926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
Size

184KB
MD5

acb53790f6c04c49c4b1808fdbab3d82
SHA1

a597d99de63d476c1c899c239a0c19c8c16eaf54
SHA256

926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a
SHA512

9090bf4bb3610d4d41fbdb345f180647b127f5d84cd301ff1b46f369bf41433a18569adb4428e95c66a95b18588d5184d1648f978c0a6c7031e70af02c64633b
SSDEEP

3072:V6KnS6olpie/dVjY4pTK95HVIKtnIxfKI+yaH5S2lvihlzVOFQ:V6OoTlVj3KLHVIwn0jhlzVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-3949.exeUnicorn-49221.exeUnicorn-3549.exeUnicorn-63172.exeUnicorn-45855.exeUnicorn-183.exeUnicorn-38931.exeUnicorn-58797.exeUnicorn-9513.exeUnicorn-42003.exeUnicorn-61869.exeUnicorn-58690.exeUnicorn-56370.exeUnicorn-30953.exeUnicorn-4715.exeUnicorn-61923.exeUnicorn-25036.exeUnicorn-18731.exeUnicorn-65342.exeUnicorn-54823.exeUnicorn-7872.exeUnicorn-23358.exeUnicorn-31395.exeUnicorn-56616.exeUnicorn-26430.exeUnicorn-2968.exeUnicorn-35771.exeUnicorn-62885.exeUnicorn-51256.exeUnicorn-30151.exeUnicorn-51608.exeUnicorn-248.exeUnicorn-33051.exeUnicorn-4628.exeUnicorn-16191.exeUnicorn-61862.exeUnicorn-18739.exeUnicorn-45853.exeUnicorn-3253.exeUnicorn-31152.exeUnicorn-45329.exeUnicorn-44089.exeUnicorn-34224.exeUnicorn-37623.exeUnicorn-2729.exeUnicorn-51800.exeUnicorn-51800.exeUnicorn-1748.exeUnicorn-21614.exeUnicorn-55502.exeUnicorn-23991.exeUnicorn-58574.exeUnicorn-3146.exeUnicorn-51890.exeUnicorn-64999.exeUnicorn-59332.exeUnicorn-55783.exeUnicorn-24289.exeUnicorn-58331.exeUnicorn-52171.exeUnicorn-58855.exeUnicorn-60863.exeUnicorn-7495.exeUnicorn-7516.exe

pid	process
2372	Unicorn-3949.exe
1880	Unicorn-49221.exe
1580	Unicorn-3549.exe
2188	Unicorn-63172.exe
2596	Unicorn-45855.exe
2612	Unicorn-183.exe
2808	Unicorn-38931.exe
2792	Unicorn-58797.exe
2948	Unicorn-9513.exe
1904	Unicorn-42003.exe
2352	Unicorn-61869.exe
1160	Unicorn-58690.exe
1556	Unicorn-56370.exe
1288	Unicorn-30953.exe
3008	Unicorn-4715.exe
2060	Unicorn-61923.exe
544	Unicorn-25036.exe
720	Unicorn-18731.exe
2528	Unicorn-65342.exe
1232	Unicorn-54823.exe
1388	Unicorn-7872.exe
1608	Unicorn-23358.exe
352	Unicorn-31395.exe
1960	Unicorn-56616.exe
1520	Unicorn-26430.exe
1736	Unicorn-2968.exe
988	Unicorn-35771.exe
2104	Unicorn-62885.exe
2244	Unicorn-51256.exe
316	Unicorn-30151.exe
2024	Unicorn-51608.exe
3060	Unicorn-248.exe
2700	Unicorn-33051.exe
2732	Unicorn-4628.exe
1668	Unicorn-16191.exe
2576	Unicorn-61862.exe
2320	Unicorn-18739.exe
1708	Unicorn-45853.exe
2892	Unicorn-3253.exe
2964	Unicorn-31152.exe
2972	Unicorn-45329.exe
1516	Unicorn-44089.exe
1920	Unicorn-34224.exe
1052	Unicorn-37623.exe
2616	Unicorn-2729.exe
804	Unicorn-51800.exe
800	Unicorn-51800.exe
2156	Unicorn-1748.exe
1376	Unicorn-21614.exe
2436	Unicorn-55502.exe
2412	Unicorn-23991.exe
1660	Unicorn-58574.exe
1976	Unicorn-3146.exe
1632	Unicorn-51890.exe
2096	Unicorn-64999.exe
3040	Unicorn-59332.exe
1684	Unicorn-55783.exe
1944	Unicorn-24289.exe
2740	Unicorn-58331.exe
2684	Unicorn-52171.exe
2264	Unicorn-58855.exe
2600	Unicorn-60863.exe
1700	Unicorn-7495.exe
2924	Unicorn-7516.exe

Loads dropped DLL 64 IoCs

Processes:

