6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
Size

184KB
MD5

5c5a6de3fa73d43eaedfd8976bfc5cea
SHA1

1b7b0129fb16790e58be6a9b04e8758228e9a3e2
SHA256

6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b
SHA512

1cdeac8928b83210f1f3798f0f8649738ba67c434050f7e1d15be93728cc7ba5c3adc7a0bfa2d96ee2b2d2507f6cf83f114eb444a52e2f7d3767ee8e8c045980
SSDEEP

3072:xww3h8oLecm3dFaWe71LYtGihlnViFFn3:xwtoktFazLwGihlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-16611.exeUnicorn-60741.exeUnicorn-40875.exeUnicorn-21738.exeUnicorn-56548.exeUnicorn-5956.exeUnicorn-1364.exeUnicorn-47036.exeUnicorn-9532.exeUnicorn-24477.exeUnicorn-44343.exeUnicorn-17461.exeUnicorn-45495.exeUnicorn-3263.exeUnicorn-23129.exeUnicorn-57939.exeUnicorn-27213.exeUnicorn-42157.exeUnicorn-29242.exeUnicorn-6875.exeUnicorn-21820.exeUnicorn-58022.exeUnicorn-58022.exeUnicorn-7430.exeUnicorn-653.exeUnicorn-35464.exeUnicorn-15598.exeUnicorn-50409.exeUnicorn-22972.exeUnicorn-42838.exeUnicorn-20280.exeUnicorn-55090.exeUnicorn-35224.exeUnicorn-16750.exeUnicorn-14633.exeUnicorn-7020.exeUnicorn-30970.exeUnicorn-4327.exeUnicorn-4327.exeUnicorn-1867.exeUnicorn-21733.exeUnicorn-54275.exeUnicorn-26009.exeUnicorn-60819.exeUnicorn-27632.exeUnicorn-6548.exeUnicorn-18801.exeUnicorn-53611.exeUnicorn-22885.exeUnicorn-19547.exeUnicorn-39413.exeUnicorn-1073.exeUnicorn-35883.exeUnicorn-28915.exeUnicorn-41167.exeUnicorn-25385.exeUnicorn-49335.exeUnicorn-22693.exeUnicorn-53419.exeUnicorn-57695.exeUnicorn-41913.exeUnicorn-61779.exeUnicorn-326.exeUnicorn-45998.exe

pid	process
2964	Unicorn-16611.exe
2920	Unicorn-60741.exe
2524	Unicorn-40875.exe
2956	Unicorn-21738.exe
2772	Unicorn-56548.exe
2544	Unicorn-5956.exe
1708	Unicorn-1364.exe
1532	Unicorn-47036.exe
2700	Unicorn-9532.exe
2212	Unicorn-24477.exe
1956	Unicorn-44343.exe
1656	Unicorn-17461.exe
1740	Unicorn-45495.exe
2064	Unicorn-3263.exe
1392	Unicorn-23129.exe
1668	Unicorn-57939.exe
2080	Unicorn-27213.exe
324	Unicorn-42157.exe
1960	Unicorn-29242.exe
412	Unicorn-6875.exe
1920	Unicorn-21820.exe
1680	Unicorn-58022.exe
1772	Unicorn-58022.exe
1048	Unicorn-7430.exe
2148	Unicorn-653.exe
1284	Unicorn-35464.exe
2032	Unicorn-15598.exe
1716	Unicorn-50409.exe
888	Unicorn-22972.exe
2512	Unicorn-42838.exe
3068	Unicorn-20280.exe
2616	Unicorn-55090.exe
344	Unicorn-35224.exe
3052	Unicorn-16750.exe
2736	Unicorn-14633.exe
2336	Unicorn-7020.exe
2476	Unicorn-30970.exe
2468	Unicorn-4327.exe
2432	Unicorn-4327.exe
2704	Unicorn-1867.exe
2552	Unicorn-21733.exe
636	Unicorn-54275.exe
1536	Unicorn-26009.exe
2644	Unicorn-60819.exe
1044	Unicorn-27632.exe
2060	Unicorn-6548.exe
2324	Unicorn-18801.exe
680	Unicorn-53611.exe
584	Unicorn-22885.exe
1496	Unicorn-19547.exe
1864	Unicorn-39413.exe
1672	Unicorn-1073.exe
1344	Unicorn-35883.exe
1352	Unicorn-28915.exe
1828	Unicorn-41167.exe
2072	Unicorn-25385.exe
2260	Unicorn-49335.exe
2292	Unicorn-22693.exe
1304	Unicorn-53419.exe
1608	Unicorn-57695.exe
2372	Unicorn-41913.exe
2116	Unicorn-61779.exe
2724	Unicorn-326.exe
2628	Unicorn-45998.exe

