7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
Size

184KB
MD5

62a30f7abf13b91555337fb61ff8571d
SHA1

2646c44e72b6f2ceff6f4f02106718174f143eaf
SHA256

7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46
SHA512

d2acc7dbab53af435b18524e8f910b27306d02256850ac2be8458299d66b81e465bc5fac1f40858edcbfb9525b7f1762024d37d392801d81e09188f207d52d07
SSDEEP

3072:Zd5NsxoTAJOTdHUWeTDLR/sUhlnViF7n3:ZdWoTJHUpLxsUhlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47492.exeUnicorn-3527.exeUnicorn-14388.exeUnicorn-23899.exeUnicorn-34759.exeUnicorn-19815.exeUnicorn-23982.exeUnicorn-16560.exeUnicorn-1615.exeUnicorn-47287.exeUnicorn-45663.exeUnicorn-25880.exeUnicorn-45746.exeUnicorn-15019.exeUnicorn-38132.exeUnicorn-5289.exeUnicorn-16150.exeUnicorn-1205.exeUnicorn-31932.exeUnicorn-41745.exeUnicorn-34707.exeUnicorn-19763.exeUnicorn-62741.exeUnicorn-8065.exeUnicorn-8065.exeUnicorn-13540.exeUnicorn-44267.exeUnicorn-55128.exeUnicorn-55128.exeUnicorn-40183.exeUnicorn-21901.exeUnicorn-16831.exeUnicorn-9217.exeUnicorn-32098.exeUnicorn-21469.exeUnicorn-53779.exeUnicorn-4578.exeUnicorn-21984.exeUnicorn-63571.exeUnicorn-26068.exeUnicorn-18262.exeUnicorn-18262.exeUnicorn-34044.exeUnicorn-61241.exeUnicorn-15569.exeUnicorn-26430.exeUnicorn-46296.exeUnicorn-541.exeUnicorn-11402.exeUnicorn-51688.exeUnicorn-55964.exeUnicorn-48351.exeUnicorn-2679.exeUnicorn-45658.exeUnicorn-56519.exeUnicorn-53826.exeUnicorn-29876.exeUnicorn-41936.exeUnicorn-7126.exeUnicorn-7126.exeUnicorn-26992.exeUnicorn-57718.exeUnicorn-55772.exeUnicorn-33214.exe

pid	process
2120	Unicorn-47492.exe
3060	Unicorn-3527.exe
2664	Unicorn-14388.exe
2640	Unicorn-23899.exe
2872	Unicorn-34759.exe
2740	Unicorn-19815.exe
1856	Unicorn-23982.exe
2856	Unicorn-16560.exe
3016	Unicorn-1615.exe
2300	Unicorn-47287.exe
1944	Unicorn-45663.exe
304	Unicorn-25880.exe
1732	Unicorn-45746.exe
2312	Unicorn-15019.exe
1436	Unicorn-38132.exe
2368	Unicorn-5289.exe
536	Unicorn-16150.exe
576	Unicorn-1205.exe
984	Unicorn-31932.exe
2440	Unicorn-41745.exe
2360	Unicorn-34707.exe
396	Unicorn-19763.exe
2028	Unicorn-62741.exe
888	Unicorn-8065.exe
2240	Unicorn-8065.exe
2000	Unicorn-13540.exe
2484	Unicorn-44267.exe
2480	Unicorn-55128.exe
2348	Unicorn-55128.exe
1164	Unicorn-40183.exe
2216	Unicorn-21901.exe
1720	Unicorn-16831.exe
2948	Unicorn-9217.exe
2732	Unicorn-32098.exe
2112	Unicorn-21469.exe
2836	Unicorn-53779.exe
2800	Unicorn-4578.exe
2536	Unicorn-21984.exe
2576	Unicorn-63571.exe
824	Unicorn-26068.exe
2788	Unicorn-18262.exe
2336	Unicorn-18262.exe
2860	Unicorn-34044.exe
2276	Unicorn-61241.exe
1832	Unicorn-15569.exe
2500	Unicorn-26430.exe
1040	Unicorn-46296.exe
2096	Unicorn-541.exe
2244	Unicorn-11402.exe
484	Unicorn-51688.exe
1488	Unicorn-55964.exe
908	Unicorn-48351.exe
1692	Unicorn-2679.exe
2012	Unicorn-45658.exe
940	Unicorn-56519.exe
1992	Unicorn-53826.exe
1556	Unicorn-29876.exe
804	Unicorn-41936.exe
1744	Unicorn-7126.exe
1504	Unicorn-7126.exe
876	Unicorn-26992.exe
2228	Unicorn-57718.exe
2616	Unicorn-55772.exe
2792	Unicorn-33214.exe