926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exeUnicorn-3949.exeUnicorn-49221.exeUnicorn-3549.exeWerFault.exeUnicorn-63172.exeUnicorn-45855.exeUnicorn-183.exeWerFault.exeWerFault.exeUnicorn-58797.exeUnicorn-38931.exeUnicorn-42003.exeUnicorn-9513.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
2372	Unicorn-3949.exe
1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
2372	Unicorn-3949.exe
1880	Unicorn-49221.exe
1880	Unicorn-49221.exe
2372	Unicorn-3949.exe
2372	Unicorn-3949.exe
1580	Unicorn-3549.exe
1580	Unicorn-3549.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2188	Unicorn-63172.exe
1880	Unicorn-49221.exe
1880	Unicorn-49221.exe
2188	Unicorn-63172.exe
2596	Unicorn-45855.exe
2596	Unicorn-45855.exe
1580	Unicorn-3549.exe
1580	Unicorn-3549.exe
2612	Unicorn-183.exe
2612	Unicorn-183.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
1800	WerFault.exe
2624	WerFault.exe
2792	Unicorn-58797.exe
2792	Unicorn-58797.exe
2188	Unicorn-63172.exe
2188	Unicorn-63172.exe
2808	Unicorn-38931.exe
2808	Unicorn-38931.exe
1904	Unicorn-42003.exe
1904	Unicorn-42003.exe
2948	Unicorn-9513.exe
2948	Unicorn-9513.exe
2596	Unicorn-45855.exe
2596	Unicorn-45855.exe
2612	Unicorn-183.exe
2612	Unicorn-183.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1256	1672	WerFault.exe	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
2604	2372	WerFault.exe	Unicorn-3949.exe
1800	1880	WerFault.exe	Unicorn-49221.exe
2624	1580	WerFault.exe	Unicorn-3549.exe
1500	2188	WerFault.exe	Unicorn-63172.exe
852	2596	WerFault.exe	Unicorn-45855.exe
3020	2612	WerFault.exe	Unicorn-183.exe
2180	2792	WerFault.exe	Unicorn-58797.exe
1208	2808	WerFault.exe	Unicorn-38931.exe
2844	1904	WerFault.exe	Unicorn-42003.exe
2888	2948	WerFault.exe	Unicorn-9513.exe
2992	2352	WerFault.exe	Unicorn-61869.exe
2132	1160	WerFault.exe	Unicorn-58690.exe
484	1556	WerFault.exe	Unicorn-56370.exe
1488	1288	WerFault.exe	Unicorn-30953.exe
1384	3008	WerFault.exe	Unicorn-4715.exe
844	2060	WerFault.exe	Unicorn-61923.exe
1956	544	WerFault.exe	Unicorn-25036.exe
1984	720	WerFault.exe	Unicorn-18731.exe
2016	2096	WerFault.exe	Unicorn-64999.exe
832	2528	WerFault.exe	Unicorn-65342.exe
2252	1232	WerFault.exe	Unicorn-54823.exe
608	1388	WerFault.exe	Unicorn-7872.exe
2224	352	WerFault.exe	Unicorn-31395.exe
2292	1608	WerFault.exe	Unicorn-23358.exe
2680	1960	WerFault.exe	Unicorn-56616.exe
2696	1520	WerFault.exe	Unicorn-26430.exe
2588	1736	WerFault.exe	Unicorn-2968.exe
2812	988	WerFault.exe	Unicorn-35771.exe
2944	2244	WerFault.exe	Unicorn-51256.exe