Loads dropped DLL 64 IoCs

Processes:

6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exeUnicorn-16611.exeUnicorn-40875.exeUnicorn-60741.exeWerFault.exeUnicorn-21738.exeUnicorn-5956.exeUnicorn-56548.exeWerFault.exeUnicorn-47036.exeUnicorn-9532.exeUnicorn-24477.exeUnicorn-44343.exeWerFault.exeWerFault.exeUnicorn-17461.exeWerFault.exeUnicorn-45495.exe

pid	process
2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
2964	Unicorn-16611.exe
2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
2964	Unicorn-16611.exe
2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
2524	Unicorn-40875.exe
2524	Unicorn-40875.exe
2920	Unicorn-60741.exe
2920	Unicorn-60741.exe
2964	Unicorn-16611.exe
2964	Unicorn-16611.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
2956	Unicorn-21738.exe
2524	Unicorn-40875.exe
2956	Unicorn-21738.exe
2524	Unicorn-40875.exe
2544	Unicorn-5956.exe
2544	Unicorn-5956.exe
2920	Unicorn-60741.exe
2920	Unicorn-60741.exe
2772	Unicorn-56548.exe
2772	Unicorn-56548.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
2956	Unicorn-21738.exe
2956	Unicorn-21738.exe
1532	Unicorn-47036.exe
1532	Unicorn-47036.exe
2544	Unicorn-5956.exe
2544	Unicorn-5956.exe
2700	Unicorn-9532.exe
2700	Unicorn-9532.exe
2212	Unicorn-24477.exe
2212	Unicorn-24477.exe
1956	Unicorn-44343.exe
1956	Unicorn-44343.exe
2772	Unicorn-56548.exe
2772	Unicorn-56548.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
1656	Unicorn-17461.exe
1656	Unicorn-17461.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
616	WerFault.exe
1804	WerFault.exe
1740	Unicorn-45495.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2804	2268	WerFault.exe	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
2912	2964	WerFault.exe	Unicorn-16611.exe
1032	2920	WerFault.exe	Unicorn-60741.exe
1800	2956	WerFault.exe	Unicorn-21738.exe
616	2544	WerFault.exe	Unicorn-5956.exe
1804	2772	WerFault.exe	Unicorn-56548.exe
1164	1532	WerFault.exe	Unicorn-47036.exe
1992	2700	WerFault.exe	Unicorn-9532.exe
2264	2212	WerFault.exe	Unicorn-24477.exe
1620	1956	WerFault.exe	Unicorn-44343.exe
624	1656	WerFault.exe	Unicorn-17461.exe
1692	1740	WerFault.exe	Unicorn-45495.exe
2328	2064	WerFault.exe	Unicorn-3263.exe
820	1392	WerFault.exe	Unicorn-23129.exe
1632	1668	WerFault.exe	Unicorn-57939.exe
2332	324	WerFault.exe	Unicorn-42157.exe
1332	2080	WerFault.exe	Unicorn-27213.exe
1308	1960	WerFault.exe	Unicorn-29242.exe
2808	412	WerFault.exe	Unicorn-6875.exe
2412	1920	WerFault.exe	Unicorn-21820.exe
1060	1680	WerFault.exe	Unicorn-58022.exe
1488	2032	WerFault.exe	Unicorn-15598.exe
1484	1772	WerFault.exe	Unicorn-58022.exe
3032	1048	WerFault.exe	Unicorn-7430.exe
3040	2148	WerFault.exe	Unicorn-653.exe
940	1716	WerFault.exe	Unicorn-50409.exe
1728	1284	WerFault.exe	Unicorn-35464.exe
1744	888	WerFault.exe	Unicorn-22972.exe
2472	2512	WerFault.exe	Unicorn-42838.exe
2712	2616	WerFault.exe	Unicorn-55090.exe
1724	3052	WerFault.exe	Unicorn-16750.exe
2604	344	WerFault.exe	Unicorn-35224.exe
1552	2736	WerFault.exe	Unicorn-14633.exe
1820	2336	WerFault.exe	Unicorn-7020.exe
1528	2704	WerFault.exe	Unicorn-1867.exe
2176	2432	WerFault.exe	Unicorn-4327.exe
2976	1044	WerFault.exe	Unicorn-27632.exe
2744	2476	WerFault.exe	Unicorn-30970.exe
304	1536	WerFault.exe	Unicorn-26009.exe
3080	2644	WerFault.exe	Unicorn-60819.exe
3096	636	WerFault.exe	Unicorn-54275.exe
3112	2552	WerFault.exe	Unicorn-21733.exe
3128	2468	WerFault.exe	Unicorn-4327.exe
3764	2060	WerFault.exe	Unicorn-6548.exe
4008	584	WerFault.exe	Unicorn-22885.exe
4092	1864	WerFault.exe	Unicorn-39413.exe
3524	3048	WerFault.exe	Unicorn-54166.exe
3668	2596	WerFault.exe	Unicorn-4410.exe
3760	2372	WerFault.exe	Unicorn-41913.exe
3332	3104	WerFault.exe	Unicorn-64021.exe
3984	2260	WerFault.exe	Unicorn-49335.exe
3624	1828	WerFault.exe	Unicorn-41167.exe
4048	680	WerFault.exe	Unicorn-53611.exe
4112	1344	WerFault.exe	Unicorn-35883.exe
4136	1496	WerFault.exe	Unicorn-19547.exe
4196	1708	WerFault.exe	Unicorn-8494.exe
4212	924	WerFault.exe	Unicorn-2703.exe
4284	2832	WerFault.exe	Unicorn-10871.exe
4380	2224	WerFault.exe	Unicorn-50513.exe
4372	3056	WerFault.exe	Unicorn-55988.exe
4536	2592	WerFault.exe	Unicorn-3258.exe
4604	2636	WerFault.exe	Unicorn-50082.exe
4620	1872	WerFault.exe	Unicorn-26008.exe
4652	2308	WerFault.exe	Unicorn-31100.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exeUnicorn-16611.exeUnicorn-40875.exeUnicorn-60741.exeUnicorn-21738.exeUnicorn-5956.exeUnicorn-56548.exeUnicorn-47036.exeUnicorn-9532.exeUnicorn-24477.exeUnicorn-44343.exeUnicorn-17461.exeUnicorn-45495.exeUnicorn-23129.exeUnicorn-3263.exeUnicorn-27213.exeUnicorn-42157.exeUnicorn-57939.exeUnicorn-29242.exeUnicorn-6875.exeUnicorn-21820.exeUnicorn-58022.exeUnicorn-58022.exeUnicorn-7430.exeUnicorn-653.exeUnicorn-15598.exeUnicorn-50409.exeUnicorn-35464.exeUnicorn-22972.exeUnicorn-42838.exeUnicorn-20280.exeUnicorn-35224.exeUnicorn-55090.exeUnicorn-16750.exeUnicorn-14633.exeUnicorn-7020.exeUnicorn-30970.exeUnicorn-4327.exeUnicorn-4327.exeUnicorn-1867.exeUnicorn-21733.exeUnicorn-54275.exeUnicorn-26009.exeUnicorn-60819.exeUnicorn-27632.exeUnicorn-6548.exeUnicorn-18801.exeUnicorn-53611.exeUnicorn-22885.exeUnicorn-19547.exeUnicorn-39413.exeUnicorn-1073.exeUnicorn-35883.exeUnicorn-28915.exeUnicorn-41167.exeUnicorn-25385.exeUnicorn-49335.exeUnicorn-22693.exeUnicorn-53419.exeUnicorn-57695.exeUnicorn-41913.exeUnicorn-61779.exeUnicorn-45998.exeUnicorn-19355.exe