Loads dropped DLL 64 IoCs

Processes:

7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exeUnicorn-47492.exeUnicorn-14388.exeUnicorn-3527.exeWerFault.exeUnicorn-23899.exeUnicorn-19815.exeUnicorn-34759.exeWerFault.exeWerFault.exeUnicorn-23982.exeUnicorn-1615.exeUnicorn-45663.exeUnicorn-47287.exeUnicorn-16560.exeWerFault.exeWerFault.exeUnicorn-45746.exe

pid	process
2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
2120	Unicorn-47492.exe
2120	Unicorn-47492.exe
2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
2664	Unicorn-14388.exe
2664	Unicorn-14388.exe
2120	Unicorn-47492.exe
3060	Unicorn-3527.exe
2120	Unicorn-47492.exe
3060	Unicorn-3527.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2640	Unicorn-23899.exe
2640	Unicorn-23899.exe
2664	Unicorn-14388.exe
2664	Unicorn-14388.exe
2740	Unicorn-19815.exe
2740	Unicorn-19815.exe
3060	Unicorn-3527.exe
3060	Unicorn-3527.exe
2872	Unicorn-34759.exe
2872	Unicorn-34759.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1124	WerFault.exe
1952	WerFault.exe
1856	Unicorn-23982.exe
2640	Unicorn-23899.exe
1856	Unicorn-23982.exe
2640	Unicorn-23899.exe
3016	Unicorn-1615.exe
3016	Unicorn-1615.exe
2740	Unicorn-19815.exe
2740	Unicorn-19815.exe
1944	Unicorn-45663.exe
1944	Unicorn-45663.exe
2872	Unicorn-34759.exe
2872	Unicorn-34759.exe
2300	Unicorn-47287.exe
2300	Unicorn-47287.exe
2856	Unicorn-16560.exe
2856	Unicorn-16560.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1732	Unicorn-45746.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2900	2116	WerFault.exe	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
2984	2120	WerFault.exe	Unicorn-47492.exe
1124	2664	WerFault.exe	Unicorn-14388.exe
1952	3060	WerFault.exe	Unicorn-3527.exe
2292	2740	WerFault.exe	Unicorn-19815.exe
1816	2872	WerFault.exe	Unicorn-34759.exe
840	1856	WerFault.exe	Unicorn-23982.exe
1764	3016	WerFault.exe	Unicorn-1615.exe
1600	1944	WerFault.exe	Unicorn-45663.exe
3048	2856	WerFault.exe	Unicorn-16560.exe
1640	2360	WerFault.exe	Unicorn-34707.exe
2712	1732	WerFault.exe	Unicorn-45746.exe
1796	304	WerFault.exe	Unicorn-25880.exe
2060	2312	WerFault.exe	Unicorn-15019.exe
2080	2368	WerFault.exe	Unicorn-5289.exe
2452	984	WerFault.exe	Unicorn-31932.exe
1684	1436	WerFault.exe	Unicorn-38132.exe
340	536	WerFault.exe	Unicorn-16150.exe
1768	2440	WerFault.exe	Unicorn-41745.exe
2920	396	WerFault.exe	Unicorn-19763.exe
2916	2096	WerFault.exe	Unicorn-541.exe
2196	2240	WerFault.exe	Unicorn-8065.exe
1136	888	WerFault.exe	Unicorn-8065.exe
468	2028	WerFault.exe	Unicorn-62741.exe
904	2480	WerFault.exe	Unicorn-55128.exe
2236	1164	WerFault.exe	Unicorn-40183.exe
896	2000	WerFault.exe	Unicorn-13540.exe
1704	2484	WerFault.exe	Unicorn-44267.exe
868	2348	WerFault.exe	Unicorn-55128.exe
1968	2216	WerFault.exe	Unicorn-21901.exe
2812	1720	WerFault.exe	Unicorn-16831.exe
1672	2732	WerFault.exe	Unicorn-32098.exe
2736	2576	WerFault.exe	Unicorn-63571.exe
2996	2112	WerFault.exe	Unicorn-21469.exe
2572	2336	WerFault.exe	Unicorn-18262.exe
1484	1832	WerFault.exe	Unicorn-15569.exe
2404	2276	WerFault.exe	Unicorn-61241.exe
2824	824	WerFault.exe	Unicorn-26068.exe
2948	2800	WerFault.exe	Unicorn-4578.exe
3100	2500	WerFault.exe	Unicorn-26430.exe
3128	2536	WerFault.exe	Unicorn-21984.exe
3144	2788	WerFault.exe	Unicorn-18262.exe
3228	1040	WerFault.exe	Unicorn-46296.exe
3380	2860	WerFault.exe	Unicorn-34044.exe
3868	2244	WerFault.exe	Unicorn-11402.exe
3188	484	WerFault.exe	Unicorn-51688.exe
3208	1744	WerFault.exe	Unicorn-7126.exe
3372	1488	WerFault.exe	Unicorn-55964.exe
3652	2596	WerFault.exe	Unicorn-64495.exe
3684	2436	WerFault.exe	Unicorn-49550.exe
3732	2696	WerFault.exe	Unicorn-6571.exe
3932	2816	WerFault.exe	Unicorn-10655.exe
4092	2180	WerFault.exe	Unicorn-44075.exe
3756	1792	WerFault.exe	Unicorn-7702.exe
3700	2580	WerFault.exe	Unicorn-56431.exe
3632	1692	WerFault.exe	Unicorn-2679.exe
3440	2780	WerFault.exe	Unicorn-20229.exe
4084	1804	WerFault.exe	Unicorn-42512.exe
4144	1276	WerFault.exe	Unicorn-62845.exe
4204	1956	WerFault.exe	Unicorn-7038.exe
4216	2376	WerFault.exe	Unicorn-2954.exe
4248	2748	WerFault.exe	Unicorn-816.exe
4280	1508	WerFault.exe	Unicorn-8169.exe
4296	2772	WerFault.exe	Unicorn-30727.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exeUnicorn-47492.exeUnicorn-3527.exeUnicorn-14388.exeUnicorn-23899.exeUnicorn-34759.exeUnicorn-19815.exeUnicorn-23982.exeUnicorn-1615.exeUnicorn-47287.exeUnicorn-16560.exeUnicorn-45663.exeUnicorn-25880.exeUnicorn-45746.exeUnicorn-15019.exeUnicorn-38132.exeUnicorn-5289.exeUnicorn-31932.exeUnicorn-16150.exeUnicorn-41745.exeUnicorn-34707.exeUnicorn-19763.exeUnicorn-62741.exeUnicorn-8065.exeUnicorn-8065.exeUnicorn-13540.exeUnicorn-44267.exeUnicorn-40183.exeUnicorn-55128.exeUnicorn-55128.exeUnicorn-21901.exeUnicorn-16831.exeUnicorn-9217.exeUnicorn-32098.exeUnicorn-21469.exeUnicorn-53779.exeUnicorn-4578.exeUnicorn-21984.exeUnicorn-63571.exeUnicorn-26068.exeUnicorn-18262.exeUnicorn-18262.exeUnicorn-26430.exeUnicorn-61241.exeUnicorn-34044.exeUnicorn-15569.exeUnicorn-46296.exeUnicorn-541.exeUnicorn-11402.exeUnicorn-51688.exeUnicorn-55964.exeUnicorn-48351.exeUnicorn-2679.exeUnicorn-45658.exeUnicorn-56519.exeUnicorn-53826.exeUnicorn-29876.exeUnicorn-41936.exeUnicorn-7126.exeUnicorn-26992.exeUnicorn-7126.exeUnicorn-57718.exeUnicorn-55772.exeUnicorn-33214.exe