1900	316	WerFault.exe	Unicorn-30151.exe
1076	2104	WerFault.exe	Unicorn-62885.exe
1664	468	WerFault.exe	Unicorn-355.exe
3164	2024	WerFault.exe	Unicorn-51608.exe
3192	3060	WerFault.exe	Unicorn-248.exe
3248	2700	WerFault.exe	Unicorn-33051.exe
3412	2732	WerFault.exe	Unicorn-4628.exe
3428	2576	WerFault.exe	Unicorn-61862.exe
3436	2964	WerFault.exe	Unicorn-31152.exe
3524	2616	WerFault.exe	Unicorn-2729.exe
3624	1376	WerFault.exe	Unicorn-21614.exe
1612	2972	WerFault.exe	Unicorn-45329.exe
3096	2892	WerFault.exe	Unicorn-3253.exe
3112	804	WerFault.exe	Unicorn-51800.exe
3140	1920	WerFault.exe	Unicorn-34224.exe
3172	1052	WerFault.exe	Unicorn-37623.exe
3204	2412	WerFault.exe	Unicorn-23991.exe
3268	2156	WerFault.exe	Unicorn-1748.exe
3320	2320	WerFault.exe	Unicorn-18739.exe
3540	1708	WerFault.exe	Unicorn-45853.exe
3680	1516	WerFault.exe	Unicorn-44089.exe
3796	800	WerFault.exe	Unicorn-51800.exe
4044	2912	WerFault.exe	Unicorn-55243.exe
4052	2600	WerFault.exe	Unicorn-60863.exe
4076	3036	WerFault.exe	Unicorn-49639.exe
1196	1892	WerFault.exe	Unicorn-49639.exe
3128	2740	WerFault.exe	Unicorn-58331.exe
3348	1048	WerFault.exe	Unicorn-23765.exe
3500	1700	WerFault.exe	Unicorn-7495.exe
3516	2264	WerFault.exe	Unicorn-58855.exe
3504	2828	WerFault.exe	Unicorn-32321.exe
3576	2332	WerFault.exe	Unicorn-40542.exe
3736	3000	WerFault.exe	Unicorn-40542.exe
3756	2924	WerFault.exe	Unicorn-7516.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exeUnicorn-3949.exeUnicorn-49221.exeUnicorn-3549.exeUnicorn-63172.exeUnicorn-45855.exeUnicorn-183.exeUnicorn-58797.exeUnicorn-38931.exeUnicorn-9513.exeUnicorn-61869.exeUnicorn-42003.exeUnicorn-58690.exeUnicorn-56370.exeUnicorn-30953.exeUnicorn-4715.exeUnicorn-61923.exeUnicorn-25036.exeUnicorn-18731.exeUnicorn-65342.exeUnicorn-54823.exeUnicorn-7872.exeUnicorn-23358.exeUnicorn-31395.exeUnicorn-56616.exeUnicorn-26430.exeUnicorn-2968.exeUnicorn-35771.exeUnicorn-30151.exeUnicorn-51256.exeUnicorn-62885.exeUnicorn-51608.exeUnicorn-248.exeUnicorn-33051.exeUnicorn-4628.exeUnicorn-16191.exeUnicorn-61862.exeUnicorn-45853.exeUnicorn-18739.exeUnicorn-3253.exeUnicorn-31152.exeUnicorn-45329.exeUnicorn-44089.exeUnicorn-37623.exeUnicorn-51800.exeUnicorn-21614.exeUnicorn-1748.exeUnicorn-2729.exeUnicorn-34224.exeUnicorn-51800.exeUnicorn-55502.exeUnicorn-23991.exeUnicorn-58574.exeUnicorn-3146.exeUnicorn-51890.exeUnicorn-64999.exeUnicorn-55783.exeUnicorn-24289.exeUnicorn-58331.exeUnicorn-52171.exeUnicorn-58855.exeUnicorn-60863.exeUnicorn-7495.exeUnicorn-7516.exe