pid	process
2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
2964	Unicorn-16611.exe
2524	Unicorn-40875.exe
2920	Unicorn-60741.exe
2956	Unicorn-21738.exe
2544	Unicorn-5956.exe
2772	Unicorn-56548.exe
1532	Unicorn-47036.exe
2700	Unicorn-9532.exe
2212	Unicorn-24477.exe
1956	Unicorn-44343.exe
1656	Unicorn-17461.exe
1740	Unicorn-45495.exe
1392	Unicorn-23129.exe
2064	Unicorn-3263.exe
2080	Unicorn-27213.exe
324	Unicorn-42157.exe
1668	Unicorn-57939.exe
1960	Unicorn-29242.exe
412	Unicorn-6875.exe
1920	Unicorn-21820.exe
1680	Unicorn-58022.exe
1772	Unicorn-58022.exe
1048	Unicorn-7430.exe
2148	Unicorn-653.exe
2032	Unicorn-15598.exe
1716	Unicorn-50409.exe
1284	Unicorn-35464.exe
888	Unicorn-22972.exe
2512	Unicorn-42838.exe
3068	Unicorn-20280.exe
344	Unicorn-35224.exe
2616	Unicorn-55090.exe
3052	Unicorn-16750.exe
2736	Unicorn-14633.exe
2336	Unicorn-7020.exe
2476	Unicorn-30970.exe
2468	Unicorn-4327.exe
2432	Unicorn-4327.exe
2704	Unicorn-1867.exe
2552	Unicorn-21733.exe
636	Unicorn-54275.exe
1536	Unicorn-26009.exe
2644	Unicorn-60819.exe
1044	Unicorn-27632.exe
2060	Unicorn-6548.exe
2324	Unicorn-18801.exe
680	Unicorn-53611.exe
584	Unicorn-22885.exe
1496	Unicorn-19547.exe
1864	Unicorn-39413.exe
1672	Unicorn-1073.exe
1344	Unicorn-35883.exe
1352	Unicorn-28915.exe
1828	Unicorn-41167.exe
2072	Unicorn-25385.exe
2260	Unicorn-49335.exe
2292	Unicorn-22693.exe
1304	Unicorn-53419.exe
1608	Unicorn-57695.exe
2372	Unicorn-41913.exe
2116	Unicorn-61779.exe
2628	Unicorn-45998.exe
2728	Unicorn-19355.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exeUnicorn-16611.exeUnicorn-40875.exeUnicorn-60741.exeUnicorn-21738.exeUnicorn-5956.exeUnicorn-56548.exeUnicorn-47036.exe