pid	process
2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
2120	Unicorn-47492.exe
3060	Unicorn-3527.exe
2664	Unicorn-14388.exe
2640	Unicorn-23899.exe
2872	Unicorn-34759.exe
2740	Unicorn-19815.exe
1856	Unicorn-23982.exe
3016	Unicorn-1615.exe
2300	Unicorn-47287.exe
2856	Unicorn-16560.exe
1944	Unicorn-45663.exe
304	Unicorn-25880.exe
1732	Unicorn-45746.exe
2312	Unicorn-15019.exe
1436	Unicorn-38132.exe
2368	Unicorn-5289.exe
984	Unicorn-31932.exe
536	Unicorn-16150.exe
2440	Unicorn-41745.exe
2360	Unicorn-34707.exe
396	Unicorn-19763.exe
2028	Unicorn-62741.exe
2240	Unicorn-8065.exe
888	Unicorn-8065.exe
2000	Unicorn-13540.exe
2484	Unicorn-44267.exe
1164	Unicorn-40183.exe
2480	Unicorn-55128.exe
2348	Unicorn-55128.exe
2216	Unicorn-21901.exe
1720	Unicorn-16831.exe
2948	Unicorn-9217.exe
2732	Unicorn-32098.exe
2112	Unicorn-21469.exe
2836	Unicorn-53779.exe
2800	Unicorn-4578.exe
2536	Unicorn-21984.exe
2576	Unicorn-63571.exe
824	Unicorn-26068.exe
2788	Unicorn-18262.exe
2336	Unicorn-18262.exe
2500	Unicorn-26430.exe
2276	Unicorn-61241.exe
2860	Unicorn-34044.exe
1832	Unicorn-15569.exe
1040	Unicorn-46296.exe
2096	Unicorn-541.exe
2244	Unicorn-11402.exe
484	Unicorn-51688.exe
1488	Unicorn-55964.exe
908	Unicorn-48351.exe
1692	Unicorn-2679.exe
2012	Unicorn-45658.exe
940	Unicorn-56519.exe
1992	Unicorn-53826.exe
1556	Unicorn-29876.exe
804	Unicorn-41936.exe
1744	Unicorn-7126.exe
876	Unicorn-26992.exe
1504	Unicorn-7126.exe
2228	Unicorn-57718.exe
2616	Unicorn-55772.exe
2792	Unicorn-33214.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exeUnicorn-47492.exeUnicorn-14388.exeUnicorn-3527.exeUnicorn-23899.exeUnicorn-19815.exeUnicorn-34759.exeUnicorn-23982.exe