pid	process
1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
2372	Unicorn-3949.exe
1880	Unicorn-49221.exe
1580	Unicorn-3549.exe
2188	Unicorn-63172.exe
2596	Unicorn-45855.exe
2612	Unicorn-183.exe
2792	Unicorn-58797.exe
2808	Unicorn-38931.exe
2948	Unicorn-9513.exe
2352	Unicorn-61869.exe
1904	Unicorn-42003.exe
1160	Unicorn-58690.exe
1556	Unicorn-56370.exe
1288	Unicorn-30953.exe
3008	Unicorn-4715.exe
2060	Unicorn-61923.exe
544	Unicorn-25036.exe
720	Unicorn-18731.exe
2528	Unicorn-65342.exe
1232	Unicorn-54823.exe
1388	Unicorn-7872.exe
1608	Unicorn-23358.exe
352	Unicorn-31395.exe
1960	Unicorn-56616.exe
1520	Unicorn-26430.exe
1736	Unicorn-2968.exe
988	Unicorn-35771.exe
316	Unicorn-30151.exe
2244	Unicorn-51256.exe
2104	Unicorn-62885.exe
2024	Unicorn-51608.exe
3060	Unicorn-248.exe
2700	Unicorn-33051.exe
2732	Unicorn-4628.exe
1668	Unicorn-16191.exe
2576	Unicorn-61862.exe
1708	Unicorn-45853.exe
2320	Unicorn-18739.exe
2892	Unicorn-3253.exe
2964	Unicorn-31152.exe
2972	Unicorn-45329.exe
1516	Unicorn-44089.exe
1052	Unicorn-37623.exe
804	Unicorn-51800.exe
1376	Unicorn-21614.exe
2156	Unicorn-1748.exe
2616	Unicorn-2729.exe
1920	Unicorn-34224.exe
800	Unicorn-51800.exe
2436	Unicorn-55502.exe
2412	Unicorn-23991.exe
1660	Unicorn-58574.exe
1976	Unicorn-3146.exe
1632	Unicorn-51890.exe
2096	Unicorn-64999.exe
1684	Unicorn-55783.exe
1944	Unicorn-24289.exe
2740	Unicorn-58331.exe
2684	Unicorn-52171.exe
2264	Unicorn-58855.exe
2600	Unicorn-60863.exe
1700	Unicorn-7495.exe
2924	Unicorn-7516.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exeUnicorn-3949.exeUnicorn-49221.exeUnicorn-3549.exeUnicorn-63172.exeUnicorn-45855.exeUnicorn-183.exeUnicorn-58797.exe