description	pid	process	target process
PID 2268 wrote to memory of 2964	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-16611.exe
PID 2268 wrote to memory of 2964	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-16611.exe
PID 2268 wrote to memory of 2964	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-16611.exe
PID 2268 wrote to memory of 2964	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-16611.exe
PID 2964 wrote to memory of 2920	2964	Unicorn-16611.exe	Unicorn-60741.exe
PID 2964 wrote to memory of 2920	2964	Unicorn-16611.exe	Unicorn-60741.exe
PID 2964 wrote to memory of 2920	2964	Unicorn-16611.exe	Unicorn-60741.exe
PID 2964 wrote to memory of 2920	2964	Unicorn-16611.exe	Unicorn-60741.exe
PID 2268 wrote to memory of 2524	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-40875.exe
PID 2268 wrote to memory of 2524	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-40875.exe
PID 2268 wrote to memory of 2524	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-40875.exe
PID 2268 wrote to memory of 2524	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	Unicorn-40875.exe
PID 2268 wrote to memory of 2804	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	WerFault.exe
PID 2268 wrote to memory of 2804	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	WerFault.exe
PID 2268 wrote to memory of 2804	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	WerFault.exe
PID 2268 wrote to memory of 2804	2268	6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe	WerFault.exe
PID 2524 wrote to memory of 2956	2524	Unicorn-40875.exe	Unicorn-21738.exe
PID 2524 wrote to memory of 2956	2524	Unicorn-40875.exe	Unicorn-21738.exe
PID 2524 wrote to memory of 2956	2524	Unicorn-40875.exe	Unicorn-21738.exe
PID 2524 wrote to memory of 2956	2524	Unicorn-40875.exe	Unicorn-21738.exe
PID 2920 wrote to memory of 2772	2920	Unicorn-60741.exe	Unicorn-56548.exe
PID 2920 wrote to memory of 2772	2920	Unicorn-60741.exe	Unicorn-56548.exe
PID 2920 wrote to memory of 2772	2920	Unicorn-60741.exe	Unicorn-56548.exe
PID 2920 wrote to memory of 2772	2920	Unicorn-60741.exe	Unicorn-56548.exe
PID 2964 wrote to memory of 2544	2964	Unicorn-16611.exe	Unicorn-5956.exe
PID 2964 wrote to memory of 2544	2964	Unicorn-16611.exe	Unicorn-5956.exe
PID 2964 wrote to memory of 2544	2964	Unicorn-16611.exe	Unicorn-5956.exe
PID 2964 wrote to memory of 2544	2964	Unicorn-16611.exe	Unicorn-5956.exe
PID 2964 wrote to memory of 2912	2964	Unicorn-16611.exe	WerFault.exe
PID 2964 wrote to memory of 2912	2964	Unicorn-16611.exe	WerFault.exe
PID 2964 wrote to memory of 2912	2964	Unicorn-16611.exe	WerFault.exe
PID 2964 wrote to memory of 2912	2964	Unicorn-16611.exe	WerFault.exe
PID 2956 wrote to memory of 1708	2956	Unicorn-21738.exe	Unicorn-1364.exe
PID 2956 wrote to memory of 1708	2956	Unicorn-21738.exe	Unicorn-1364.exe
PID 2956 wrote to memory of 1708	2956	Unicorn-21738.exe	Unicorn-1364.exe
PID 2956 wrote to memory of 1708	2956	Unicorn-21738.exe	Unicorn-1364.exe
PID 2524 wrote to memory of 1532	2524	Unicorn-40875.exe	Unicorn-47036.exe
PID 2524 wrote to memory of 1532	2524	Unicorn-40875.exe	Unicorn-47036.exe
PID 2524 wrote to memory of 1532	2524	Unicorn-40875.exe	Unicorn-47036.exe
PID 2524 wrote to memory of 1532	2524	Unicorn-40875.exe	Unicorn-47036.exe
PID 2544 wrote to memory of 2700	2544	Unicorn-5956.exe	Unicorn-9532.exe
PID 2544 wrote to memory of 2700	2544	Unicorn-5956.exe	Unicorn-9532.exe
PID 2544 wrote to memory of 2700	2544	Unicorn-5956.exe	Unicorn-9532.exe
PID 2544 wrote to memory of 2700	2544	Unicorn-5956.exe	Unicorn-9532.exe
PID 2920 wrote to memory of 2212	2920	Unicorn-60741.exe	Unicorn-24477.exe
PID 2920 wrote to memory of 2212	2920	Unicorn-60741.exe	Unicorn-24477.exe
PID 2920 wrote to memory of 2212	2920	Unicorn-60741.exe	Unicorn-24477.exe
PID 2920 wrote to memory of 2212	2920	Unicorn-60741.exe	Unicorn-24477.exe
PID 2772 wrote to memory of 1956	2772	Unicorn-56548.exe	Unicorn-44343.exe
PID 2772 wrote to memory of 1956	2772	Unicorn-56548.exe	Unicorn-44343.exe
PID 2772 wrote to memory of 1956	2772	Unicorn-56548.exe	Unicorn-44343.exe
PID 2772 wrote to memory of 1956	2772	Unicorn-56548.exe	Unicorn-44343.exe
PID 2920 wrote to memory of 1032	2920	Unicorn-60741.exe	WerFault.exe
PID 2920 wrote to memory of 1032	2920	Unicorn-60741.exe	WerFault.exe
PID 2920 wrote to memory of 1032	2920	Unicorn-60741.exe	WerFault.exe
PID 2920 wrote to memory of 1032	2920	Unicorn-60741.exe	WerFault.exe
PID 2956 wrote to memory of 1656	2956	Unicorn-21738.exe	Unicorn-17461.exe
PID 2956 wrote to memory of 1656	2956	Unicorn-21738.exe	Unicorn-17461.exe
PID 2956 wrote to memory of 1656	2956	Unicorn-21738.exe	Unicorn-17461.exe
PID 2956 wrote to memory of 1656	2956	Unicorn-21738.exe	Unicorn-17461.exe
PID 1532 wrote to memory of 1740	1532	Unicorn-47036.exe	Unicorn-45495.exe
PID 1532 wrote to memory of 1740	1532	Unicorn-47036.exe	Unicorn-45495.exe
PID 1532 wrote to memory of 1740	1532	Unicorn-47036.exe	Unicorn-45495.exe
PID 1532 wrote to memory of 1740	1532	Unicorn-47036.exe	Unicorn-45495.exe