description	pid	process	target process
PID 2116 wrote to memory of 2120	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-47492.exe
PID 2116 wrote to memory of 2120	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-47492.exe
PID 2116 wrote to memory of 2120	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-47492.exe
PID 2116 wrote to memory of 2120	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-47492.exe
PID 2120 wrote to memory of 3060	2120	Unicorn-47492.exe	Unicorn-3527.exe
PID 2120 wrote to memory of 3060	2120	Unicorn-47492.exe	Unicorn-3527.exe
PID 2120 wrote to memory of 3060	2120	Unicorn-47492.exe	Unicorn-3527.exe
PID 2120 wrote to memory of 3060	2120	Unicorn-47492.exe	Unicorn-3527.exe
PID 2116 wrote to memory of 2664	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-14388.exe
PID 2116 wrote to memory of 2664	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-14388.exe
PID 2116 wrote to memory of 2664	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-14388.exe
PID 2116 wrote to memory of 2664	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	Unicorn-14388.exe
PID 2116 wrote to memory of 2900	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	WerFault.exe
PID 2116 wrote to memory of 2900	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	WerFault.exe
PID 2116 wrote to memory of 2900	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	WerFault.exe
PID 2116 wrote to memory of 2900	2116	7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe	WerFault.exe
PID 2664 wrote to memory of 2640	2664	Unicorn-14388.exe	Unicorn-23899.exe
PID 2664 wrote to memory of 2640	2664	Unicorn-14388.exe	Unicorn-23899.exe
PID 2664 wrote to memory of 2640	2664	Unicorn-14388.exe	Unicorn-23899.exe
PID 2664 wrote to memory of 2640	2664	Unicorn-14388.exe	Unicorn-23899.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-47492.exe	Unicorn-34759.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-47492.exe	Unicorn-34759.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-47492.exe	Unicorn-34759.exe
PID 2120 wrote to memory of 2872	2120	Unicorn-47492.exe	Unicorn-34759.exe
PID 3060 wrote to memory of 2740	3060	Unicorn-3527.exe	Unicorn-19815.exe
PID 3060 wrote to memory of 2740	3060	Unicorn-3527.exe	Unicorn-19815.exe
PID 3060 wrote to memory of 2740	3060	Unicorn-3527.exe	Unicorn-19815.exe
PID 3060 wrote to memory of 2740	3060	Unicorn-3527.exe	Unicorn-19815.exe
PID 2120 wrote to memory of 2984	2120	Unicorn-47492.exe	WerFault.exe
PID 2120 wrote to memory of 2984	2120	Unicorn-47492.exe	WerFault.exe
PID 2120 wrote to memory of 2984	2120	Unicorn-47492.exe	WerFault.exe
PID 2120 wrote to memory of 2984	2120	Unicorn-47492.exe	WerFault.exe
PID 2640 wrote to memory of 1856	2640	Unicorn-23899.exe	Unicorn-23982.exe
PID 2640 wrote to memory of 1856	2640	Unicorn-23899.exe	Unicorn-23982.exe
PID 2640 wrote to memory of 1856	2640	Unicorn-23899.exe	Unicorn-23982.exe
PID 2640 wrote to memory of 1856	2640	Unicorn-23899.exe	Unicorn-23982.exe
PID 2664 wrote to memory of 2856	2664	Unicorn-14388.exe	Unicorn-16560.exe
PID 2664 wrote to memory of 2856	2664	Unicorn-14388.exe	Unicorn-16560.exe
PID 2664 wrote to memory of 2856	2664	Unicorn-14388.exe	Unicorn-16560.exe
PID 2664 wrote to memory of 2856	2664	Unicorn-14388.exe	Unicorn-16560.exe
PID 2740 wrote to memory of 3016	2740	Unicorn-19815.exe	Unicorn-1615.exe
PID 2740 wrote to memory of 3016	2740	Unicorn-19815.exe	Unicorn-1615.exe
PID 2740 wrote to memory of 3016	2740	Unicorn-19815.exe	Unicorn-1615.exe
PID 2740 wrote to memory of 3016	2740	Unicorn-19815.exe	Unicorn-1615.exe
PID 3060 wrote to memory of 2300	3060	Unicorn-3527.exe	Unicorn-47287.exe
PID 3060 wrote to memory of 2300	3060	Unicorn-3527.exe	Unicorn-47287.exe
PID 3060 wrote to memory of 2300	3060	Unicorn-3527.exe	Unicorn-47287.exe
PID 3060 wrote to memory of 2300	3060	Unicorn-3527.exe	Unicorn-47287.exe
PID 2872 wrote to memory of 1944	2872	Unicorn-34759.exe	Unicorn-45663.exe
PID 2872 wrote to memory of 1944	2872	Unicorn-34759.exe	Unicorn-45663.exe
PID 2872 wrote to memory of 1944	2872	Unicorn-34759.exe	Unicorn-45663.exe
PID 2872 wrote to memory of 1944	2872	Unicorn-34759.exe	Unicorn-45663.exe
PID 2664 wrote to memory of 1124	2664	Unicorn-14388.exe	WerFault.exe
PID 2664 wrote to memory of 1124	2664	Unicorn-14388.exe	WerFault.exe
PID 2664 wrote to memory of 1124	2664	Unicorn-14388.exe	WerFault.exe
PID 2664 wrote to memory of 1124	2664	Unicorn-14388.exe	WerFault.exe
PID 3060 wrote to memory of 1952	3060	Unicorn-3527.exe	WerFault.exe
PID 3060 wrote to memory of 1952	3060	Unicorn-3527.exe	WerFault.exe
PID 3060 wrote to memory of 1952	3060	Unicorn-3527.exe	WerFault.exe
PID 3060 wrote to memory of 1952	3060	Unicorn-3527.exe	WerFault.exe
PID 1856 wrote to memory of 1732	1856	Unicorn-23982.exe	Unicorn-45746.exe
PID 1856 wrote to memory of 1732	1856	Unicorn-23982.exe	Unicorn-45746.exe
PID 1856 wrote to memory of 1732	1856	Unicorn-23982.exe	Unicorn-45746.exe
PID 1856 wrote to memory of 1732	1856	Unicorn-23982.exe	Unicorn-45746.exe

