵
- Program crash
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
7⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
8⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
10⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
11⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
12⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 220
12⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 220
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
8⤵
- Program crash
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
9⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
10⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
11⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
10⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
8⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
6⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
9⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
10⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
11⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 236
11⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
10⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 220
9⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
8⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
7⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
6⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13958.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
6⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
7⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
8⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
10⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
11⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
11⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 220
10⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
9⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
8⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
7⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
6⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
7⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
8⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
9⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
10⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
10⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
9⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
8⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
7⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
6⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
5⤵
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
4⤵
- Program crash
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
2⤵
- Program crash
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe

Filesize
184KB

MD5
7d6e7eaad64e1710f314a7bb2bcde206

SHA1
1c668c0eb2e7602979905a129c05385a0c856f99

SHA256
2b14e0d8d6e19e7d48f6388ee3a2b070978cf48376b5991ef22eb8aba2096037

SHA512
7040aa1fb5d426cce160459442423bfcca399b4b875ff56bee2f94b58fea2e1e03f9131b5176e5d0cdb2c9bd17373f52ced294e32ce4e01fdf210bc6e3e31db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe

Filesize
184KB

MD5
f0d532d14078093e93f27a8845a62dd8

SHA1
fae79a71f660c225f8dbffa44b8d793875932817

SHA256
5023db4d183525229b295e9dcfd75c2b66ad170222f862db5a1cc0f384b4c1a0

SHA512
d8bb7b6524e0c14a4d4bf2e9b93ad55404a59b9b985b6db4911f18a6d42eb70e9d7434f41391367fbd1d8aa37931aca563f3c3fc4c82d44436788b3b9c955433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe

Filesize
184KB

MD5
f4bf1aa46cedc9aef2b3b204237e97c2

SHA1
0e934aca467b03e72eb8b820e5e9c16941cbc32f

SHA256
c277a7f231ca6984d3d5560f0a74fdb7e6077b8b0d6ab5707d23ef7c1333d2aa

SHA512
e6866e15e1c3d23ea5d297f6eacfcc2c14790588c9e5bcc2ace187f22c0e01950664176a3f97de46db60bcb8c7e3cfbb72a413bfc1b1695c6b1eb2e579e22dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe

Filesize
184KB

MD5
732835c7e40c9729d2055eb910218967

SHA1
98ce0d6456b8baaa7594ae73a772fa353b183f10

SHA256
90c25ee57043e30c16d2f688904c5547d41efdacc23f6d3df72624a31bffa722

SHA512
78af9cbd3d3fc13cfa190fc6ae83cb6fc0c293fcf5b8f6b535290276b643b9c2efe5effadc8e0f8b9d1fb459d4a71f8b32fed0d57a802e3ac4302a299a46b087

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe

Filesize
184KB

MD5
b7b900fa9407b8e95e5517b714167f8f

SHA1
7c49155f1839006e37fb0043c59193b02bf7cdd0

SHA256
2aa11a0fbef95aa579084ba6d71029e15bfbc93d5a7684db5796d17272166ba9

SHA512
db1069ea1d5af470f788d4edbd43ac81678402d090ebd510d466b72dde94cdd86d6d862dbab11a87649fd89eefb71d4514ce43c0ffad3d6afff0d82ac31611f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe

Filesize
184KB

MD5
14af3fbc24cfdbe6645c1efa44823ebb

SHA1
ead292300e874f611637960b1bb8eabe53cfcc26

SHA256
9358ab2fdc6b19cae9fbb9983bda08868826c56cbe755f0922c100a74cd81f80

SHA512
e686399da25ea6bcdb8d461681f6c28ac57fc8ee557e0af0e0f4f67598e74c4ad7a3c1bc0d4a551abe52e2b29188a0da96daef257fdabd801e844bcdccfa7035

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe

Filesize
184KB

MD5
8561c23d2a3016d8bb9f6890a613bacf

SHA1
78fcf44b4919c879447998c82be68797f21946c2

SHA256
40cb7b038a9abff7fde107c47079d85a15b57278429ca81657bad80382160229

SHA512
67a8475f73152aa292823535e21c423b0b0ddc322494609da075f4634a92e715fa340d40e961510ea607292779dbbaeac3e53ae931ceea69729ff4be23895ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe

Filesize
184KB

MD5
5edea79082413ed254465fa1bfebd362

SHA1
f37d90337fd280b9bbf01a1e91642040ede6f81a

SHA256
8f3f52fa47ae55998513aac4d799a294d57157004af466b7afdfdb1c3c40c6c3

SHA512
7246cf3c034d39997a24cf013008fd98998aed2488d1a5ac87785f60e1ec29c9ba4d69794a2f20cb901c28c90725a15ba699ef35ccf883f533e799c4a505934a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-162.exe

Filesize
184KB

MD5
a4f56b9404d90a6cf06f735de364d16d

SHA1
05920f97875b13d8a7cc38b5558db2727819aa68

SHA256
6d9d34f4791aa772c4d3b1069249477b3669e6359672755339fd9199cce4f179

SHA512
ee60df93de2e909bffc1bc16ef31f9b012ebe79fc76af45d0eff468941a3d5753233e130f5c37f7a1f457ed793772e76c12380c48e1bccafde10ad9117ea66f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29490.exe