C:\Users\Admin\AppData\Local\Temp\6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe
"C:\Users\Admin\AppData\Local\Temp\6ca09a6804bf3499856cabb4d906c89ed6d633b3c80645fd710418b093d4927b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
9⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
10⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
11⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
12⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
13⤵
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
13⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 220
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
11⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-8577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8577.exe
10⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
12⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 220
11⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
9⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
10⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
11⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
12⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
13⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
13⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
12⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
11⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
10⤵
- Program crash
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
9⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
9⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
10⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
11⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
12⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
13⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
13⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
11⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-48323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48323.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
11⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 220
12⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
11⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 220
11⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
9⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
8⤵
- Program crash
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
9⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
11⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
12⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
11⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
10⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
12⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
9⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
8⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
10⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
11⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
12⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
11⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
8⤵
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
7⤵
- Program crash
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
8⤵
- Executes dropped EXE
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
9⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-24271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24271.exe
11⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
12⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
13⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 220
12⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
11⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
10⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
11⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
8⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
11⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
12⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
12⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
9⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
8⤵
- Program crash
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
8⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-22221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22221.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
10⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
11⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
11⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
10⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
11⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 236
11⤵
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
9⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
8⤵
- Program crash
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
7⤵
- Program crash
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
6⤵
- Program crash
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
9⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
10⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
11⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
12⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
13⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
13⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
12⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
11⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
10⤵
- Program crash
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
10⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 220
10⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
11⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 220
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
9⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
- Program crash
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
11⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
12⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
8⤵
- Program crash
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-23050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23050.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
11⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
12⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
11⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
9⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
10⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
11⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 236
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
10⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
8⤵
- Program crash
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
7⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
6⤵
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
8⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
10⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
11⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
12⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
13⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 220
12⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
11⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
11⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
12⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
12⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 220
9⤵
- Program crash
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
11⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 236
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
9⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 240
8⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
7⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
10⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
11⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 236
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
9⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
8⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
7⤵
- Program crash
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
6⤵
- Program crash
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
8⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
10⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 220
11⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
10⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
11⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 220
10⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
8⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
7⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
9⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
10⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
8⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
7⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
9⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
10⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
10⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
8⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
8⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
9⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
9⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
8⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
7⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
5⤵
- Program crash
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
9⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
10⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
11⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
12⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
13⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 220
14⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 220
13⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
12⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
10⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
11⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
12⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 220
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
11⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 220
10⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
12⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
11⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 220
9⤵
- Program crash
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
8⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
9⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
10⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
11⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
12⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 220
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
9⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
8⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
11⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
11⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-5412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5412.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
10⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
8⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
7⤵
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 220
11⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
9⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
10⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
10⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
9⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
7⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
10⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
11⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 236
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 220
10⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
9⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
8⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 220
6⤵
- Program crash
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
7⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
8⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
11⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
12⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
12⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 204
11⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
8⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
7⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
9⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
10⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
10⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
8⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
7⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
6⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
7⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
10⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
11⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
8⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
7⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
6⤵
- Program crash
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
5⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
11⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
12⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 220
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 236
11⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
7⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 204
10⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
- Program crash
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
10⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
11⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
7⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
8⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
9⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 220
9⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
8⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
10⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
8⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
7⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
8⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
9⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 204
9⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 220
8⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 220
7⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
6⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
7⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
8⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
9⤵
PID:1264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
9⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
8⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
7⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
6⤵
- Program crash
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
5⤵
- Program crash
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
4⤵
- Executes dropped EXE
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
8⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
11⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
12⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 236
12⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
11⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
9⤵
- Program crash
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
9⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
10⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
10⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
9⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
7⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
12⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
11⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
11⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
10⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
8⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 220
7⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
7⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
10⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
11⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
7⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
9⤵
PID:8336