C:\Users\Admin\AppData\Local\Temp\7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe
"C:\Users\Admin\AppData\Local\Temp\7fe570a12fcdaacf6e91a401e6dbab28138237fd6b89abfb7dfe69fcad496f46.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
10⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
11⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
12⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
13⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
14⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
14⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
13⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
11⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
10⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
11⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
12⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
13⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
13⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
12⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 220
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
9⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
10⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
11⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
12⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
13⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
13⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
12⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
10⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
9⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
9⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
10⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
11⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
12⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
13⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
14⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 236
14⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
13⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
12⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
11⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
12⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
13⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 240
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
10⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
11⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
12⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
13⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
13⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
12⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
11⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
10⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-39384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39384.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
11⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
12⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
13⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
13⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
12⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
11⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
10⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
9⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
8⤵
- Program crash
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
9⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
10⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
11⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
12⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
13⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 236
13⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
11⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
10⤵
- Program crash
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
11⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 220
12⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
11⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
8⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
8⤵
- Program crash
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
9⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
11⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
12⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-42841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42841.exe
13⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 236
13⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
12⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
11⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
12⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
8⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
9⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
11⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
10⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
9⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
8⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
8⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
11⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 220
12⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
10⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
8⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
7⤵
- Program crash
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
6⤵
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
9⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
11⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
12⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
13⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
13⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
12⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
11⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
11⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
12⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
12⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
11⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 204
12⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
9⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
8⤵
- Program crash
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
7⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
8⤵
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
8⤵
- Program crash
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 220
7⤵
- Program crash
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
8⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 204
12⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
11⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
9⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
7⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
10⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
11⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
11⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
8⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
7⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
6⤵
- Program crash
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
5⤵
- Executes dropped EXE
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
8⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
11⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-37416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37416.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
10⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
11⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
11⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
8⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
7⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
8⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
7⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-24418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24418.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-31206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31206.exe
10⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
11⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
8⤵
- Program crash
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
7⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
9⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
10⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
9⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
8⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
7⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
6⤵
- Program crash
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
8⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
11⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
12⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 220
12⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
10⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-56369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56369.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 220
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
10⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
8⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
7⤵
- Program crash
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
7⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
8⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
11⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
9⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
8⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
7⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
10⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
11⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
11⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
10⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
8⤵
- Program crash
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
7⤵
- Program crash
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-41936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41936.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
7⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 220
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
7⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
8⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
9⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 212
10⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
9⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
8⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
7⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
6⤵
- Program crash
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
5⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
8⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-46976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46976.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
11⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
9⤵
- Program crash
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
10⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
11⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
11⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
10⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 220
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
7⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
10⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
11⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
11⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
8⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
7⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
6⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
7⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
11⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 236
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
9⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 216
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
7⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
9⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
10⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
10⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
8⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
7⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
6⤵
- Program crash
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
6⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
7⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
10⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
11⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 236
10⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
9⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
8⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
7⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
6⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
7⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
9⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
10⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 204
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 220
9⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 220
8⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
7⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
6⤵
- Program crash
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
5⤵
- Program crash
PID:340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-16831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16831.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
9⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
8⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
9⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
10⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 220
11⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
10⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
11⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
12⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
11⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 220
8⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
9⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
10⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
11⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
12⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
13⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
12⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
11⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
11⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
11⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
8⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16821.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
11⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
12⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 236
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
11⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
9⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
8⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
8⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
10⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
11⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
12⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
13⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
12⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
11⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
11⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
12⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 240
10⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
11⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
12⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
11⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
12⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 220
11⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 240
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
8⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
10⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
11⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
12⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
12⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
11⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
10⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
11⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
11⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
9⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
- Program crash
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
6⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
6⤵
- Program crash
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
5⤵
- Program crash
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:396