description	pid	process	target process
PID 1672 wrote to memory of 2372	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-3949.exe
PID 1672 wrote to memory of 2372	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-3949.exe
PID 1672 wrote to memory of 2372	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-3949.exe
PID 1672 wrote to memory of 2372	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-3949.exe
PID 1672 wrote to memory of 1880	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-49221.exe
PID 1672 wrote to memory of 1880	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-49221.exe
PID 1672 wrote to memory of 1880	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-49221.exe
PID 1672 wrote to memory of 1880	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	Unicorn-49221.exe
PID 2372 wrote to memory of 1580	2372	Unicorn-3949.exe	Unicorn-3549.exe
PID 2372 wrote to memory of 1580	2372	Unicorn-3949.exe	Unicorn-3549.exe
PID 2372 wrote to memory of 1580	2372	Unicorn-3949.exe	Unicorn-3549.exe
PID 2372 wrote to memory of 1580	2372	Unicorn-3949.exe	Unicorn-3549.exe
PID 1672 wrote to memory of 1256	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	WerFault.exe
PID 1672 wrote to memory of 1256	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	WerFault.exe
PID 1672 wrote to memory of 1256	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	WerFault.exe
PID 1672 wrote to memory of 1256	1672	926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe	WerFault.exe
PID 1880 wrote to memory of 2188	1880	Unicorn-49221.exe	Unicorn-63172.exe
PID 1880 wrote to memory of 2188	1880	Unicorn-49221.exe	Unicorn-63172.exe
PID 1880 wrote to memory of 2188	1880	Unicorn-49221.exe	Unicorn-63172.exe
PID 1880 wrote to memory of 2188	1880	Unicorn-49221.exe	Unicorn-63172.exe
PID 2372 wrote to memory of 2596	2372	Unicorn-3949.exe	Unicorn-45855.exe
PID 2372 wrote to memory of 2596	2372	Unicorn-3949.exe	Unicorn-45855.exe
PID 2372 wrote to memory of 2596	2372	Unicorn-3949.exe	Unicorn-45855.exe
PID 2372 wrote to memory of 2596	2372	Unicorn-3949.exe	Unicorn-45855.exe
PID 1580 wrote to memory of 2612	1580	Unicorn-3549.exe	Unicorn-183.exe
PID 1580 wrote to memory of 2612	1580	Unicorn-3549.exe	Unicorn-183.exe
PID 1580 wrote to memory of 2612	1580	Unicorn-3549.exe	Unicorn-183.exe
PID 1580 wrote to memory of 2612	1580	Unicorn-3549.exe	Unicorn-183.exe
PID 2372 wrote to memory of 2604	2372	Unicorn-3949.exe	WerFault.exe
PID 2372 wrote to memory of 2604	2372	Unicorn-3949.exe	WerFault.exe
PID 2372 wrote to memory of 2604	2372	Unicorn-3949.exe	WerFault.exe
PID 2372 wrote to memory of 2604	2372	Unicorn-3949.exe	WerFault.exe
PID 1880 wrote to memory of 2808	1880	Unicorn-49221.exe	Unicorn-38931.exe
PID 1880 wrote to memory of 2808	1880	Unicorn-49221.exe	Unicorn-38931.exe
PID 2188 wrote to memory of 2792	2188	Unicorn-63172.exe	Unicorn-58797.exe
PID 1880 wrote to memory of 2808	1880	Unicorn-49221.exe	Unicorn-38931.exe
PID 1880 wrote to memory of 2808	1880	Unicorn-49221.exe	Unicorn-38931.exe
PID 2188 wrote to memory of 2792	2188	Unicorn-63172.exe	Unicorn-58797.exe
PID 2188 wrote to memory of 2792	2188	Unicorn-63172.exe	Unicorn-58797.exe
PID 2188 wrote to memory of 2792	2188	Unicorn-63172.exe	Unicorn-58797.exe
PID 2596 wrote to memory of 2948	2596	Unicorn-45855.exe	Unicorn-9513.exe
PID 2596 wrote to memory of 2948	2596	Unicorn-45855.exe	Unicorn-9513.exe
PID 2596 wrote to memory of 2948	2596	Unicorn-45855.exe	Unicorn-9513.exe
PID 2596 wrote to memory of 2948	2596	Unicorn-45855.exe	Unicorn-9513.exe
PID 1580 wrote to memory of 1904	1580	Unicorn-3549.exe	Unicorn-42003.exe
PID 1580 wrote to memory of 1904	1580	Unicorn-3549.exe	Unicorn-42003.exe
PID 1580 wrote to memory of 1904	1580	Unicorn-3549.exe	Unicorn-42003.exe
PID 1580 wrote to memory of 1904	1580	Unicorn-3549.exe	Unicorn-42003.exe
PID 2612 wrote to memory of 2352	2612	Unicorn-183.exe	Unicorn-61869.exe
PID 2612 wrote to memory of 2352	2612	Unicorn-183.exe	Unicorn-61869.exe
PID 2612 wrote to memory of 2352	2612	Unicorn-183.exe	Unicorn-61869.exe
PID 2612 wrote to memory of 2352	2612	Unicorn-183.exe	Unicorn-61869.exe
PID 1880 wrote to memory of 1800	1880	Unicorn-49221.exe	WerFault.exe
PID 1880 wrote to memory of 1800	1880	Unicorn-49221.exe	WerFault.exe
PID 1880 wrote to memory of 1800	1880	Unicorn-49221.exe	WerFault.exe
PID 1880 wrote to memory of 1800	1880	Unicorn-49221.exe	WerFault.exe
PID 1580 wrote to memory of 2624	1580	Unicorn-3549.exe	WerFault.exe
PID 1580 wrote to memory of 2624	1580	Unicorn-3549.exe	WerFault.exe
PID 1580 wrote to memory of 2624	1580	Unicorn-3549.exe	WerFault.exe
PID 1580 wrote to memory of 2624	1580	Unicorn-3549.exe	WerFault.exe
PID 2792 wrote to memory of 1160	2792	Unicorn-58797.exe	Unicorn-58690.exe
PID 2792 wrote to memory of 1160	2792	Unicorn-58797.exe	Unicorn-58690.exe
PID 2792 wrote to memory of 1160	2792	Unicorn-58797.exe	Unicorn-58690.exe
PID 2792 wrote to memory of 1160	2792	Unicorn-58797.exe	Unicorn-58690.exe