C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
10⤵
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 236
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
9⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
8⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
7⤵
- Program crash
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
6⤵
- Program crash
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
7⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
11⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
12⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
12⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
11⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
9⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
10⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
11⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 220
10⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
7⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
10⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
11⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
10⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
8⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
7⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
6⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
7⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
10⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
11⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 236
11⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
10⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
8⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
7⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
8⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
9⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
9⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
8⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
7⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
6⤵
- Program crash
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
5⤵
- Program crash
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
10⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
11⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
12⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
13⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
13⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
12⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
11⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
11⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
12⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
11⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
9⤵
- Program crash
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
12⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
9⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
8⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
7⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
10⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
11⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
10⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
11⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
11⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
10⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
7⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
9⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
10⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 236
10⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
9⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
8⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 240
7⤵
- Program crash
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
6⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
7⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
10⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
11⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
11⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 220
10⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 216
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
7⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
8⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
9⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 220
10⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
9⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 220
8⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
7⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
6⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
7⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
9⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
10⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
10⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 220
9⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
8⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
7⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
6⤵
- Program crash
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
5⤵
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
9⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 188
10⤵
- Program crash
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-43129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43129.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
11⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 220
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
7⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
9⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 212
10⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
8⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
7⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
6⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
10⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
8⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
9⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
10⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 236
10⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
9⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
8⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
6⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
6⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
8⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
9⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
9⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
7⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
6⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
7⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
8⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
8⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
7⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
6⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
5⤵
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
4⤵
- Program crash
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
2⤵
- Program crash
PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe

Filesize
184KB

MD5
2c3955c3fece32c828689304bc1cdbc1

SHA1
8d419e7738a2cf41eadfa502a0654d0c5aca153a

SHA256
6132f01d35226c2b7993cf14fac778a79e843d1b2115d9d10569ba59c4a77952

SHA512
8f04f30ff9d1263d5226c06ab7f30aeefc92612cb4df9ab682d091b63cf303c11eaea79dfbef2d6abd78edaa875d6816f4261ac06731f0cc106a666321eea842