C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
10⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
11⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
12⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
13⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
13⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
11⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
10⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 200
11⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 240
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
10⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
9⤵
- Program crash
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
10⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
11⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 236
11⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
9⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
8⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
7⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-24418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24418.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
10⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
11⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
11⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
8⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
7⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
10⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
8⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
9⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
10⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 220
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 220
9⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
8⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
7⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
6⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
7⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
10⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
11⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
10⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
9⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
10⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
10⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
9⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
8⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
7⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
6⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
7⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
8⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
9⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
10⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
10⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
9⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
8⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
7⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
6⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
5⤵
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 220
11⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
10⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 240
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
8⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
10⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
11⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 236
11⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
8⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
7⤵
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
6⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
7⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
9⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 220
10⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
9⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
10⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
10⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
9⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 240
8⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
7⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
6⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
6⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
7⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
10⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
11⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 236
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
8⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
9⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
10⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
9⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
8⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
7⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
6⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
8⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
9⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
10⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 236
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
9⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
8⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
7⤵
- Program crash
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
6⤵
- Program crash
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
5⤵
- Program crash
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
6⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
7⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
10⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
11⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
10⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 236
8⤵
- Program crash
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
7⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
8⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
9⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
10⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
10⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
9⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
8⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
7⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
6⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
8⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
9⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
10⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
9⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
8⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 216
7⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
6⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
5⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
6⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
6⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
7⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
8⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
9⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 236
9⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
8⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
7⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 220
6⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
5⤵
- Program crash
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
4⤵
- Program crash
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
2⤵
- Program crash
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe

Filesize
184KB

MD5
b575cc0e1073bebf6e14a7e4ba5703b5

SHA1
28debb2c77f0385f1caa02d5e6e0a98548c6101a

SHA256
3d49f087522b2da442240eae0de992f3b33f199cd3123ea4dcae55d3902a7259

SHA512
27851807c5d6c0a7036cb127bfa790ba0040d1d8cb62e262abe47a96047b1ee469bd9efaedf66d8c24823acf6b935a2444b6f413ea3d682b8db962e2429f1831

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe

Filesize
184KB

MD5
6b054ee1a1fc172e86dd0bdfd9fd40d8

SHA1
11586ebf9d3295f47091cbcff04c811e680ef55f

SHA256
f4fb014b2f6aaedd24c45eff0f169acb6f5a22804f7bd6aa08aa6a526c44d3c3

SHA512
ca90d8df991dc9e19289545079b487f8734d266f51faa6b2fd03b05bf29b8e0822138bf2be50e19c768557a9f988d225f692e87596096a5d7edabbf2d7b70b74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe

Filesize
184KB

MD5
b8f0d8dcddc5d875c97ca87195e4a16a

SHA1
600b8f3db9a3f5b8fe15b2a6a7c8d2b245053847

SHA256
5847955182642efd3a9f0f61912ebb3b219423c0376b69e24320bbd884b339b6

SHA512
bc719f638d87ec9ae76867625054ab6fc335788224d98092c3c95254a5366dcddb8682be4a5e87c9a2c86b4675e3994d76ca130e6db02bf0d8934e8bdaa663cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe

Filesize
184KB

MD5
b1daeaadad421ea8552fe2c3423b0f3f

SHA1
07946faa0ac7d38d1fd1076635a964677bb15e45

SHA256
ed9d3f038e74a85d0a3a7cf4747c5d7a2181f356dddb035cdb71d80f22376ed6

SHA512
94d163e02ae27ab464b1bd23dd7d86ad650a5e3c3ae89ce763b442c4b61d1c913c43abcb0424941bed0b001870de739decd1ddd1b605d056cc189f49a805616c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe

Filesize
184KB

MD5
a95558bcf950f7a0d69979068210f00d

SHA1
0b74d1b1a178c5396c7e8e043dabc844485d1f4c

SHA256
5ed93b1f9976f4d2c3fd57c8b3fe0163cf579b38dbeb8d804ae9814bbb520153

SHA512
305bbfce41206aaf392a8ac0bcee0d51ddf80cafdfd4c450c7a89886b71d6322883657097368f758dc0b5b0336c888f5d43f57017349b5168d3abe1d65e4d78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe

Filesize
184KB

MD5
aefb2da9c79bea671690eb4956a55b46

SHA1
f02927408ca3361dc0b00a65ccb73613080aa922

SHA256
5f982e492f191094a5baf2e7395e4a42744983ccdb2eae8eeeb6ae363d1acf80

SHA512
f47edfe6ee448f792033a46409a981badf0b488fc5d3b3b2d6b664d24c4d1801f422eaf9889f7a03a884995426cd6da78524ef1d3d0b0c0ade725cc7bcb7d5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe

Filesize
184KB

MD5
699901d49901a035b94620ef8cb42cb5

SHA1
1b460e876442f32f0fa3578dcef5329d253c93e0

SHA256
dee9a4a6dcb2ddbb5b567e512983dec7e7554531bcb5c66e56a4590919264b9f

SHA512
afa6db8afd69d552e184faebe0a6bf437589d0b63f05b71f05a18a95b5282c940472ec1a91192efd75ab680bee58b876fbad2d9a3d4be619fac88bf18670ecec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe

Filesize
184KB

MD5
5f03ea1921d70db3d89f6e3e7ee8ef6f

SHA1
6aad83799d7683bf355e2e6d896b084f9d915643

SHA256
3e3ffa0747c0b5d0bd0f8b8d6cb572d3a7062614344d2539813cfe0138f92d4a

SHA512
427f6aae4ab046a46b911189f6337e766b295b39dba3d62086c9cc8fd7383bbe81336b0ebadd0c5fa7445b1adb28c95ed14cee9ca8d3325bbc305c711f753145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe

Filesize
184KB

MD5
01a898276197958b2a196cfaef3aaa4d

SHA1
96affc1ee463c142047c85c600b95ad70ffaa42f

SHA256
a35db133d95220b8c75f08322266a0393b604b5c55c4cceda0ee92d998c38a60

SHA512
e9c4f37bf4c5b8ea02ad449c65353ee6a018fd7cb4f95fbe8b82c376b206f392ab0a4c2740b5424125a6cdb999b78357f01f9929aaba42d06c21da39346000c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe

Filesize
184KB

MD5
4bca5fef96c5df048767d4e1c6420043

SHA1
0f10cdf8e4acc2c9f3f7ad58694e23138b48fe9a

SHA256
cb380dd5c3bfb6d0ebd6df8ac2d2eb480a6efc88251ef4ce64afc110eb4779c7

SHA512
7d88bc7ad5263a6d9f64ccfcc4db16d93c5797da504c5da76403f62b4cad110924569fe40d6bfd02757f1d8d1a3b3b08b7b75eeb6f1c9fed0ffa12203239d37f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe

Filesize
184KB

MD5
f7c53b252d937d8da9a291a137c334d7

SHA1
9594bc8dca404a46a344316a1fd7c44d32098e97

SHA256
b82a07f2c6ff318e0278f5d985e9b80cbdcab383e7c3af96555724488fbee3db

SHA512
b6c68d960e51a2e187df4d80e0df15d0073986c2d35aa8df9e6788367308652b5f9d6dd13f159b92b27e8c9bfd86c8afe8a6579ae7bb1e66f9aaa8d06dc0e082

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe

Filesize
184KB

MD5
71350ac9dfd9747f7ef2dfca32c311f1

SHA1
ceeb285ff4d365cea2e06fa2d3331391f0d3ba9f

SHA256
74db1b6a3f2c3cffa303d6a895cf4d438554b905a0310060f16411586267d0f8

SHA512
f8d1a27691385b09950facc48e6f91f22bbf5b993856ebf995004a8bf839dbf02c2cf1159b6ede46011bfbd9031b31f8c8a5bfa8e46eb8ed7d66e12da4380822