C:\Users\Admin\AppData\Local\Temp\926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe
"C:\Users\Admin\AppData\Local\Temp\926a01829df11b700914eadec0e8245f12c7e95672a1bc3effa972a28e82cf5a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
11⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
12⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
13⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
12⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
9⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
11⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
12⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
13⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
12⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
9⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
8⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
12⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
13⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
13⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 220
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
9⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
8⤵
- Program crash
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
6⤵
- Program crash
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:720

C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
8⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
11⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
12⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
13⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
12⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
9⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 216
8⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
10⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 220
11⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
10⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
8⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
7⤵
- Program crash
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
7⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
11⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
12⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
13⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 236
13⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
8⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
7⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
8⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
10⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
11⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
12⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 236
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
9⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
8⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
7⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 240
6⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-31152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31152.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
10⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
12⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
13⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 236
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
9⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
8⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
8⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
12⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
13⤵
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 216
13⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
11⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
8⤵
- Program crash
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
7⤵
- Program crash
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
7⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
11⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
12⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
10⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
9⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
7⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-22677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22677.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
11⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
12⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 236
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
8⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 220
7⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
6⤵
- Program crash
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
10⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
12⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
10⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
9⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
9⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
10⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
12⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 236
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
10⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
9⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
8⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
7⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
6⤵
- Program crash
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
5⤵
- Program crash
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37623.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
8⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
9⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
11⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-53339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53339.exe
12⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
13⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-1213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1213.exe
14⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 236
14⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
13⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 216
10⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
9⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
8⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
12⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 188
13⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
9⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
8⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
7⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
10⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
11⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
12⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
13⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
12⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
10⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
9⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
8⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
7⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
7⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
8⤵
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
10⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
11⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
12⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
12⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
11⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
9⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
8⤵
- Program crash
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
7⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
9⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
11⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
12⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
11⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
10⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 216
8⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 220
7⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
6⤵
- Program crash
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
7⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-35243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35243.exe
10⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
11⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
12⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 236
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
10⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 216
7⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
6⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
7⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
10⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
11⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 236
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 240
9⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
7⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
9⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
10⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
11⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
10⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
9⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
8⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
6⤵
- Program crash
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
5⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
7⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
11⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
12⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 236
13⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
9⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
8⤵
- Program crash
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
10⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
11⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 220
12⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 220
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
8⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
7⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
6⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
7⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
10⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
11⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 236
12⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
11⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
8⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
8⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
9⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
10⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
11⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 220
10⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
9⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
8⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
7⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
6⤵
- Program crash
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
6⤵
PID:468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
7⤵
- Program crash
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
6⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
7⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
8⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
9⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
10⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
10⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
11⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 216
11⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 212
10⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
9⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
8⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
7⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
6⤵
- Program crash
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
5⤵
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
9⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
11⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
12⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
13⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
14⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
11⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
11⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
12⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
13⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
13⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 236
12⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
8⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
10⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
11⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
12⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-2558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2558.exe
13⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
14⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
14⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
13⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
12⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
11⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
8⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-812.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
11⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
12⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
13⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
14⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
14⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
13⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
12⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
11⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
12⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
13⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
13⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
9⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
8⤵
- Program crash
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
7⤵
- Program crash
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
8⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
10⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
11⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
12⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
13⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 220
12⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55975.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
11⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
12⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-17831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17831.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
11⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
12⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
8⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
7⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
6⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-54823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54823.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
8⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
12⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
13⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
12⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
11⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
10⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
11⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 220
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
10⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
8⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
7⤵
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
10⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-62635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62635.exe
11⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
10⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
8⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
11⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
12⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
11⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
7⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
9⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
10⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
11⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
10⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
9⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 220
8⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
7⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
6⤵
- Program crash
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
5⤵
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
11⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
12⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-4357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4357.exe
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
13⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
12⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 236
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
10⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
11⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
10⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
7⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
10⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
11⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
12⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
11⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
10⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
8⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
7⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
7⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
10⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
11⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
10⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
8⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
8⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
9⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
10⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
11⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
11⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 220
10⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
9⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
8⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
7⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
6⤵
- Program crash
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
7⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 220
12⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
11⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
10⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
8⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
7⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
10⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
11⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
10⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
9⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
8⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
7⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
6⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
8⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
9⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
10⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
11⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
10⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
9⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
8⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
7⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
6⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
5⤵
- Program crash
PID:484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
8⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
11⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
12⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
13⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 220
12⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
11⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
10⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 216
9⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
7⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
10⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
11⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
12⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 236
12⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
11⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
9⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
8⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
7⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
7⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
11⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 220
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 220
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 216
8⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
7⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
6⤵
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
6⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
7⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
10⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
11⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 188
12⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
8⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
7⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
6⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
7⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
8⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
9⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
10⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 236
11⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
10⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
9⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
8⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
7⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
6⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
5⤵
- Program crash
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 188
7⤵
- Program crash
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
6⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
5⤵
- Executes dropped EXE
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
6⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
9⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
10⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
11⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
11⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
10⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
9⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
8⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
7⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
6⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
7⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
8⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
9⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
10⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
10⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
9⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
8⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
7⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
6⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
5⤵
- Program crash
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
4⤵
- Program crash
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
2⤵
- Program crash
PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe

Filesize
184KB

MD5
3048a13df43fcaeb9b2146e580e1862a

SHA1
018b51d9b00604f0e82c177fcfb30931c4946df3

SHA256
94500f5e5296be3643cfe24d5366db6e9c77e029a2faaae403502645968430a8

SHA512
5400b43fbb5c0242fa217f1b03fc13fabb0774362862c42b6ff2137b5ab3a8117cb6e8d5e54c70a850c9ffda1e699cf47d3bcad14a1a96643cda1d6d83b97026

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe

Filesize
184KB

MD5
9f109ff681bdd64766141aad848e1ff9

SHA1
6e3fa63be0e3eb11002833d09cb08f6dd52f01bc

SHA256
67d351e5bdc02052a862c41e90ef7ea97751bbcb8cbbcdbdbb764936522fc700

SHA512
bbaba4a6bf824cc8749277e55ee7917307a9f74db77ab023e8acce1a90896b468fc0e03dbfa0bd39dfb9a86994371d7132017de7739ae058541ca93c2b72bbb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe

Filesize
184KB

MD5
fb379704b7ac8d4d2a40aa94a9595969

SHA1
14850d2b98de0515105336c626166f1bc161a779

SHA256
d125e96aefc94e92855dcf53afa59209b7109994e3f0fd5ed4b645849a8ee661

SHA512
0e4b972eabc6b5780d93f806f06d68c0b0ffdf851b467c83de6b5a4764a844675a06f36cc9f85e3d091b7949d98938d880a43bbcace4eeeb6a22cff7356cee3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe

Filesize
184KB

MD5
8005b333f79bf6697622215607a75935

SHA1
eae965ea3291a6ab61229240c04b96eeb67f2a88

SHA256
ab8d65a31496d964a45a6f88c6413302dc3aa87fc76e100ed4aaf4caafb58de9

SHA512
9824db454db935c31cd6f3e36d4dbc244c31315b31c08b65681f1cf92370965b63c785155933db5ffb8672eb3e10e561aa0c55c3156f8cfa365a33d31c3e8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe

Filesize
184KB

MD5
4189b4e597aed12ff555d5df9b8be908

SHA1
d2d4be16f30137f9ccd32fb540ed6bf7ca2fff40

SHA256
aae2d5754e315aa22905dd96577f91b96b0c02e9d6b288da42f3195e2153abbf

SHA512
df0f1763e8910acbab13a610a5097455fd420bd6599b445ebf73214138602fa5a87ff3eaf352f47002685ee004c894920dda9f105bb828f1b6e0d7652d0619e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe

Filesize
184KB

MD5
dddf7e0ee33a5f82c350d1089d3f2dd3

SHA1
4d00e57a9f399659043bed1a6caba29d1ded53ba

SHA256
b553429439388dabda239c000e697bc6e192f4771ba976a3b77ff65747f3028c

SHA512
21fa2305c753c4afdf6cc78a7902bc934d4d68ebdf8749b5da637ba140a666f7a3bc0bffec2343771e37ac3e13617465b2b013654f05209c1ade3715a8f98277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe

Filesize
184KB

MD5
e7b0424649390faee2d85c40dbad0bf6

SHA1
d024220dfa21e061633f5c658c7bcaea51a0a6bc

SHA256
b413004d6b9865656f3d6ab65fc2620a9867abfd7b9f9d02ecb084ef9a76a2d0

SHA512
1a20853988938b3f3718c2cade521b25ab10e40220dccdce32cfcb0cd61cbfde78542f87b1f67995582d06d25d7b6bff6aaa8e243456c431fec923dc7994dcae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe

Filesize
184KB

MD5
7ccc94baad5b32ee13319e73b09be41c

SHA1
61f85e4972e91f88ad0dba35b987b3282897ef6c

SHA256
122e2925919e088e94bc2204bbfb8945bb22eabea11289166593524103e671a6

SHA512
da1cb898af79406c55ba2749a2ef9cd65cb86151da39188031aeda004b187d8255afbaf1420e89e74fac61543f150ca1653e5ff2d6cc5036ca87db18763bf374

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe

Filesize
184KB

MD5
bacbebbc9834b3ba29700331e8582642

SHA1
eec367e26c8857fc3f027652a1b273324e295930

SHA256
88d6c271f86e2086468bc44d9692f8745c9be5cb01a45eb92de614efdc3d8c81

SHA512
4b0687fe8fdc792e572cf921005c7228d3e3a8826fb86016becaada4a9f12c05cf5aa74fda26fc537ca8c7f87810259ffe132d876866218dc2b898ccd772a7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe

Filesize
184KB

MD5
d0597322189a3dc83ffb6464ccbf9a13

SHA1
38655ccbf7d1ce0d6669adc39d34ab7215957f2c

SHA256
6d0a638ab9a5ebe49cca78c2b6479759373a3705f840635f981e3d427ce7034c

SHA512
3ada8488c065179e457bd2c891e280e0c20bd57d3a7e81e2a1356db67fe7afc6c2b303050f39b5f9c28261696b8d027c2e1aeac5bacb6081ac9da57c3de90e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe

Filesize
184KB

MD5
72940e46cd58b61d8e3ebad843681a1d

SHA1
f1121b5cc523b384cdae528c8d2befd13842112f

SHA256
b0a81e7653c3a745ec160909353e187d4fdd8512072aaad2dfd802aec76bb9c0

SHA512
aef1acc2edf6aaba816cc30898e785aefdf66a722433ef311adbdfe423af39e545740d3b086cce8eff47a4794bf24b3003373149c15a0bfc9fd80675b4efaee6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-183.exe

Filesize
184KB

MD5
9db4c879cb8cef3fde32e5ed1dd14ea3

SHA1
e1127ae730ca9a0d34b4e3eee2ffdcd25d6496d6

SHA256
a43de21562872387e06d7ffb76ca9571a56b72b6e9effe555d6fc0fac8795cce

SHA512
a1d44b9fb7fb839b3a7642467bdc2ecbd8b223302219e00a16e214cf3fd822cb74f36c4a20a4c22949e47ab5b29fdaf11ff53789c0a531621ce73369ef8f0da2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe

Filesize
184KB

MD5
925f939babcf049adf9bbae09d143f70

SHA1
a75b7e271be06fc702aeb469be00c6ba5cbe449e

SHA256
93c3b1a5de923f89e3b9231384fdf4d6c2f1c05a2887cdd8c735378994af695b

SHA512
7a2c783283b215f459ae97681e73ae82e50df17b364d0602f37fdfcccbdeb373dee6d5adbf7dfba96c7b23774ee401c389b6377bafec2a566ca12de57f6b1c57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe

Filesize
184KB

MD5
fa2c6176742bad0ecd32e6b7fbaca4bc

SHA1
1f0599c88d3fc275d22aba8d62a143e9c559384e

SHA256
941313ae8587c9b67656486803f66e4fe85e8f2353e762207d4d53628447149c

SHA512
4189a1d7a7c741ae96864ad31f3db0b699eb2945b15e2e3ea45ef83bcb2be1dafba757b407d9140f86c7ba44a930e21fb1f6619133d0f1daea78c4f94277c709