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe

Filesize
184KB

MD5
a89a36e5b1e5411eaff277a4e1ee687d

SHA1
22ee46778da2830dd3bd7462ffb629ea06117d1a

SHA256
36c70701c09b2534be7389ee313982ac05a3530d1561fe8ff6e230a5606179d5

SHA512
4dd89d0653188e42bd12dc728aaa7c045a793778127bb5f0936947a43751ee91d07edcc4ff303355383a26f026ef8eced08edc542476d414561d442a8ed9b3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe

Filesize
184KB

MD5
3d067cece2d1228de904a48414931b0a

SHA1
6c70386be11114598229711415ae3ec0554cc426

SHA256
f6a4b6da18ef79da73b4e1a7f6defa5546686a1a3ac324b6a7bbba6391e88d1e

SHA512
55dec2f3c25968c109f3b0ba1455eae53cd25b42a786430086e79a20184457ca705c0fe2e7f66e4bad3c8f7933dde0da72797fee38b9638838bdd4617124a817

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe

Filesize
184KB

MD5
4c898591b270ef1ff67a9b5262d01d5b

SHA1
55a6989c0c4867d0c314d3d8579e7fa5337709ca

SHA256
405fb100205cee3495e9963fc5c73c2b6f52826055d37818223ba88f7e4342c0

SHA512
ac07299dbf33f68d922ba7f20369f0522f79ce8fd5903a7dda58a7d0ca45d274d98e007204a6bc86be154f2c37252c98c65f08d730c208d4bb06625f95b05e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe

Filesize
184KB

MD5
01adecbcbf9127536e66c32b8034fd60

SHA1
745921639d843bdb623bdb05e25fd89ab3e32e13

SHA256
c32d40bd5d332eb80c880f00a040a99156595ae1c23f743b0c2b1ecf61c9ebed

SHA512
7a94b139910b69caf3e625b85a683fe78bc0b5d8dfe880d53306a009e22bfd623155bede6c103512c889fe2beca54a25574cf5b53d743671a093d2667068904d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe

Filesize
184KB

MD5
9b5091065a2403117fc2b2ef7439e896

SHA1
7b4c56ec8b304b6ea7b50e55c89683f5dac093bb

SHA256
1ada006d5a0db2a72a4fdc6906876ca503c874a163c8b7c3c07998104a60cf38

SHA512
dd2728513cb9b80ea20f351166639c1dc10646b18956180f38aaef34d9e45c6a97bf371fd7a2082c1f76bf8d08576a37dcf6a3514422130c98b5ef400f41f90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe

Filesize
184KB

MD5
06c153ea9f7f1bce2bbdce9a0030f2d1

SHA1
0c6cc9a1e6a28cc17711b170c0f46356167986fd

SHA256
93e049d8d69dd1c50ecb477c708fe4659cf54d3fa25d8b4dc0d3ef691dae3765

SHA512
8a13668c616cea2c6c698e55121d728b9c9bca17f116b2747f7f96fc8c7891d249826b275144cc23ab2592c64170b1ce06b22e3922b0f528c537897de28e1da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe

Filesize
184KB

MD5
8f1ab53e4f449c61d39424e8802a015d

SHA1
6edc24dd0e031dfb0de50dd9b9349309eb20a2e4

SHA256
e919ab720d1b21baa06b4e784e42793c7162d3a2386618a18966209750e3046e

SHA512
2e3c891071f8cce34c5bc794a4f83b8c829749f1e15f7f5ec7897d4efbb530f9441e2810876a431fcd4b2b914cb5441ca27ed97e05aea059da6b86793c56c96d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe

Filesize
184KB

MD5
46482f3294a4ae8c53cf06a5723a80c9

SHA1
a6d478339a1b66ae27d84bb9782ab4f883cb5d9c

SHA256
d43061758fb90a6e842031dcdd047dedc8309682c38db0baad67df84973507fa

SHA512
d3678a6ae7157b81338c10f4a2db1aaa4f946a148bd510b43d06ba096641406ab49fec5931424de8123c852085833b83b27f5699e37917ab6d0ac8d9573eeb43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe

Filesize
184KB

MD5
6ae3e5c736fcf6195cf665a0c1d62e28

SHA1
035d9cc4ba793f0c470a82cba2c5e6730793ddec

SHA256
648ab904a15bb206b5273ce59b0b3bbbe5c956f0b0e77206848f0c8dfb1d979b

SHA512
0262f7697bfd94d7ac848c5a57dfc25be5eca4f4e19166a72823b75c5c20430601eec157b119f6ff85e906e52e8d322ffda3396d1ac802492e9bac3456f3506e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe

Filesize
184KB

MD5
9689296781bda28fac1c9b0392b29038

SHA1
a2245e32170d451aff5feb99ecb325de9c7f5679

SHA256
e78270dc6d5538f54e7dc24b2d64cb33ef42cf4fdc4d26864afae8f9e75194aa

SHA512
fced9229d37a7e9a8da83afa5dced40718f522236275e822f4c6eacc0a9a2b6a3f5a894fef6c31ca08465251f9002eb362fa998637f382db3e7e9bb925391875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe

Filesize
184KB

MD5
655eb4e0e63b79cb0a47f2e644ee4e98

SHA1
65d04e5aea916320f73bc1cf179e1f52b05eed08

SHA256
7a4f7d51702a9e9cef4924cf7c72b3deb56d7f76f41723e2f2b54077e1a43048

SHA512
005c6038de783898e26585f7b476beb5d3846bea481392091b1fd304e2b779dbde74c7b5b8e45f78bf64efbdb109ea36e7b0c3c6af957d9ec1319eda10ec96eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe

Filesize
184KB

MD5
186df9c47962cd1640d0d58389cbe3f4

SHA1
7baed818c0c0859f4df31bc81ccef8f4864a3ad5

SHA256
09686359091450b36d9d627f67e89d8265a56849ae3f505dc343388c4ff061a3

SHA512
914ed8c4e5e1f9712721f9c5476eeb3271b81b4589dab6d163decc665fec331d651c951af80e51e1c346a1ef0b32d2d772a0e6783f8cbf54de9790b7c34fa024

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe

Filesize
184KB

MD5
de1946df350948b70e45f9dd8b1ec6b5

SHA1
3f19666d7942050aaab6e2e8d106ed7dc136fce5

SHA256
b94754cd627eac02776b0821dfd9d488ce250e147cf23f8b902ebf8c369abc59

SHA512
a632758760a953536ae2e9c6b99fe7add5682943464a5ac4a565964fcd9df66a1ce1999270e8d33f53da4f239d2f5344c9bcb64681da4c488648d570cf67cdb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe

Filesize
184KB

MD5
15a7968b9b8d17895d054f31b724e9bd

SHA1
1f6b11ccc311735877b081513d37833f2876d52a

SHA256
f55f45d85ff642cc2075c25337edbc306c827db2ff53d8cbe221c22b95831541

SHA512
648c0928d93c3c633622aa7b28f81ac337865c3aaf6ceee3b9190e2467a885d066b38d85abd505e68a5e2a2a8a295c949bd0084a345902c2a79c6a6985cea878

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe

Filesize
184KB

MD5
ffc1851f67c5ca2dc8b9743670fd3be7

SHA1
61a6490d17eb2d5aa8b7b0cf066b621b57354c57

SHA256
d6cdd37916b879df3e08de2d61f5d4755b8294f2cd7136176e6b8094511d31ae

SHA512
f386271ff6fb5fedf53dc0634d539a3c08819ce8461b062a69ecefd6cc0a5064282aef6df44702b935b28013d8e48b35565ed281a64c2eb09391b73804e88742

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe

Filesize
184KB

MD5
feea3ad2558380abe8d22691f437c562

SHA1
a32b16162a5de01da360390525113d58f3af28f4

SHA256
89b45426f2aae0ebf60a8755ea2b90dcf06d7aed3169349a6d22be23c77e4b5c

SHA512
b32862b6bb1572ec0dae7a8b2fc29412eae8564fccd060fb30a8cbbe783e02a2612366feca19788c9d152b21b76114ffc5664f285d71d518959e4562526af458

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe

Filesize
184KB

MD5
f7ddbef02ceb462f1c65e93cd5d3fcc3

SHA1
22a9f59bb8c4cb70738e2413ceff4ece5e64a4b9

SHA256
3bf120b5f3effdcc5e06aed945b635b601474a3937389a575381c2c6fe0ed8f8

SHA512
6616ffca0bfb0593eb6fad6f17bcb171adc14c71b90d398cd69f3827c817acb973847d346bc97d418a0c1fbe0aa6b644b33109ee174cf894f998d58561256514

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe

Filesize
184KB

MD5
0d53146454fc80021031f6443964fc19

SHA1
8a766d856d714b8a2f2b09b5936798380a9e92c5

SHA256
3d2beb2e5c19816f4d7e36b03d4ad7c3caec960f8093659d32e45e46e184b1a7

SHA512
c90e5a118d90de3df3456180e389b04510901a60df664c8fd02794747907b15da2e712c2dee8bf5249e94f4c26645f1e6e4b8830e5b28177f7c536d1d02fc39a

Download Submit