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe

Filesize
184KB

MD5
b2d633d5434a07ad4c0d81f6fc5c00d6

SHA1
6e7dda1f2faa3a11d7f6e35bf4bd1ae953eb5b08

SHA256
5e34a967945530068a0c95463c8d9204cbca4f4caec5ef048f727601c18b65ea

SHA512
6acdc3bcdb2055384c86655fc2c8a24f5a1acff3a61ecf153f1795c0b5cf662a7a682c9b883938b6d5389339b5edd197e856c9c020d195496e221bc2146b39f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe

Filesize
184KB

MD5
b0d0235bd06677bef1aa1236263ba09c

SHA1
2d02a3852563784258ca7393d1340b55e6b0008f

SHA256
dd8fe15eedd72c2729155fae347b063664471a1a36fd67b80e82d4f61e9104d8

SHA512
41afdb5d2237780d380e29f280a4157e8f4032bb5c75fa0e44302970f11cf7877dd3aeb0ed483a328a878ba60c7496d95eb9526f9f553c0cfb1edb1a4879b220

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe

Filesize
184KB

MD5
d2db8da5cf05a30fbfd12384acc9136e

SHA1
c42fe0a63d1c8a3eae7fd56df2ff7623f39edd9c

SHA256
7941454e90e326fe1bc9975acd8bb23fdf73a54c3c1e4675d89720a6805fa6ae

SHA512
0b01b6d6bcb7b12f3ba96cfad3593817032addf9247bd3999130450b9be90218d4a4469b864e6aceb658d61aa0d09d4937d952f8e9eefeffd9940606a50b1eb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe

Filesize
184KB

MD5
7a5af7d408e70cbdfe1732a8ed91c8bc

SHA1
7b70b14bb3ab6c45b65d90a4b86f6395fb687810

SHA256
c59c845be550a8147308760ea4cbdd1602559378345397bb55dafb8e363476b3

SHA512
b7b9b4f0e4ec575eab2dd67c949fb657093aee7a05fc6dccce2798858eb65aaa1b6955ed97f2cf537c9c9caab3d6abc5df86cd75cbac7fb6d1c053afa842f6d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe

Filesize
184KB

MD5
95cbc8f06c214926ebbdf752db7dde7d

SHA1
9c16a2690da35b8f338591b0919b782ca6683e2e

SHA256
867211e7366e365cfac93107769047d28d38296031f5b11df1dd4e9bad6470eb

SHA512
b5bbf6b97bd4bb51d304f9f90dd0ca2a24eea4762dda9db237a48556d905f45823546b69771d5fc59131e8e35a5afdfe61d39f3235cdb233ce56f16d1b8ad6d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe

Filesize
184KB

MD5
df51fc223000376a11e5cce4a75b4e06

SHA1
7ef4e314e033e53ccfc14444162291a61ed30e2c

SHA256
3e70cf6c7027f9498091cdc4a890daf2f63ffbd4bd5ca019bff263e606be6266

SHA512
85201b7f304c45c8687e1f235d3167cff6fcf95db67af69b59972922767a20c81063a7d5c1c709c560744100807649da34898e1c25d6193a770fa45b0bfa96fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe

Filesize
184KB

MD5
686250dc7ffd592ad49f3a7277462061

SHA1
d1d5e3fe2bc24fad649551b1ddbd7bb6c5bb1e76

SHA256
0ede9eeeeadd27857c9b8d3ee8f843f695492964afac68ff427c4dc9b58faf77

SHA512
c08b1e1396ffb8798abea11ac25a305d8e853e3bb71d5075340dc4383643194928b672e9f38694d406ff627c8a24bb1d1be7e0fa98f64bf2e8325a193b1f6e3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe

Filesize
184KB

MD5
a56d9825a57d077205a0ed5e54d19b00

SHA1
67e442432290f021009749d274c63d77baf2bf54

SHA256
b8682be6bfe61baa285fbbfcec142d5b3be91fbe866666d05ef4951a9cc255df

SHA512
7db4fcf0f3f6c446f40c365262efae15536a0af5e00ad7c560589604922a79ac086c989195c8fbe62b404410ca2dbbb4f02c8cf327ca172dfb0643f610e7a0eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe

Filesize
184KB

MD5
1dd7208b007b669bbd284b5edee9ce9a

SHA1
7cccdf34d553612fe3f80c927ef798f19bfc9a9f

SHA256
abd896f8ef6a0c0b6d03ca367900d05110b134c53b5ab0e0f91a1851ba7dcceb

SHA512
ad2a0c4697ea2dd91be5ce9d7bbbf211d508ea304e98d8b7edf86d5f84e054d80725655279126983c0940d77247726cfcfada8038c91e5653d3d1652cff6f068

Download Submit