Filesize
184KB

MD5
f8bbc6e352016e1d47f273dd12e0b5a5

SHA1
3fe7ba1f6ece44d0b627fd6e35cfac2bd89822f6

SHA256
9af2c3637336d2b20b6f71921342fc08f81b626d8d2a6e2dbd2d4ce509c9eb62

SHA512
93056e134ca88bd992bb230f0d1dc109d4d0fc2cada73624bef7e5a994e23b4eae5afad17b2064353bff7bec66f6d3f22d1bc32e7966cba799c5444af1882db3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe

Filesize
184KB

MD5
419e4d8890a89729be7dd08c722bea35

SHA1
fba3328980d7a34dea8c18394c520d76164ee6e0

SHA256
af8cba6ff1930263ab6f94850f3d5ceeea67f27d2fd1d9cd5d9ed1a888e566d5

SHA512
c61500322907a7d777aa44da8f705657421966efe61abae42597165bb8419dc76a1ed751e30593d6604d18ef18f30f327836d74448cd63fce7d1c0b004ac6667

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe

Filesize
184KB

MD5
0ad4db05dfe8a149b1a0cd219e69b0fc

SHA1
a06e9f0a1d3880d3593fdd1a4085ed4219a72d7a

SHA256
1cf477f16db8668de40129f9a482ef7ae88cc1c30764ef1d070dd0e940b393cd

SHA512
e3c0203a6ab7f070494cc8cc310c2c4e4fa3a8ca08771802a0f15e6101f6db648d80ea20f51ef2801ea4834e4270cdeb5bfda81bdfeabaff36f59354dcc8a31d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe

Filesize
184KB

MD5
06d0c125126f5d1aea9732abeceb2c19

SHA1
a547816e84d935e998fd72cc38977591a8c1a1cf

SHA256
65a3e88e1ee6dfccd49a8f49e4420109726e64e98de94379ad3325a9fe9064d4

SHA512
6165d9ce10cd3d55058ff0354f75464183da2077a84db705f9e6834682886ca34200b0d347ea1b7d0a4fdb72e2620d8245fd8ca62459b451e88c9e83a1e7ab38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe

Filesize
184KB

MD5
b49e711fb33c28fc148e566ca976d51e

SHA1
3ec0f4d9c37fd5d2174464c067c5629dbc8be61a

SHA256
43e4363a27d736b115a8640879c0285b938fa34f6051da759b0bb4e2a86b4422

SHA512
2e5fe5bfdace1a52192ad34f83580ba8fe5d48aa7c8dd8fc2fb9c65bc23c48f5efbfe5332bf0e4cd36e7be32071990f9c8ad09fc29b0ec59e24452340ce5599e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe

Filesize
184KB

MD5
9214dfea4b40b1edb878912fc7fb38e1

SHA1
6b3189ec8eabe0ff3d041ea5fee6d24a6e8e0dcb

SHA256
036100c94c00667e1502de7e47f62caf6e6b119ef0d3fa86dd071c96f4a867be

SHA512
75be6c544d25ec457534148f5e9b3e4f596a97b95cf70102fafb1e5f111741000fed5cae9f585e01969a503df58bab41e2f2443b4f53c7608facc7e4fe04ca92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe

Filesize
184KB

MD5
dd3bd28f88dffaa00d356ab356cac800

SHA1
2276702255c1519a9789e1fdef61288c4ccd075f

SHA256
6897d6b19e923aa84d5c5dd823934bf2ad0cbf6c384b72993dafa9e62ff3cf46

SHA512
7e1c971f2cf46369da8ade518c156c8094f28f13a563012ba1c18ee29155daffeb2a91a4b656a91ea2268f549a32f0ec3d660630c5e062466f87e11837a68c9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57.exe

Filesize
184KB

MD5
8c903c43c4b01cbe2b3a7a210c4c7693

SHA1
08b88553814dd213398b76ad1a899e8182f1a970

SHA256
666bc7845ea4d9bec8251037d10b03e7795b7ad18c25e1f1fe26ab7dbb9ea5a2

SHA512
35382c340d0bc2a3223e2b15427d59e7f6f51645bb3e7e5a506df158d00a1a29bf321e197f855bd6c80d5d90e27dec0358953ab28f892e0d2703ef395248235d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe

Filesize
184KB

MD5
74aab09a97dfa4441c02747ff2c64f66

SHA1
1d90c2119fce231b7b9f5c918e9112e088a49923

SHA256
9eeac6859a17f0c43339c4ad72867703795c6311487b17799ecee9d1d5346e51

SHA512
2928cceebb4005893cd842ea6ca991fb42d0eb1227f92e06a435a4ace771e22c422ba2a0d6359eabdda3ddb57b885701b156a6f655d3dfe1db903756281e5785

Download Submit