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe

Filesize
184KB

MD5
6d3028806d9ac4c661ffbbfa57b90a7c

SHA1
fd74ab195bf36d0fc84f2128d16265037940c34d

SHA256
539768a7f58a900cbfa8fc1d53038bb5b91c97072f1f2b7eb690093c88765c89

SHA512
26d524d6756627870d913de8fe148a72280aab3931d0e3a0be15ff6a2edab134f1a512b8ca24a3c4cf0f515a18b309138a28d82cd0580a47128623c7ad564aed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe

Filesize
184KB

MD5
c78d079ea47dad0510f035abcee739fa

SHA1
95f92ab7c68643542628aaf1f0db34b928e62364

SHA256
8259073a380cc227387f432fa8a2209c54ab743486b0bdae357691f8cc3c4c0d

SHA512
313ac2f8caaa791b0d73826593153617c549badf7dc5b6647bb781e155c3e00bc164e497749caf02eddd47e8c8941a3efe7dbb26bca5d362c0d581a372c47015

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe

Filesize
184KB

MD5
9042eb68a6856e7c1fbb00f7f727b524

SHA1
ae1347c819d15cf48c514061f055fafebe0d28e5

SHA256
f3405d2429734865a58d5b05fc64141f9dfae2dc3c77f6a9e97c4db609020ee1

SHA512
b59dd7b6e59be3ec97ebcb7743bea33bf83958af2e7cfa7658866c95882af54e57dfddd7b82e8281f2dad88fa78769f0eca38fafcd9e7c344563620683b79602

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe

Filesize
184KB

MD5
cadbf73fb172b3b7ca05cb2db5a40403

SHA1
4d93d7e3244eea3adc53e1912f8d6d231c36ac96

SHA256
1dc40342591577b91ca3dbd1f17bd190fbbc5b9878d9133649a900da237dceb6

SHA512
bd5eb515eb49c5b0e1d669b4cb36252ce51ff7661458e93c2997b41524f5f5bc2f26aacf39fd1ae5ab699937351630751e381f342e65a8f05e17c6d5ba19a5f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe

Filesize
184KB

MD5
f3ed833f297262dbd5b8b7d23294d363

SHA1
97037831c6d80a9500fdd4b6505bd14e54605932

SHA256
ef9eaadb5e9b75e915c7e3f71012da97e1d8536e56d9ac9dde8849f3ed8c3ad5

SHA512
aa293d36cb8adede99ac02486a5da3ccac8595a2cf97ff3b10ce641bde59f90e9d80819dec8e77eac59eac9322abda4d079ceb019971d4851b901b7306f55738

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe

Filesize
184KB

MD5
29a5a6fd5d6a9fb98a3cbfc57b496264

SHA1
9ae9aca6c562f3472d2498708a45ce3fe23f0096

SHA256
9daeb85b8f5f0e744263d1ea85b098ee72fd3c469bed4c917f91da4783dcf1e7

SHA512
6a1c8c08b1d944e2a90ad1e05eb15017a60f16df71b1f7dc53bdd1813d8a52fbf0c0202bff11b7d705fd9659383f770044473e0b911a12ac2ad189660309257e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe

Filesize
184KB

MD5
9aea58b56ebd4950731778ac97330c2b

SHA1
441d1630d7eb16259a8972e03692fcb7daa92ae5

SHA256
a91c7233f118d4f88594f730172ef2abddd6c0933ea37392c05db0118deb4d3d

SHA512
f8e04f25339d99bcf554e23a75d438dce7de776378697b143e37b5353b80ee22bf657564037f7efd0e1f2984370aeaccf4a2a5c34aa14c2c98f0345d61d01de0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe

Filesize
184KB

MD5
723a4c63f0d23ccf1d5daee8c95859e1

SHA1
b757b54c15e338d327d707864e46b4e91aa17970

SHA256
8f88924629093bb923b0b52f430127b497a2c9d9e329bdffd4243757667a8ecd

SHA512
195310dfa263658fca0189f9803173d8908fe72720977dfb1b4eaec2d62331c47352ed6339733150373e7dfc357c468e7122b99927e0f59540852ae5e9723d47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe

Filesize
184KB

MD5
d7c77e4340bc6c9a1d793d24f6824c77

SHA1
b6bde7eaccf6ca0eda6d21a949e18fa3f61a46ef

SHA256
e84848051dbfa2326cb11da86572221822160a06c5f91f605b784973dce9565b

SHA512
b03b1ec357f81e09063f195a96c97375c92054671d39be465929db1caf4cfe1c04c226d8f11f7d21713e85c184d4138ac1ca593e5ad49e16b53dc4a75eda3654

Download Submit